The partner was hoping to be able to tell his fellow attorneys that the firm doesn’t approve of consumer cloud storage for client related information, however, if you are going to use a consumer solution for “personal information” we recommend provider X. My pessimistic report made even that a difficult statement. Still hoping to salvage something from this conversation he asked a follow-up question.
“Do any of these services provide anything close to the level of security we have in email?”
Had I sipped my coffee a second earlier I surely would have showered my office with stale joe.
“Excuse me”, I said, “Could you ask that again?”
“Attorneys send client confidential information all the time via email, so do any of these services come close to meeting the standards for email security?”
That’s what I thought he meant. I broke the news to him slowly, explaining it this way. “I wouldn’t put anything in consumer cloud storage that I wouldn’t leave in a file folder on the front seat of my locked car. But, I wouldn’t put anything in an email that I wouldn’t write on the back of a postcard and hand to a stranger on the street to mail for me. The least secure of these consumer cloud storage solutions is many, many times more secure than a standard unencrypted email. In fact, some of them have much better security protocols than your average law firm.”
The partner was flummoxed. “Then what’s the big deal about this cloud thing?”
I was reminded of this incident when I attended the ILTA conference a couple of weeks ago. In the vendor hall I saw a lot of vendors pushing their cloud-based SaaS solutions and a lot of firms saying, “Sorry, we have to host all of our own data.” Typically the vendor went on to explain the value of allowing them to host the data. The product is constantly monitored, backed up, and securely encrypted in transit and at rest. The product and mobile apps are updated multiple times a day. They simply can’t provide such a high level of service if you insist on hosting the product behind your firewall.
Once that happens law firms will look back on all of the sturm und drang surrounding the Cloud, Software as a Service, and the Consumerization of IT, and they’ll wonder what all the fuss was about. They’ll probably also wonder what all those nice people who used to run their network are doing now.