August 14, 2012
In my last post, Daniel Garrie began exploring the landscape of cloud computing and several considerations that attorneys should be aware of before putting data in the cloud. In this second post in the series we will look specifically at choosing a data hosting provider, implementation, and security.
Many hosting services exist, so it is important to take the time to compare the services and security offered by each. By turning hosting duties over to a third-party, you lose control over the security of your data, as some or all of those security and protection duties devolve to the hosting company. Not all “clouds” are the same, and you should understand the security parameters and limitations of your particular cloud. This is a time when it is important to read the fine print before hitting the “Accept” button.
The move to the cloud is not always as seamless as many vendors may have you believe. In Los Angeles the city chose to use Google’s cloud service for its municipal operations. Google missed an implementation deadline on the $7 million contract, as it took longer than expected to outfit all local government agencies. An additional concern was brought by the LAPD’s with regards to security concerns around the various Google Apps.
Likewise, if you are storing data in a cloud as part of a complex and sensitive litigation, it is critical that you understand who else is storing data in the cloud, and learn how the system is designed to ensure that the risk of commingling or unauthorized access to the data is negligible.
Often, there are economies of scale in having all e-discovery from all parties in a lawsuit hosted on the same cloud, and accessed by a single service provider. But these benefits will rarely outweigh a security breach that leads to the loss of, or the unintended sharing and commingling of information. Here, counsel might consider retaining an independent technologist to review and assess the cloud’s security protocols and systems to ensure that they are not unnecessarily placing the client’s data at risk.
In Part 3 of this series we will discuss the ability to search your own data that resides in the cloud and what happens in the worst case scenario…