Cloud Security and Encryption 101
By Jack Newton
What Is Cloud Computing?
Cloud computing is one of the hottest technology trends to emerge in the last decade. The concept of cloud computing is that software, rather than being installed and hosted on your own computer, will be hosted online and delivered to your via your web browser. While cloud computing is a relatively new term, it’s a concept that’s been around for a long time, and you’re likely already using cloud computing in some fashion, whether it’s via web-based email like Gmail or Hotmail, or through your online banking provider.
Benefits of Cloud Computing
The benefits of moving traditional desktop- and server-based applications to the cloud are numerous for firms of all sizes. Cloud-based services typically eliminate large up-front licensing and server costs, offer drastically reduced consulting and installation fees, and do away with the “upgrade treadmill” typically associated with traditional desktop- and server-based software. Cloud-based services also typically are accessible anywhere, easy to use, and compatibile with both Windows and Mac OS X.
Aside from IT-related benefits, cloud computing offers the freedom to get your work done anywhere. You'll be able to provide responsive, professional service to your clients on a schedule that works for you, regardless of your location. Cloud computing services can typically be accessed from any computer with an Internet connection, and often provide mobile versions that can be used on devices such as the iPhone, iPad, and BlackBerry.
The Cloud Computing Security Chain
While the benefits of cloud computing are numerous, important security- and ethics-related issues need to be considered, especially in a law-firm setting. Because a third party will be entrusted with potentially confidential client data, proper security and encryption measures should be implemented.
There are links in the cloud computing security chain: server security, connection security, and client security. As is always the case, cloud computing security is only as strong as the weakest link, and ensuring both you and your cloud computing provider are adhering to the following guidelines will help ensure confidential data stays that way.
The server security implemented by your cloud computing provider protects your data against hackers and other threats. Although it is hard for the average web user to assess a cloud-based provider’s server security, there are services from companies such as McAfee that perform regular security audits on software as a service (SaaS) providers to ensure server security. Ask for evidence of regular third-party security audits, be it from McAfee or another provider, before entrusting your data to a cloud-based provider.
One important component of the security equation is encryption. Secure sockets layer (SSL) is an industry-standard encryption technology that enables secure online banking and e-commerce. SSL ensures all communications between your computer (the client) and the cloud-based server are encrypted and protected from interception. SSL is an extremely powerful technology, as it allows for completely secure communications even over public, untrusted networks, such as a public Wi-Fi connection.
Each web browser uses a variant of a “lock” icon to indicate a website it using an SSL connection—look for it prior to inputting any confidential data into a website.
In networking terminology the “client” refers to the actual computer—whether it is a desktop, laptop, or handheld device—that a cloud application is being accessed from. This is the final—and often overlooked—piece of the cloud computing security puzzle.
Cloud computing doesn’t obviate the need to ensure your desktop or laptop is properly secured with a firewall, antivirus protection, and the latest security updates for your operating system and web browser. For Windows users, Google Pack offers free antivirus, antispyware, and Google’s own web browser, Chrome.
To ensure data stored on your desktop or laptop remains private even if it’s stolen, you may want to look at installing TrueCrypt, a free tool that will encrypt the entire contents of your hard drive.
Finally, client security also encompasses password security. The best SSL encryption and server security can all be undone by the choice of a weak password. Be sure to choose a secure password for any website you’re using, and try to avoid using a given password for more than one website. A free password generator and manager is PasswordSafe.
Putting Your Practice on Cloud Nine
The best practices for cloud computing security outlined above, when properly implemented, represent one of the most secure ways to store a law practices’ confidential client data. “The cloud” presents firms of all sizes with a compelling method of reducing IT costs and overhead while increasing efficiency, security, easy-of-access, mobility, and convenience.
Jack Newton is co-founder and President of Clio, a leading provider of cloud-based practice management software. Jack holds an M.Sc. in Computer and holds three software-related patents in the United States and EU. He has also spoken at CLE seminars across the US about how cloud computing can help law practices run more effectively and efficiently. Jack can be reached at firstname.lastname@example.org. Clio is a sponsor of the GPSSF Division of the American Bar Association.
© Copyright 2011, American Bar Association.