Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Why legal departments begrudge the cloud

Stacy Collett | June 30, 2016
Legal professionals are by their nature a skeptical and cautious lot, but the sharp rise in cloud-based applications being used by enterprises and law firms, as well as recent high-profile law firm security breaches, has many legal professionals reticent about entering cloud engagements.

That may sound like a lot of cloud use, but in fact, many law firms and legal departments don't even know how many cloud apps are being used. New cloud apps, such as file-sharing tools show up almost monthly even daily, creating a whack-a-mole mentality where IT security staff must shut down unauthorized apps when they pop up.

The average organization uses 1,154 cloud services to upload 5.6 terabytes of data each month, according to cloud-access security broker Skyhigh Networks.

"It's happening too fast," says technologist-turned-attorney David Ray, director of information governance at Consilio, where he leads the privacy and protection consulting practice. Some 20 percent of survey respondents say they "rarely or never address" rogue cloud apps because they don't even know it's there, he adds.

Third-party cloud providers can also slow down incident response planning during data breach investigations, says David Navetta, partner and co-chair of data protection, privacy and cybersecurity at Norton Rose Fulbright US LLP. "You can't do what you would do in your own environment, such as take images of machines and get logs and react quickly. A cloud provider may worry about their own liability or may not want you to take an image of a virtualized machine that could expose all their clients' data."

Then there are the compliance and regulatory requirements that legal counsel must adhere to while employees are sending information to unauthorized cloud apps.

Making a case for the cloud

Cloud apps and services can offer many benefits to legal departments and law firms, Overly says. "You may end up with better security, lower costs and greater accessibility for your attorneys" through mobile apps, he adds. Legal professionals and cloud services can peacefully co-exist if they can find the right balance.

Build a data roadmap

Start by understanding what data you have across the enterprise and how people are using it, Ray says. It can be a costly process to build out that type of data road map, but it will uncover most of the rogue cloud use. Next, let employees know where they can and can't put data - and which cloud services are approved.

Strip identifiers or keep data grounded

Navetta works with clients on de-identification and data minimization strategies in the cloud.

"Can we strip certain identifiers from data and still have it be useful, so if data was breached it wouldn't cause as much of concern or trigger obligations or litigation? We also ask, does something really need to be in the cloud? Can we get the benefits of the cloud while minimizing our risk significantly without undermining [the benefits]?"

Encrypt data before it hits the cloud


Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.