Many organizations are considering moving their data storage to the cloud. However, confusion about the cloud persists, along with uncertainty about the nature of legal risks associated with cloud data storage and its impact on a defensible e-discovery process.
The allure of the cloud is great, with lower computing costs and instant scalability. But often times the decision to move data to the cloud is based primarily on technical and business requirements without adequate consideration of potential legal issues. Recently, my colleague Patrick Burke teamed with Scott Carlson, a partner at Seyfarth Shaw LLP, to discuss some of these issues.
From a digital investigation and an information security standpoint, the cloud can be both a friend and foe. With massive concentrations of resources and data stored in the cloud, it can become a “honey pot” for potential attackers—on par with the information assets of very large companies.
As for authentication, you must consider whether cloud storage affects metadata. In setting up a contract with a provider, ask for a contractual commitment to support your investigation needs, as well as information on data collection technology that the cloud vendor may have already used in such activities.
3. Expect attacks. Cloud-based data storage is subject to internal and external attacks similar to on-premise data storage, no different than traditional on-premises security. Ask about your provider’s security measures. Look for those providers that use a layered security approach, including authentication, encryption, firewalls, intrusion detection/prevention, cyber forensics and other security measures. No single barrier alone will magically secure you. The more layers, the harder it will be for an attacker to infiltrate and abscond with confidential or proprietary business information.