Posts on the Topic: ‘Cloud Computing’
Safeguarding Your Company
The release of iCloud and the massive number of migrations even in the first few weeks has pulled cloud computing into the mainstream. The time to weigh the pros and cons of using cloud computing is over! Like it or not tens of millions of employees have already brought company data into a virtualized environment, so now what?
To stave off some of the negative impact of the personal cloud migration, companies need to proactively address cloud computing instead of debating about its use. The personal cloud adds another dimension to the already convoluted aspect of duty to preserve, and without any firm ruling or revision the Federal Rules of Civil Procedure the potential cost associated with e-discovery will continue to climb. When drafting the legal hold or going to a 26(f) meet and confer attorneys need to consider the personal cloud when evaluating data collection and preservation. Be sure that your litigation hold protocol covers personal cloud computing, syncing, and automatic backup. Revise your policy if need be and ensure that it works with testing.
Impact on Pre-Discovery Fact-Driven Case Analysis
When collecting and searching for data from custodians be sure to determine if they are using iCloud or any similar personal cloud and extend the collection to include personal devices if the custodian has been synching work email and documents in their personal cloud. Whether drafting or answering a discovery request be aware that potentially responsive ESI should includes personal cloud computing if work and personal information has been backed up in the iCloud. And although discovery requests seek information in the possession, custody, or control of the relevant custodian, be sure to specify that this extends to all sources of ESI for potentially responsive data including that synched in a personal cloud and talk about all these ESI sources in your Rule 26(f) conferences.
From an information governance standpoint, clearly define company policy on using personal devices for work related matters and re-evaluate existing policies if they are not in line with the risk profile of your company. Consider drafting specific policy on migration or personal devices with access to company email or documents and/or policy on co-mingling of work information on personal devices may serve to reign in data sprawl and mitigate exposure to external threats as well.
In terms of cloud computing, the future is now. As legal professionals and e-discovery practitioners we have to accept that personal cloud computing is more and more a reality and address the risks that result. Going into a case with an electronic discovery component be as inclusive as possible when evaluating potential sources although prudent in the actual collection. Non linear review techniques, (predictive analytics, AI, advanced ECA) all can help in controlling the likely glut of information that this new vector of ESI will create. As an e-discovery practitioner or legal professional be aware that although your company or clients may not have adopted cloud computing at an enterprise level there is a great likelihood that one or many custodians may have on an individual level and prepare accordingly.
Part 2 of 3
Read Part 1
Risk Factors with iCloud
Individuals migrating to the iCloud have brought their employers along for the ride; Fortune 500 companies and the government can no longer simply weigh the pros and cons of entering the cloud at an enterprise level because countless employee personal devices have already introduced company data into a virtualized environment. Many of the concerns that generally surround cloud migration have been amplified with the mainstream adoption of cloud computing (Data Security, Data Sovereignty, preservation scale) and some new implications have been added to the mix. From the standpoint of an e-discovery practitioner there are several key concerns; where is the data and what is the duty to preserve, how is the company’s data safeguarded within the cloud, how is data collected in a timely manner from the cloud and how should one address the likelihood of some or all custodians having a personal cloud.
With the possibility that hundreds or thousands of Employees at most major companies will have synched their personal devices with the iCloud, many of the risks associated with cloud computing are amplified. The onus of who provides security is shifting now from company safeguards to what ever safeguards are provided by the third party cloud provider, and as a result the company’s security controls for data exfiltration are no longer adequate. If the account is compromised there is no need to steal the device because they are all linked via the cloud. There is also a risk point that neither a company nor the cloud provider can control the wireless transfer of my data into the cloud.
The iCloud has added another wrinkle to the cloud computing conundrum, a single Apple ID and password controls access across all synched devices. This amplifies the risk of a breach because there is no second layer of protection (duel factor authentication); if the password combination is compromised then data across all devices both personal and work related is susceptible to intrusion and in the event of a compromised device or password, data can be manipulated from a single device. Data security is inversely proportional to access and this new personal cloud model raises accessibility to the next level.
Part 1 of 3
Fortune 500 companies and the government can no longer simply weigh the pros and cons of entering the cloud at an enterprise level because countless employee personal devices have already introduced company data into a virtualized environment. With the October 12th release of Apple’s iOS5 and the iCloud we have officially entered the brave new world of personal cloud computing where it is now mainstream for an individual’s data seamlessly and automatically to synch between their PC, Mac, iPad, iPhone and iPod in a virtualized environment.
Work & Personal Data Lines Continue to Blur
The iCloud is notable not for being a novel concept, but for introducing cloud services to users who have never considered personal cloud or online productivity services in the past. It has fundamentally shifted the concept of cloud computing from an enterprise level solution to a personal one; work and personal information are seamlessly accessible across all devices. It has also taken the decision of whether or not to enter the cloud out of the hands of the corporations, law firms and government entities that these individuals work for. In the personal cloud world, companies and firms need to proactively implement information governance and e-discovery protocols and workflows to address the reality that their data is likely at least partially in a third parties’ virtualized environment as of October 12.
Apple Changes the Technology Landscape… Again
Apple is by no means the first entrant into the cloud market; Dropbox, Amazon’s anticipated Silk, Opera, and Chrome OS all offer the same cross devise synching and overall functionality. The difference is that iCloud has succeeded in bringing the Cloud into the mainstream with an interface and automated solution that your grandparents or children can use. Apple’s iCloud, as with social media before it, has drawn corporations and the government into a new arena with implications that extend to e-discovery, data security and data preservation. This piece analyzes the scale and application of iCloud, the risks associated with making cloud computing mainstream and steps that you can take to safeguard your organization and your data.
While registering for next week’s Masters Conference, I was struck by the number of panels related to the Cloud and data security, many addressing the same questions and concerns raised last year and the year before. It seems that one cannot open a legal news site or a blog with out the concept of the Cloud popping up a half dozen times and in a half dozen different contexts. Today, many people do not have a clear understanding of the solutions offered by the Cloud nor the size and scale of risk associated with migrating core business functions into it.
As was the case with predictive analytics and machine learning, operating in the Cloud is not as new or as frightening of a concept as many would have you believe. The true danger lies in the ambiguity and hype surrounding it! To give our readers a complete perspective of cloud computing, I’ve created a downloadable primer: “Demystifying the Enigma that is Cloud Computing“.
- Detailed overview of Cloud use models
- Size and scale of risk associated with the Cloud
- Cloud delivery options and methods
- Common obstacles in Cloud projects
- Considerations for migration
The continuing confusion surrounding the cloud begs the question: How does Cloud computing affect those in Legal? What particular issues or concerns arise from utilizing the Cloud in litigation? Stay tuned for more answers next week as I attend the Masters Conference and tweet what I’m sure will be insightful tidbits from the many expert presenters. The conference hashtag is
Follow us on Twitter: