5 minute read
An Analysis of the Law Society of South Australia’s Cloud Computing Guidelines: Data Security
MARK FERRARETTO, SOLICITOR, EZRA LEGAL
This is the third of five articles that analyse the Law Society’s Cloud Computing Guidelines against candidate cloud systems and on-premises systems. My thesis is that the caution expressed in the Guidelines should be applied as much to on-premises systems as cloud systems to obtain the best risk profile for a practice’s information systems.
Advertisement
In this article we discuss data security.
Data Security
This is where cloud services really shine. Ironically this is also the area which is usually of the greatest concern.
The question to ask is whether a practitioner would prefer to delegate the security of their data to a provider with extensive resources dedicated to the maintenance of data security and the detection and resolution of security incidents, or to manage data security themselves, either directly or via an IT provider, neither of whom is likely to be a cybersecurity specialist.
The resources and skills required to detect and protect against security intrusions is way beyond the capabilities of most IT providers. Cybersecurity has evolved to its own discipline and there exist businesses that specialise in cybersecurity management, most of whom are not engaged by legal practitioners to manage their IT infrastructure.
Detecting an intrusion is itself very difficult. If an intrusion remains undetected, as many are, an intruder could usually remain, or ‘dwell’, in a compromised system for many many months.1
Cloud services encrypt data at rest (when it is stored) and in transit (when it is sent to a computer to use). Cloud providers usually have robust systems in place to ensure the keys used to decrypt data are not easily accessible.
Apart from Actionstep, all the service providers analysed for this paper encrypt data at rest and in transit. Actionstep does not encrypt data at rest by default but it can be requested.
It is true that cloud services provide an easier target for intruders. However, this is offset by the increased security resources dedicated to detecting and mitigating this risk.
On-premises data is almost always not encrypted, particularly on practice management servers and file servers. On-premises backups are also usually not encrypted and may not be stored in a secure location.
An intrusion into an on-premises system carries significant risk of going undetected, and the intruder is likely to have access to unencrypted client information for an extended period of time.
Verdict
In my view, cloud services do data security much better than on-premises services. Although cloud might be an easier target, this risk is in my opinion more than offset by the much higher level of cybersecurity skills present inside cloud firms (or at least the candidate firms discussed) than what exists in the onpremises context.
Data security is a comprehensive win for cloud in my view.
In the next article we discuss data resilience. B
Table 3 Data Security
ENCRYPTION AT REST ENCRYPTION IN TRANSIT
Dropbox Yes Yes
Dropbox Business Yes Yes
Google Workspace Yes Yes EFFECT OF TERMINATION CHANGE OF CONTROL Will notify and give opportunity to export data
Provision to export data after termination Will notify and ‘outline your choices’
Not specified
Access to data ceases on termination Will give notice
Microsoft 365 Yes Yes Not specified Not specified
LEAP Yes Yes
Actionstep
Optional, on request Yes Data retained but inaccessible Not specified
Delete data 30 days after termination Not specified
On Premises No No N/A N/A
Endnotes 1 See eg: ‘Asia-Pacific Lags in Dwell Time,
Study Reveals’, Security Intelligence <https:// securityintelligence.com/news/asia-pacific-lagsin-dwell-time-study-reveals/>.
Integrating Document Management: A Multi-faceted Growth Strategy
To attract the most impressive talent, legal firms – among others – are pushed to come up with innovative solutions, such as offering employees the level of flexibility they became used to during the pandemic.
Day-to-day, that means the staff at legal firms are increasingly spending at least part of the week working from home or outside the office, and this brings about challenges of its own.
Digitising your workplace for a mobile workforce is not so much an option but a requirement. With so much paper to control in your business, both in the business and from clients, it is difficult to make sure your whole office is with you when you are working from home.
The good news is that it’s available. Digitisation solutions from Canon that integrate with your line of business systems such as (LEAP, LexisNexis, Affinity, FilePro, Practice Evolve, Alite and Aderant) can improve productivity and accessibility for your staff. Keep your documents secure and accessible with Canon’s secured digitisation solutions to store the records in the right matters. Legal firms that take advantage of these systems work in an integrated digital environment where teams are empowered to boost productivity – whether they’re working from the front office, the back office, home office or even court.
By integrating hardware with stateof-the-art like the uniFLOW software, these firms are equipping their teams with instant access to up-to-date documents when they need them. Furthermore, they enable teams to update documents as matters evolve with accuracy so clients can be kept in-the-loop in real-time.
At times like these, when every dollar counts – both to the firm and your clients – firms that invest in digitisation solutions are also lowering costs by reducing the need for administrative staff to be involved in long paper-based processes. Importantly, they benefit from automated audit trails that enable jobs to be automatically assigned and precisely charged to cost centres. For more information on how Canon can help your firm, contact Gary Bennetts | gary.bennetts@sales. canon.com.au Canon Authorised Agent SCAN QR CODE TO LEARN MORE or visit to https://www.canon.com.au/ business/legal-solutions B
We Are Forensic Experts In
Delta V Experts
• Engineering Analysis & Reconstruction • Traffic Crashes & Road Safety • Workplace or Mining Incidents • Reporting & Experts Court Testimony • Failure Analysis & Safety Solutions • Physical, Crash, Incident & Vehicle
Dynamic Handling Testing
DELTA-V EXPERTS
• Clarifies the facts in a situation • Scientifically substantiates the evidence • Strengthens your communication • Diverse experience and expertise
