User Tools

Site Tools


cloud

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
cloud [2019/08/04 15:40] – created neilcloud [2021/07/06 09:26] (current) – external edit 127.0.0.1
Line 1: Line 1:
 =====Using cloud services===== =====Using cloud services=====
-personally, not a huge fan, but I can see the attraction 
  
 +==== Key points: ====
 +  * [[cloud#"It's not the cloud; it's someone else's computer"|"It's not the cloud; it's someone else's computer"]]
 +  * [[cloud#Check your professional conduct rules|Check your professional conduct rules]]
 +  * [[cloud#If you are not paying for online services, how are they making money?|If you are not paying for online services, how are they making money? ]]
 +  * [[cloud#Check if the provider has access to your data|Check if the provider has access to your data]]
 +  * [[cloud#Encrypt files before uploading them|Encrypt files before uploading them]]
 +  * [[cloud#They may have much better security and resiliency than you could|They may have much better security and resiliency than you could]]
 +  * [[cloud#Check if you can be locked out and prepare accordingly|Check if you can be locked out and prepare accordingly]]
 +  * [[cloud#Check their service level agreements, and remedies for failing to meet them, meet your needs|Check their service level agreements, and remedies for failing to meet them, meet your needs]]
 +  * [[cloud#Check their backup procedures|Check their backup procedures]]
 +  * [[cloud#Ensure you cannot be locked in|Ensure you cannot be locked in]] (or that you can live with the consequences)
 +  * [[cloud#Check where are they storing your data|Check where are they storing your data]]
  
-Especially free services: you are the product+===="It's not the cloud; it's someone else's computer" ====
  
-Do they commit to tell you if your data are leaked?+The term "cloud" conjures up a fluffy, amorphous place in the sky where your data are held. When you store your data in a "cloud" service, you are simply storing your data on someone else's computer (or, more likely, computers).
  
-May employ superb and dedicated security teams: their infrastructure more likely to be better maintained than yours. If you find reliabletrusted supplier.+====If you are not paying for online services, how are they making money? ====Β 
 +If you are not paying for the service you are using beyond trial periodhave a think about how they are making money
  
-Can you be locked out?+Running servers at scale is not cheap, and a common online business model is to use data relating to users of the services to make money β€” perhaps using it to target advertising, or even selling it (or insights based on it) to third parties.
  
-Are you locked in? Can you export your data readily?+A common mantra is that, if you are not paying, you are the product.
  
-Jurisdictions: where are your data? Overseas access?+If you are not paying, you should also check what (if any) support is available to you, and whether you have any recourse if they decide one day to just switch off their services.
  
-How do they do backups? How quickly do they restore? Where are their backups?+To mitigate this risk, take regular backups of your data and store them somewhere else. Test those backups, and check they are in a format which you can import into another service or piece of software.
  
 +====Check your professional conduct rules ====
 +
 +Check your local rules of professional conduct regarding the use of subcontractors generally and cloud computing specifically.
 +
 +Although this wiki is definitely not about legal advice, you might need to draw your clients' attention to the use of cloud computing systems, and are likely to need to carry out due diligence on your providers' confidentiality and resiliency practices.
 +
 +===Canada ===
 +
 +British Columbia: [[https://www.lawsociety.bc.ca/Website/media/Shared/docs/practice/resources/checklist-cloud.pdf|Cloud computing checklist v. 2.0 [Updated May 2017]]]
 +
 +===New Zealand ===
 +
 +[[https://www.lawsociety.org.nz/practice-resources/practice-briefings/Cloud-Computing.pdf|Cloud Computing Guidelines for Lawyers]]
 +
 +===United Kingdom ===
 +
 +The Law Society of England and Wales produced a practice note on cloud computing, but it appears to have been withdrawn.
 +
 +Bar Council: [[https://www.barcouncil.org.uk/media/407878/cloud_computing.pdf|Cloud computing – security issues to consider]]
 +
 +===USA ===
 +
 +[[https://abovethelaw.com/legal-innovation-center/2019/04/04/lawyers-and-cloud-computing-its-not-so-complicated-anymore/|Lawyers And Cloud Computing: It’s Not So Complicated Anymore]].
 +
 +====Check if the provider has access to your data ====
 +
 +Some providers build their services in a way that the only data stored on their platform are encrypted, with a key that only you hold.
 +
 +Others operate by storing your data in a way which makes it accessible to them.
 +
 +Check that they way in which they operate is suitable for your needs.
 +
 +====Encrypt files before uploading them ====
 +
 +If the cloud service you are looking at is a file storage service (e.g. Dropbox), encrypt your files before you upload them to the service. 
 +
 +That way, you are not reliant on their encryption or security, and your data should be safe from unwanted access if their servers are compromised.
 +
 +For example, [[https://cryptomator.org/|Cryptomator]] or [[https://www.boxcryptor.com/en/|Boxcryptor]].
 +
 +====They may have much better security and resiliency than you could ====
 +
 +Well-resourced and competent providers will employ superb and dedicated security teams, far better than you could do yourself.
 +
 +Similarly, their infrastructure more likely to be better maintained than yours and, if there is a problem, fixing it is their problem, and not yours.
 +
 +==== Check if you can be locked out and prepare accordingly ====
 +
 +Check their terms of service: do they permit unfettered rights to suspend your service, or lock you out of your account?
 +
 +Frankly, even if they do not say that they can do this, you are better-protected if you work on the basis that, at any point, your access to the service could be suspended. 
 +
 +Before it happens:
 +  * Take regular, automatic, backups, so that you are not left without your data.
 +  * Identify a suitable replacement / alternative service, so you can get going again quickly
 +  
 +  
 +====Check their service level agreements, and remedies for failing to meet them, meet your needs ====
 +  
 +If the service is critical to your firm (for example, a document management system, or matter management system), check their service level agreements:
 +
 +  * what is their timescale for responding to support requests
 +  * what is their uptime? Do they have a means where you can check the status of their services easily?
 +  
 +What are the fallbacks if they fail to meet their servie level promises? Do you have any meaningful recourse?
 +  
 +==== Check their backup procedures ====
 +
 +Check how often they backup their systems, and how quickly they can restore them if they have a problem.
 +
 +While having your own backups is essential, if you have to reload your data onto the service, you are limited by the speed of your Internet connection's upload. If you are talking about a significant volume of data, that could takes hours or even days.
 +
 +
 +==== Ensure you cannot be locked in ====
 +
 +Check that you can you export your data readily?
 +
 +This might be the same as taking a backup, or it might be a separate, dedicated, way of exporting your data.
 +
 +Check the format in which you can export your data β€” does it come out in a way which enables you to load it into another servie or piece of software.
 +
 +If you cannot readily export your data, there is a strong risk of being locked into that service β€” if they change their prices, you might have no real option but to pay the increase, and, worse, if their service degrades, you may find yourself stuck with a sub-optimal experience.
 +
 +
 +==== Check where are they storing your data ====
 +
 +Are their (or, perhaps more likely, their provider's) servers in a jurisdiction which could be problematic to you? (For example, where local laws might permit a third party to access your data without telling you?
 +
 +Depending on your local legal requirements, you might need additional contractual protection, beyond their normal terms of service.
cloud.1564933252.txt.gz Β· Last modified: 2021/07/06 09:26 (external edit)