SECURIT Y AND DATA PROTECTION
With news headlines announcing breaches of online
security with stunning regularity, it’s not surprising that
security is perceived as the number one barrier to Cloud
computing’s wider adoption. Yet, according to one
research study, while 78% of business and organization
leaders recognize that security and data privacy are part of
their responsibilities, 22% are unaware this is part of their
One way to bridge this gulf is to enforce a robust
security program that includes strict firewall and access
controls, data encryption, perimeter scanning and
intrusion detection. Best practices involve limiting access
permissions to inside and outside counsel or authorized
personnel involved in the processing, hosting, review and
production of the data. This may also extend to paralegals,
litigation support or e-discovery specialists, as well as
database or system administrators.
STORAGE AND PRIVACY ISSUES
Where the data actually resides can significantly affect
eventual e-discovery, and the physical location of data
storage is fundamental to evaluating Cloud providers.
The first question to ask is whether the Cloud will involve
unique dedicated storage area networks (private cloud)
or shared pools of storage capacity (public cloud) that
may be dispersed to different geographical locations
throughout the world. The latter approach can mean that
a law firm’s client data is shifted to various parts of the
globe at the convenience of the data-hosting provider to
manage their own internal capacity.
While this may benefit a law firm’s client from a capacity-management standpoint, it may also expose them to
needless liability due to previously unknown copies of
data. That, in turn, can compromise the client’s ability
to adhere to data privacy laws, respond to e-discovery
requests or orders to produce ESI within the client’s
possession, custody or control.
1 Peter Mell and Tim Grace, NIS T Definition of Cloud Computing
(2009), v15, http://csrc.nist.gov/groups/SNS/Cloud-computing/
SPONSORED SEC TION
3 CLOUD SERVICE MODELS AT A GLANCE
• Cloud Software as a Service (SaaS).
The capability to use the provider’s
applications running on a Cloud
• Cloud Platform as a Service (PaaS).
The capability to deploy end-user-created or acquired applications using
programming languages and tools
supported by the provider.
• Cloud Infrastructure as a Service (IaaS).
The capability to provision processing,
storage, networks, and other fundamental
computing resources where the end user is
able to deploy and run arbitrary software,
which can include operating systems and
DATA INTEGRIT Y
Once data security and storage are addressed, Cloud
computing must then be viewed from the perspective of
data integrity – the identification, preservation, collection
and destruction of the data itself. These discussions often
begin with the underlying source of the electronically
stored information (ESI).
At times, this ESI will be viewed through the lens of
more traditional or well-understood forms, such as
email and e-files stored on the company’s servers, file
shares, laptops or mass storage devices. But ESI can
also refer to Cloud data storage, SaaS applications,
Cloud email, social media, personal mobile devices
and other systems hosted by the Cloud provider. It is
important to remember that Cloud data sources will be
viewed as identical to client data during e-discovery,
regardless of the fact that the data is stored on third-party systems.