From the Technology Law Team
The concept of cloud computing has been around since the 1990s, but most of us probably first heard of it in more recent years. So while it’s not quite ‘old tech’, it’s still new enough that moving into the cloud may raise some concerns with the more security conscious among us. There are however, huge benefits of moving your workspace into the cloud. It really does make IT simple.
What is ‘The Cloud’?
The cloud is a shared space for storing and accessing data and resources. It allows you to keep your data in a system that is likely to be more secure, efficient and fool-proof than one you would maintain yourself. It allows users to access a shared pool of resources, including networks, storage and applications with minimal service provider contact. There are countless different cloud storage models and many are built to meet users’ specific needs. Basic types of cloud storage models are:
Private Cloud: Infrastructure is used exclusively by a single organisation; a solution that many small to medium sized businesses are using to increase functionality while reducing IT costs by not hosting or maintaining their systems in-house.
Community Cloud: Infrastructure is shared between a number of organisations with common goals or concerns (usually relating to functionality, security or compliance). In this type of cloud, the costs are spread over the community, making it more economical than a private cloud.
Public Cloud: Infrastructure is available over a network that is open for public use. Public clouds may be offered as a free service to users (i.e. Google) or as a paid subscription (i.e. Microsoft). A public cloud has higher security risks that are not necessarily in the cloud infrastructure itself, but in the access to it, which is generally via the internet rather than a private network.
Benefits of the Cloud
There are many benefits to an individual or organisation choosing to use a cloud system over a traditional network. A good cloud solution makes your IT needs very simple – something we’re fans of. Clouds can be easily hosted by a third party, thus reducing your running costs and your need for technical expertise and frequent hardware upgrades. The cloud offers greater economies of scale, reliable backup and storage, greater flexibility of storage capacity, better quality of service and reduced risk of losing files in a disaster scenario.
Risks of the Cloud
The biggest risk of using cloud storage is data security. Many industries are bound by the Privacy Act 1993 when it comes to the storage and use of client information. Lawyers, under both the Privacy Act 1993 and the Lawyers and Conveyancers Act 2006, are required to hold in strict confidence, all information concerning a client’s business and affairs.
Data being accidentally leaked or purposely hacked is usually the biggest concern an organisation has when shifting information to the cloud. Instances of confidentiality breaches (especially in the public sector) are usually major headlines, causing embarrassment to the organisation responsible for the data, even if their data was cloud based and hosted by a third party.
Anyone looking to move into the cloud should do their due diligence on any potential third party providers as they will have access to your client’s information. They should be able to prove that they will not access this information unlawfully or even go so far as to sell your data. Some provider agreements will specify that the owner of the cloud is also the owner of all the data held within it and so your organisation needs to decide if this is acceptable or not.
Data sovereignty is also a common concern for many cloud users. Data stored in an overseas cloud is subject to the laws of that country, not the country the data originated in. Cloud providers need to have the trust of their clients in this regard and ensure that the data is stored where they say it is, or that the laws of the country in which it is stored are satisfactory.
How do I make sure my Cloud is safe?
Firstly, if you’re using a private or community cloud, you should be doing your due diligence by ensuring that you choose a provider you can trust, who is open about their data storage and access policies. Their ability to meet your specific needs is another important consideration, as many companies or industries have specific software and security requirements. Your provider should agree a Service Level Agreement (SLA) with you, which should cover acceptable service levels and remedies for non-compliance.
Constantly changing technology makes it nearly impossible to protect yourself against every emerging risk. However, enlisting the services of a professional to provide cloud based IT solutions can be an excellent way to mitigate this risk – so long as you find someone you trust and who can prove they will provide the best solution for you.
Are you ready to get your head out of the clouds but your information in the cloud? Get in touch today for expert legal advice on 04 970 3600 or firstname.lastname@example.org