The Dangers of Cloud Computing

Network

Cloud computing is the system of software deployment in which a vendor licenses an application to customers as an online service. Your data is managed and stored offsite - away from your office, in the "cloud" (the Internet). This model is often called Software as a Service (SaaS). 

Cloud

Gartner security analyst John Pescatore, was recently quoted in the Financial Times as saying: "The security of these cloud-based infrastructure services is like Windows in 1999. It's being widely used and nothing tremendously bad has happened yet. But it's just in early stages of getting exposed to the Internet, and you know bad things are coming."

Dangers of Cloud Computing

  • Liability & Interruptions - If the Internet goes down, you go down.
      • With cloud computing, your entire business relies on your Internet connection. Losing connection for even a brief period of time can be a real problem. No Internet means no web, email and, in many cases, work. 
        • Most Internet Service Providers (ISPs) don't offer a reliability agreement/guarantee and those that do can't actually guarantee that your line will always work, or that it will be fixed immediately.
        • A line fault, ISP maintenance, ISP routing failure, cable damage, power failures at the ISP or exchange can all break your connection - for a short time, hours or longer.
      • Gmail down for 2 hours - On September 2, 2009 the popular free web-based email server, Gmail, went down for two hours, for the second time in 9 months, leaving millions of users unable to access their emails. Even worse, businesses who replaced their traditional software with cloud computed Google Apps were unable to do business as usual during the malfunction. This caused serious problems as companies were unable to provide clients with the services they needed, causing them to lose thousands of dollars in revenue in the 2-hour period alone. Imagine what would have happened if this outage had lasted longer.
      • Later that month, on September 22, 2009, Facebook and Twitter were down due to DoSS - a Denial of Service Attack. This occurs when too many people try and visit the same site at the same time, causing it to crash and not let anyone on. DoSS can't be stopped - there is no way to tell how many people will try to visit one site at a particular time. Sometimes, their visits are malicious, other times innocent.
  • Legal Protection - Legal issues are "cloudy" in the cloud.
      • The government can argue (and win) that putting your data in the cloud:
        • Removes your protections against search and seizure.
        • All expectations of privacy are further removed should your terms of service allow anyone other than yourself or organization to access your data.
  • Disclaimers & Licensing Agreements - The cloud computing service provider is NOT to blame.
          • The largest cloud computing companies currently don't offer the kind of governance, risk, and compliance mandated by regulatory regimes.
          • The customer is responsible for "maintaining the confidentiality, integrity, and availability of data", according to Kristin Lovejoy, director of IBM's security, governance, and risk management division.
          • Alex Stamos, a principal security consultant at iSec Partners said, "All of these (cloud-services) companies have very active and very well-trained legal departments. And as a result, the agreement you agree to when you sign up for one of these services, basically promises you nothing. "
          • The ability of cloud computing service providers to change terms of service with little or no notice to users of the service is a risk for you.
  • Security of Data - Security standardization hasn't come to the cloud. 
        • There are currently no security models or standards for cloud computing.
        • Hackers can gain access to your classified information since the machines that contain your documents (and links to these documents via email) are now accessible to the Internet as a whole.
        • Third parties can access your information.
        • Cybercrime - exposure of data to hackers of a "high value" target.
            • T-Mobile: Thousands of Attorneys Lose Data.
              The epic failure of the Danger servers (Microsoft) resulted in a complete loss of data for thousands of customers. More than 1 million Sidekick users lost their personal data due to the fact that there were no backups of their data in the cloud.
            • On January 12, 2009, Heartland Payment Systems, a payroll service provider and the 6th largest credit card processing company in America, experienced a malicious software hack which compromised over 130 million records.
            • July 2009: Twitter co-founder Evan Williams' account was hacked and confidential company documents have been distributed on the web. 
            • More than 94 million credit card accounts were affected when TJX, a banking group, had their data hacked. TJX operates more than 2,500 stores worldwide including Marshals and TJ Maxx. Fraud losses to Visa and MasterCard totaled between $68 and $83 million dollars. 
            • FBI agent Donna Peterson said her office has seen a "tremendous uptick in large-scale, fairly devastating data breaches, the biggest heist being close to $10 million stolen in 24 hours."
            • The immediate threat will be attacks to steal data from servers they stored on, either remotely or by an insider or someone who gains access to the data center.

Today’s Better Way

Security expert Bruce Schneier said, "When a computer is within your network, you can protect it with other security systems such as firewalls and IDs. You can build a resilient system that works even if those vendors you have to trust may not be as trustworthy as you like. With any outsourcing model, whether it be cloud computing or something else, you can't. You have to trust your outsourcer completely. You not only have to trust the outsourcer's security, but its reliability, its availability, and its business continuity. "

Having a local network offers many advantages to law firms, including the ability to share files within the office and with people working remotely from home or at satellite offices. Local networks allow all of your data to be in one location which helps in the reduction in data loss. Other advantages of having a local network include:

  • Files can be backed up more easily when they are on a central server (as opposed to scattered in the cloud).
  • Networks allow security to be established, ensuring your network is only accessible by users you approve.
  • The network can be centrally managed.
  • The Internet, printers, scanners, etc. can be shared between people in the office.
  • Users can access their files from any workstation.
  • The ability to store large amounts of data on site without extra charges.
  • Most importantly, using a local network means you do not need to rely on your Internet connection to access your data. You will always be able to do your work, service your clients and grow your practice. 

To find how our fully integrated law office practice management software can help your firm, call us today at 800-726-3339. You'll be glad you did.

 

 
Bottom