When I speak to lawyers about cloud computing, I still often get the question "But how do I know who is holding my client's information and whether I can trust them?" Generally speaking I tell them there are contractual safeguards so that they should read those providers of the provider agreement closely. I also note that many of the cloud-based practice management services were founded by lawyers and they all should have security and client confidentiality as critical goals.
This month's Digital Edge podcast is What Lawyers Should Know About Cloud Computing Security Standards. I am personally quite pleased to learn that the Legal Cloud Computing Association has issued guidelines on security standards for these services for legal cloud providers.
We spoke with Clio founder and CEO Jack Newton and Rocket Matter founder and CEO Larry Port about cloud computing and the new cloud security standards for legal professionals released by the Legal Cloud Computing Association. Larry explains what the LCCA is and how it formed out of a need to educate lawyers about what is happening in the cloud. Jack provides some insight into the creation of the security standards, such as terms of service privacy policies and encryption, and states that with these standards as a baseline lawyers will be able to more easily assess if a cloud computing provider is adhering to certain ethical standards. Larry also lists a few factors lawyers should consider, like where the SaaS data center is located, and the four things (vulnerability scans, penetration testing, and aesthetic code and dynamic code reviews) that the standards require in security testing. They both end the interview with an analysis of in-transit and at rest encryption and the benefits and drawbacks of zero knowledge level security.