Photo by Carl Wycoff (Flickr/Creative Commons)

Security Concerns about the Cloud Still Linger, Survey Finds

Even as smartphones and paper thin laptops make it easier to work remotely, many lawyers still consider using cloud-based applications too dangerous.

A recent survey found that about two-thirds, 62 percent, of legal professionals polled were “concerned” or “very concerned” about the security risks of using cloud-based applications. Only 2 percent said they were “not concerned at all.”

That survey, conducted during the Legaltech New York conference in early February by Washington, D.C.-based e-Discovery and consulting company Consilio, polled 148 legal technology professionals.

Amy Harvey, practice innovations analyst at Chapman and Cutler, said many of her firm’s clients are concerned about cloud security.

“A lot of clients are highly skeptical of the cloud,” said Harvey, adding that the firm must comply if a client’s outside counsel guidelines prohibit it.

She said the firm handles each instance on a case-by-basis, and it varies depending on who the cloud provider is that is storing the data.

The survey found that respondents were concerned about a number of specific risks:

  • 64 percent cited the inadvertent disclosure of data.
  • 39 percent cited theft of intellectual property.
  • 26 percent cited regulatory compliance failures.
  • 25 percent cited the inability to adequately identify relevant data for eDiscovery.
  • 21 percent cited service outages.

Dan Carmel, chief marketing officer for iManage, a work product company that offers cloud-based solutions, told Big Law Business that some of these fears are misplaced: Storing information on a cloud-based application isn’t inherently more risky than on-site storage, said Carmel.

“It is not where your information is housed, it is how it is managed” that determines the threat level, he said.

The greatest security risk occurs when phishing attacks and similar techniques persuade legitimate users to reveal passwords or inadvertently provide access to unauthorized third-parties, said Carmel.

He also pointed to another finding in the survey that as a far greater risk: Roughly 29 percent of respondents said their organization “rarely” or “never” actively addresses issues associated with Shadow IT, a term for hardware or software that is not supported or administered by an entity’s information technology department.

“Shadow IT is a different issue and a very real concern,” said Carmel, who added that employees who are not provided with modern, easy to use systems will revert to their own shadow systems.

John Loveland, managing director of Consilio, said managers may not be aware of the extent to which unsanctioned IT is being used, particularly with cloud-based applications.

Regarding e-Discovery, Loveland said that the growing use of unsanctioned cloud-based applications is making it more difficult to track all storage locations. According to Loveland, as such potential data sources “increase dramatically,” so does the risk of inadequate identification of data and “inadvertent spoliation” of evidence.

Gabe Friedman contributed to this article.