Issue link: https://epubs.iltanet.org/i/16612
To this question the proposed FEO answers, “Yes, provided steps are taken effectively to minimize the risk of inadvertent or unauthorized disclosure of confidential client information and to protect client property, including file information, from risk of loss.” Lawyers considering cloud computing need to understand the technologies and practices that both the provider and they themselves can leverage to effectively minimize the risks outlined by the proposed FEO. The following provides an in-depth look at the technologies and best practices that can be employed to effectively minimize risks related to using cloud computing. DATA SECURITY Data security covers four primary areas: encryption, server security, client security and password security. • Encryption One important component of the security equation is encryption. Secure Sockets Layer (SSL) is an industry- standard encryption technology that enables secure online banking and e-commerce. SSL ensures all communications between your computer and the cloud-based server are encrypted and protected from interception. SSL is an extremely powerful technology, as it allows for completely secure communications even over public, untrusted networks, such as a public Wi-Fi connection. Each Web browser uses a variant of a “lock” icon to indicate a website is using an SSL connection –– look for it prior to inputting any confidential data on a website. • Server Security While SSL helps secure communications between your computer and the cloud, you also need to 18 Infrastructure Technologies ILTA White Paper know the servers you are communicating with are properly secured against hackers and other threats. While it is hard for the average Web user to assess a cloud-based provider’s server security, there are services from companies such as McAfee that perform regular security audits on SaaS providers to ensure server security. Ask for evidence of a third- party security audit, be it from McAfee or another provider, before entrusting your data to a cloud- based provider. • Client Security Though cloud computing has the advantage of outsourcing server-level security and backup to a third-party service provider, one often-overlooked part of the security equation is the security of the desktop or laptop from which you are accessing the SaaS application. SaaS doesn’t obviate the need to ensure your desktop or laptop is properly secured with a firewall, antivirus protection, and the latest security updates for your operating system and Web browser. For Windows users, Google Pack offers free antivirus, anti-spyware, and Google’s own Web browser, Chrome. To ensure data stored on your desktop or laptop remains private even if it is stolen, you may want to look at installing TrueCrypt (http://www.truecrypt.org) a free tool that will encrypt the entire contents of your hard drive. • Password Security Finally, security also encompasses password security. The best SSL encryption and client/server security can all be undone by the choice of a weak password. Be sure to choose a secure password for any website you are using, and try to avoid using a given