A 'Cloud Security Doctrine' for Law Firms

Cloud computing may be here to stay, but is it truly safer than the solutions that it's outmoding? The Legal Cloud Computing Association (LCCA) thinks there's a path to greater security, publishing for law firms its first “Cloud Security Doctrine.”

According to a statement announcing the doctrine's release, this “inaugural set of security standards” will aid in bringing together firms and those within the legal tech world to employ best practices and address concerns over cybersecurity “collaboratively and transparently.”'

In discussing the need for cloud security standards, Jack Newton, founder and CEO of Clio, a practice management provider and member of the LCCA, says: “Over 20 ethics opinions on cloud computing provide guidance that cloud computing is acceptable for lawyers. Every opinion refers to a 'reasonable care' standard, and it is left to the individual lawyer to perform due diligence on what exactly 'reasonable care' looks like. The LCCA wants to provide concrete guidance on what we consider a reasonable baseline for security so that lawyers, bar associations, law societies and other stakeholders have a clear set of criteria to apply to cloud computing providers that service the legal space.”

The LCCA says that the doctrine “sets standards for a range of issues” facing firms that employ cloud solutions, including encryption, data integrity, third-party access and data loss prevention.

“Most cloud providers have perfectly adequate security for consumer use,” Newton says. “It's the policies and procedures to support the distinct security needs of the legal industry that they lack.”

In compiling the doctrine's guidelines, the LCCA incorporated legal specific requirement recommendations from courts and bar associations; guidance on data privacy from European and North American governments; and legal industry best practices.

“The initial draft of the LCCA security standards were drawn from member contribution and research into the most recent changes in privacy and security laws, as well as technological companies best practices,” Newton says. “From there, the first draft was circulated to an external advisory board for initial feedback.”

With this doctrine, Newton says, “the LCCA hopes to serve as an educational force for law firms, legal departments, and legal regulators, as well as for legal technology providers. The LCCA security standards can provide guidance for law firms that is up-to-date with legal and technological best-practices.”

The LCCA noted that its issuance of its guidelines is “timely,” given that legal departments are adopting cloud solutions “in ever-increasing numbers,” with 31% of respondents in the ABA's 2015 Legal Technology Survey reporting their use of cloud services for “law-related tasks.”

Still, when it comes to security, the cloud can be a precarious platform. Nonetheless, advocates like the LCCA note how cloud computing can allow for greater efficiency and speed. As to why firms continue to go to the cloud despite security concerns, Newton explains that “law firms are slowly coming to the realization that adopting cloud computing is no longer an option ' if they are to remain competitive, leveraging cloud computing has to be part of their strategy. Furthermore, law firms are also recognizing that hosting their own on-premise IT systems often poses a greater security risk than a cloud-based solution.”

The LCCA intends for the standards to be viewed as “a living, constantly evolving document,” and that they will be updated for the ABA Tech Show this month. Newton added that the current draft is “open for comment.” The public is invited to comment on the standards at the LCCA's website at www.legalcloud computingassociation.org.

' Ian Lopez, Legaltech News