Security in the Cloud – Cloud Computing Pitfalls and Security Risks

Cloud computing has become increasingly popular in recent years, especially since many IT experts hold the opinion that storing information in the cloud is the future of managing and processing large amounts of data. However, not all clouds are “created equal” and legal professionals must exercise caution when choosing a cloud provider due to the extra security complications and vulnerabilities associated with the cloud. Before corporate counsel and law firms subscribe to using cloud storage, important legal concerns and security pitfalls must be delineated.

Security Risks Associated With Sensitive Data

Before placing client information in the cloud, legal professionals should ask providers what systems are in place to ensure the information will be kept secure. In cloud computing, sensitive information is stored like other non-sensitive information on large “storage farms.” Legal professionals must also determine whether a certain provider complies with applicable privacy laws regarding sensitive or private information, as not all cloud providers are privy to the laws of certain jurisdictions. For instance, a provider in the United Kingdom is not subject to the same privacy laws to which a provider in the United States is subject. Some of this sensitive data may include personally identifiable information such as social security numbers, credit card numbers, driver’s license numbers and medical information. Ultimately, it is important to fully understand how sensitive data is stored and whether private information is adequately protected.

Along the same vein, though the cloud offers stringent security standards, there is always the potential that hackers or viruses will take control of the stored information. Likewise, data stored in the cloud may be easily manipulated if proper safeguards are not put in place. For example, legal professionals should determine if there are security measures in place that would backup the original information placed in the cloud if the information becomes lost, altered or stolen. This backup copy or image of the original information stored will help alleviate security concerns that arise based on the easy manipulation of cloud-based data.

Another security concern is the potential for data to be shared inadvertently with host providers, administrators or other cloud customers. Significant security risks arise when customers do nothing to avail themselves of how and where information is stored prior to submitting their information into the amorphous magnitude of the cloud. Thus, if the data is particularly sensitive, it is crucial to understand who has access to the data, which requires knowing where the data is stored. Although it may be impossible to identify the exact storage site (since the data may be in one place or scattered in various locations), it is important to determine if the information is stored outside of a particular jurisdiction. The undefined nature of cloud storage certainly complicates a customer’s ability to make sure there is not an accidental file sharing of information.

How to Improve Security

There are a few simple steps that legal professionals can take to help strengthen security in the cloud. First, it is imperative to frequently change passwords and encrypt information to the greatest extent possible. Second, because information has the potential to be exposed in the cloud as a result of security breaches, legal professionals should consider hiring independent, third-party auditors to review files periodically, which would help reduce the potential for data breaches or file sharing.

Before choosing a cloud service provider, legal professionals should research the provider’s reputation and understand what services they offer if calamity occurs. Some cloud providers have had multiple “system downs.” When a system down occurs, access to the information is denied. During this period, there is the added risk that the information might be exposed. By researching the integrity of the provider’s system capabilities, or if previous security breach issues have occurred, legal professionals can better gauge security standards that are in place for their data privacy.

Legal professionals should also investigate the financial circumstances surrounding their provider. With most companies tightening their belts to save money, security issues can arise if there are storage shortcuts. If a cloud provider is having trouble staying afloat financially, legal professionals would likely not want to invest time or money storing information in their cloud system. Furthermore, with certain companies facing mergers and acquisitions, or bankruptcies, security issues can arise if the format in which the data is saved changes as a result of company transformations. Since cloud computing is still considered a new environment to store information, it is important to have a trustworthy provider.


As security in the cloud becomes a more pressing topic in the legal community, legal professionals should focus on what they can do to improve security if they plan to store information in the cloud. It is important scrutinize where data is stored, what happens if the storage center changes and what recovery systems are in place. Regardless of whether a party anticipates litigation, is engaging in discovery or is seeking appeal, lawyers should run a cost-benefit analysis of how quickly they want to locate information stored in the cloud, the cost to recover the data and the resulting security risks. Because legal defensibility is a primary consideration when seeking alternative storage solutions, it is important to proactively implement a checklist of security practices before committing to storing information in the cloud.