Cloud Is Different

The National Institute for Standards and Technology (NIST) defines cloud computing as “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resourcesthat can be rapidly provisioned and released with minimal management effort or service provider interaction.” In laypersons’ terms, the cloud is a model of computing that utilizes shared computer processing and storage resources, usually provided by a third party, which are accessible via the internet on demand from anywhere; examples to many consumers include Dropbox, Gmail and Apple’s iCloud. Convenience, ubiquity, and on-demand availability and scalability are built in to the very concept. While this is, generally speaking, a feature rather than a bug—and no doubt has contributed to the rise of the cloud as a standard approach to business computing—it carries with it certain risks that are new or heightened in the cloud age.

The most concerning of these dangers from a compliance and risk-mitigation perspective stem from the facts that: unsophisticated individuals, including employees and staff of a law firm or its client, can put data in the cloud completely unbeknownst to those in the organization with responsibility for managing information related risk; and using a cloud services provider can create the temptation to let down one’s guard, believing that the third-party provider is handling the “hard stuff,” including data security and compliance.

This article was originally published by The Legal Intelligencer. Click here to continue reading.