- Handing over your data to a cloud service provider is like giving your gold bars - and your client's gold bars - to the bank - but banks are regulated, cloud service providers are not. When banks are not regulated, we know what happens. You need assurance, that can only come from due diligence, adherence to standards, contractual obligations, track record and a back-up, back-out roadmap.
- Chaos in the cloud - uploading your unstructured, decentralized, poorly catalogued and over-retained data to the cloud does not solve anything
- Cost savings are there if volume of data is kept reasonable- that's why retention and ERMS are key to a successful migration
- Cloud apps must be litigation ready and at the same time comply with legal retention and audit trail requirements
- Good contract as well as policies and procedures, regular audits must be in place if outsourced cloud re ownership (custodianship and control), privacy, security, backup and back out, as well as geography and cross border issues
- Need a good checklist for cloud contracting!! E.g., to list just a few:
- Security (access control etc. - the whole gamut e.g. standards compliance!! ISO 27002)
- Management tools
- Monitoring tools
- Service level agreement
- Disaster recovery/business continuity
- For many companies including law firms, it isn't just how to protect your own corporate info, it is how to protect and handle your client or customer info. This is where privacy concerns and privilege considerations are superadded, and possibly more onerous. (Also - is the government your client? Additional rules may apply re classification of data and data transfer.)
- The cloud also introduces security issues in respect of remote wired and wireless connections (from home, and mobile) and how end users handle access outside of the traditional VPN WAN architecture.
- With iPads and smartphone devices proliferating, and many thousands of available apps, the whole world of mobile cloud is creating security and acceptable use policy wholesale reconsideration.