Issue link: https://epubs.iltanet.org/i/16612
THE ETHICS AND SECURITY OF CLOUD COMPUTING password for more than one website. A free password generator and manager is PasswordSafe (http://www. passwordsafe.com). DATA PRIVACY The following questions provide a summary of some important considerations when evaluating a cloud- based provider: • What is the privacy policy? Policies should be clearly stated, and disclose how information supplied to the service is housed, protected, shared, manipulated or disposed of. • Who owns the data? When entrusting your practice to a SaaS solution, it’s critical to understand the impact of the company’s privacy policy on the lawyers’ ethical requirements as legal practitioners. • How can the data be used? When it comes to confidential client information, the privacy policy generally outlines how the cloud computing provider can (or cannot) use the data you enter into the application. In general, all information you enter into a cloud computing application should be treated as confidential, private information that cannot be used by the cloud computing provider. Furthermore, the cloud computing provider should only be permitted to view any of your private information with your explicit consent (for example, to troubleshoot a technical issue). While in many cases this seems to be the only obvious and fair way of treating private data, there have been some high-profile cases of very popular websites imposing less-than-fair privacy policies on their users. For example, Facebook recently caused a virtual firestorm with an update to its privacy policies that apparently granted the company perpetual control over content posted by its users. DATA AVAILABILITY The importance of a cloud-based provider’s data availability strategy cannot be overstated. A recent catastrophic data loss at Danger, a division of Microsoft, where information for thousands of users was irretrievably lost, highlights the importance of a proper data availability strategy. As long as an appropriate strategy is in place, SaaS applications can arguably provide a much higher level of data availability than desktop applications. By asking a cloud computing provider about their data availability strategy, you are essentially seeking an answer to this very important question: What are you doing to ensure that my data remains available, even in the event of a natural or human-induced disaster? The types of disasters that need to be contemplated in a data availability strategy are numerous. Natural disasters could range from a lightning bolt that causes a simple power outage at one data center to an earthquake that wipes out power for an entire state. Human-induced disasters could include a simple network misconfiguration or a situation where the SaaS provider must shut down for any number of issues related to business continuity. Although many of these scenarios are extremely unlikely, the value of the data that is being stored should require a comprehensive plan to mitigate the risk associated with www.iltanet.org Infrastructure Technologies 19