Is cloud computing really less secure than the status quo?
This week’s Daily Record column is entitled “Is cloud computing really less secure than the status quo?”
Is cloud computing really less secure than the status quo?Cloud computing, defined at Webopedia.com as the “sharing [of] computing resources rather than having local servers or personal devices to handle applications,” is a buzzword that has many lawyers up in arms.
Examples of cloud computing used by many lawyers and their clients on a regular basis include Gmail and other Web-based e-mail services. Many platforms and services available to attorneys for use in their law practice that are cloud computing-based include practice management and document management software.
Cloud computing critics decry the trend of using cloud computing services in law practices. One of the main criticisms is that cloud computing may result in the loss or disclosure of confidential client data. Such concerns certainly are valid, and most certainly there are a number of issues that need to be addressed.
I would argue the security risks posed by cloud computing platforms are far less than the systems currently in place in most U.S. law offices. If the majority of law offices began using cloud computing services in their practice, client data would be far more secure than it is now.
Despite coverage in the mainstream media suggesting otherwise, the vast majority of lawyers are solo practitioners. According to a 2006 report issued by the New York State Commission to Examine Solo and Small Firm Practice, more than 83 percent of New York attorneys are solo practitioners; 14.7 percent work in offices of between two and nine attorneys, and only 1.8 percent of attorneys work in large firms with 10 or more attorneys (See http://www.nycourts.gov/ip/solosmallfirmpractice/index.shtml.)
In other words, nearly 95 percent of New York lawyers work in very small law offices. The vast majority of those small firms don’t have IT support on staff, and most lawyers in those firms don’t know the first thing about computers.
Undoubtedly those attorneys continue to use systems and software from the late 1990s —at least, that’s the case in many law offices I’ve visited. Their anti-virus software is antiquated and their practice management software, if they even have it, has never been updated because most attorneys are too busy practicing law to bother with that “computer stuff.” Many don’t understand the importance of updating software and the security issues created when security patches are not installed.
For the vast majority lawyers, as long as their computers are basically functional, it’s business as usual because, as we all know, if it ain’t broke, don’t fix it.
I would argue these law offices —like the vast majority throughout the country —are walking security hazards. Anyone with minimal computer skills and a passing interest in hacking into a law office’s computer system could do so in a heartbeat.
Cloud computing providers are newcomers to the legal software market. Their products aren’t perfect, but they are responding quickly to concerns raised regarding security and other issues. The cloud computing providers that offer software services host the software and data at extremely secure facilities with high levels of bank-grade encryption and update their programs automatically. The attorneys using the services no longer need to worry about these issues and are, in my opinion, in far better shape security-wise than they were before they began using cloud computing services.
Discounting the technologies by using scare tactics and rhetoric is short-sighted and harms the profession in the long run. Cloud computing technology providers are receptive to feedback and continuously adapt their products to meet critics’ legitimate concerns. While the technologies may not be perfect, they are improving rapidly and are a much better alternative to the current computing status quo at most law offices.