Moving to the Cloud to Improve Security, Reduce Risk, and Expand Your Practice
By Ellen Blanchard
Ellen Blanchard (firstname.lastname@example.org) is the associate general counsel and director of eDiscovery consulting for Evolver Incorporated (www.evolverinc.com). As the director of eDiscovery consulting at Evolver, Ms. Blanchard brings deep knowledge of the intersection of litigation, massive data volumes, and assisted review technologies. Ellen regularly works with clients from a wide variety of industries including telecommunications, financial services, airlines, healthcare, agriculture and petrochemical, to help them assess, select and implement enterprise technology to support their legal and compliance needs. Prior to joining Evolver, Ms. Blanchard was an associate at Boies, Schiller & Flexner LLP, where she represented several Fortune 50 companies in a variety of complex litigation matters.
The most common question that arises when attorneys discuss moving either their data or feisty applications into the cloud is, "What is the risk that client confidentiality will be compromised?" In this article, we consider whether that question might be more appropriate when firms choose to keep client data on their own networks. Much has been written recently about law firms’ client data repositories, especially their litigation discovery and due diligence repositories, as potential targets for cyber criminals looking to steal company secrets. As early as 2009, publications and blogs were alight with information about an FBI warning about hackers targeting law firm networks.1 In her speech at Legal Tech in 2013, FBI computer security expert Mary Gilligan warned, "We have hundreds of law firms that we see increasingly being targeted by hackers."2
How would your network withstand advanced cyberattacks? Do you have the personnel and the budget to implement, monitor, and test firewalls and intrusion detection systems? Will you be able to encrypt data on your network without degrading performance? Can you afford to shut down your system for days or weeks while you mitigate an attack? If not, you might find that outsourcing the more sensitive portions of your infrastructure to a company that focuses on data and its security is a wise choice.