Much has been made in recent times of the benefits that can be derived from cloud computing. In fact the speed of growth in use of “the cloud” has been one of the major factors in the IT industry for most of the last decade. But how safe is cloud computing?

Traditionally a profession that has adopted a cautious approach to new technologies, the legal sector are showing increasing signs of understanding the financial and operational benefits of using the cloud as a resource for managing different types of information. The Solicitors Regulation Authority has highlighted this in recent publications, expressing the view that “Cloud computing is continuing to increase in popularity, with low cost and flexibility the key advantages. Cloud users do not have to maintain their own data storage or multiple site licenses for software. The cloud works out cheaper than direct data and program storage, and permits true mobile working with no need for data sticks or email transmission of files, both of which are key risks for data loss. Email is not inherently secure, while data sticks are easily lost and provide ready systems access for virus programs.”

However, there are of course risks. The SRA also points out that when a cloud-based service is implemented, control of data is effectively handed over to a third party service provider, and the ability of that provider to protect confidential information can represent an area of risk. Careful selection of the cloud system provider can effectively mitigate this risk, as there are very wide variations in the level of security that different companies offer.

Safe4 Information Management have made major investments in ensuring that the security of their customers’ data is given the highest possible priority. This is reflected in the way Safe4 have addressed the issues raised by the SRA. The measures Safe4 have taken include such key areas as ensuring that all data is held in ISO-27001 approved data centres in the UK, confidential information is never transmitted by email, all stored data is encrypted using highly secure ciphers, and that all contractual engagements are undertaken according to English law. Rigorous penetration tests, carried out by independent UK Government-certified agencies, also ensure that any areas of vulnerability caused by new internet threats are addressed as a matter of urgency.

The SRA also points out that “sound cloud computing providers offer better encryption and security than would be possible for a small or medium-sized solicitors’ practice storing its data locally.” Due diligence applied in the selection of the cloud service provider can help to bring the law firm the financial and operational benefits of this highly effective resource while making sure that its stored information is given the maximum protection possible.

The views of the SRA are echoed by the Law Society, which has also published guidance for law firms wishing to use the cloud.

A number of law firms in the UK have for some time been making use of the highly secure document delivery and storage service offered by Safe4 to share confidential information with their clients and other external parties. One law firm in Leeds is now in the process of introducing the use of Safe4 as a direct result of the way the SRA guidance has been interpreted and implemented.

For more information on how using Safe4 can benefit your law firm, please get in touch.  We will be very pleased to assist you.

Ben Martin

 

 

 

Ben Martin is a Director and founder of Safe4 Information Management

The current spate of publicity about how poorly some charities seem to care for the personal information they keep about the donors who support their respective causes is yet another reminder of just how vulnerable organisations are when it comes to keeping customer information safe. After all if you give information to any business and especially to your doctor, your lawyer or your financial adviser you expect it will be kept safely.

The principles on which the very foundation of all businesses enterprises should be built has not changed since we all lived in the fields and we bartered to get what we needed to survive. Harnessing our resources to satisfy the needs and wants of our customers is the bedrock of all economies as all truly successful companies have proven. Yet of all the sectors in our economy the medical, legal and financial sectors are built upon another key driver. They have to deliver absolute client confidentiality because nothing is more private to us as individuals then our health and our wealth.

The General Medical Council, The Law Society and the Solicitors Regulation Authority produce a lot of sensible guidance on best practice for keeping client information safe, cyber security, and use of cloud computing etc. However, like many things in real life we are all spurred into action when something goes wrong, when the company’s system is hacked into or when there is a proven breach of confidentiality rules about which the injured party often complains most noisily.

So, why do we prevaricate about taking such action? Why are we so inclined to believe ‘it will not happen to us’? Well, it is just human nature I suppose, just like the fact that we all know we are going to die but none of us believe it is going to happen today. Many of us do lots of little things to put off that fateful day like take exercise, eat and drink sensibly so, why don’t we do a similar number of little things in our businesses to protect customer information?

The probability is that so much is not done to ensure client confidentiality because we either do not see where the holes are in our respective enterprises, or we do not know what to do – or if we do know what to do – we see it as simply too big and too complicated to handle. The answer has to be we must start somewhere and starting to do a small number of little things is the only way to get to that place where we are absolutely certain that we could not have done more.

So, come on then get in touch with your local information security expert and ask them to advise where you should begin. It may turn out to be a journey of a thousand steps but you have to start somewhere.

Paul D Stallard – Hurndall-Stallard Associates – July 2015

Paul Stallard is an independent corporate communications consultant, and advises clients on matters relating to information security and other business-critical issues.