By Jonathan T. Armiger, Wagner Reese LLP
Any discussion of data security in the cloud-computing era must first start with describing what the “cloud” is and what it can do. For those of you who do not yet know what the cloud is, you are not alone. I love the exchange in the Oscar-nominated 2015 Creed film between Rocky Balboa and Adonis Johnson, the son of Rocky’s late friend and former rival, Apollo Creed. After Rocky shows Adonis some boxing drills on a piece of paper, Adonis takes a picture with his phone and starts walking away—without the paper. Rocky asks him, “Hey don’t you want this?” Adonis holds out his phone and replies, “It’s on this.” Rocky then asks, “What if you lose it?” Adonis replies, “It’s already in the cloud,” and a confused Rocky looks in the sky and says, “What cloud?”
Documents and other information “stored in the cloud” are not literally stored in the sky (though technically they are often transmitted in the sky via satellites), but rather on massive computers, or servers, around the country, and in many cases, the world. For example, companies like Apple, Microsoft, and Amazon, and of course government agencies, have built and are continuing to build huge data centers—warehouses filled and filled with stacks and stacks of servers that store the information. Information uploaded to the cloud from a computer or phone is transmitted from the computer or phone to these data centers, and then the information is often duplicated in whole or in part and stored on servers at other data centers for processing, security and back-up purposes.
In its simplest form, cloud-computing can serve as a digital “thumb drive” to transfer information from one computer to another computer. For example, you can save a document into a folder on your work computer and access that same document in a folder on your home computer. With advances in technology, however, the cloud can now do far more, and new uses are continually being delivered to the masses, for both professional and personal uses. Cloud computing enables individuals and companies to more easily—and simultaneously—access, edit, share, and use digital information, encompassing all sorts of data and data-processing platforms, from documents to photos, audio, video, texts, calls, user-settings, applications and even computers themselves.
Today’s law firms can utilize the cloud in a variety of ways, including in some cases replacing private, on-site servers, for the benefit of employees, vendors, and most importantly, clients. Microsoft’s Office 365 service, for example, includes cloud-based email, calendars, software like Word and Excel, social tools like Skype, logging or note-taking platforms like OneNote, app-development and deployment, web hosting, and of course, storage drives and applications like OneDrive and SharePoint. Cloud-based services are in many cases not only easier to deploy and manage, but they can also be more attractive in terms of cost, flexibility—and yes, even security.
Make no mistake, though, law firms have access to, hold and handle the most confidential of information, and often vast depositories of information, regarding governments, companies, and individuals, including literally every type of confidential information imaginable, from health records to school records, employment records, criminal records, financial records, business records, and government records. Many entities only handle one type of confidential information (e.g., hospitals handling health records or consultant firms handling trade secrets for businesses). Law firms handle it all. Therefore, law firms must carefully consider, implement, manage, audit, and update security measures in deciding whether to use cloud-based services, what services to use, and how to use them. As in life, to whom much has been given much is required.
To learn more about this and related topics, obtain useful resources, keep abreast of current trends and developments, and learn about events where you can meet other Indiana lawyers, visit the website for the Indianapolis Bar Association’s E-Discovery, Information Governance & Cybersecurity Section. Or, better yet, you can join the section here!
If you would like to submit content or write an article for the E-Discovery, Information Governance & Cybersecurity Section page, please email Kara Sikorski at firstname.lastname@example.org.