SRA "waiting for something to go wrong" before taking action on cloud computing

Cloud computing: security can be higher than firm-stored data

The Solicitors Regulation Authority’s (SRA) reluctance to give detailed guidance to law firms on cloud computing could be because it is “waiting for something to go wrong” before it acts, a report has suggested.

Written by DMH Stallard commercial partner Frank Jennings, who advises on cloud computing contracts and chairs the Cloud Industry Forum’s code governance board, The real challenges and benefits of cloud computing to law firms finds that solicitors continue to worry about data security in relation to the cloud.

Mr Jennings spoke to senior IT personnel at major law firms, including Berwin Leighton Paisner and Sidley Austin. Most believed the SRA’s concern was client confidentiality, and was relying on outcomes-focused regulation (OFR) to place the burden on firms to ensure data security.

The report drew attention to the Law Society of Scotland – the regulator of Scottish solicitors – which, by contrast has produced a detailed guidance on cloud computing, and the Information Commissioner, who has published general guidance for organisations.

Mr Jennings also quoted one contributor, who characterised the SRA’s lack of views on cloud computing as being because it, like others “appear to be in waiting mode. They’re waiting for something to go wrong”.

An SRA spokesman confirmed that OFR was its guiding principle on cloud computing and added: “Issues over keeping client files safe are dealt with in the code of conduct [under] client confidentiality, while our risk team doesn’t have any data that suggests it’s a problem that needs tackling at this time.”

He went on: “We continue to research the issue, however, should it become a risk in the future, as technology is a rapidly-changing environment.”

Mr Jennings concluded that the IT chiefs he consulted had a more sophisticated understanding of data security than many equivalents outside legal practice. While it was commonly believed the security of cloud computing compared unfavourably with internally-stored data, they understood that cloud-based data is often stored with a level of security exceeding firm-hosted data.

But when choosing between private and public cloud providers – which respectively offer higher and lower levels of certainty over the location and security of stored data – most opted for private cloud products, although public cloud data storage is cheaper.

Mr Jennings recommended that firms focus security efforts on controls over access to data, including staff training and procedures. Cloud providers should meet accreditation standards, such as ISO 27001 – the international information security standard – and undertake ‘external penetration’ testing, which detects resistance to hackers.

Due diligence should also cover such things as having a back-up plan for data crashes; for the insolvency of a provider; and when considering moving data to the cloud, firms need to ask various questions, including the nature of the data, in which jurisdiction will it be stored, and how it will be transferred from firm to provider.

The Law Society last year held a seminar on cloud computing and in September 2013 it will publish a , authored by Tim Hill, Chancery Lane’s technology policy officer.


    Readers Comments

  • Well, are they giving guidance to ordinary firms on having burglar alarms on their buildings, locking filing cabinets when they go home (as if!!) and making sue their landlord doesn’t go insolvent and board up their building?

    Something will go wrong in a Cloud Computing environment and probably something unforeseen which is why nobody has done anything about it! But it is much safer than ordinary firms arrangements and certainly much safter than those with their own servers in the office.

    (Heard the true story about the law firm who were very proud of their new in-house servers and their back-up procedures which included running a back-up to tape every night? Their computers and servers were stolen—along with their back up tape…..)

  • Alex says:

    SRA is in no position to comment on Cloud Computing in Law Firms in the post-PRISM era, so I understand why they have yet to weigh in.

    But at least now Law Firms are realising that security in the age of information is vital and that not all Cloud partners / providers are equal in this respect and that a public cloud option is sheer madness.

    I think the SRA should make it clear to Law Firms that while hosted services / moving to the cloud offers Law firms great cost-saving and productivity gains, these need to be off-set against the quality of security that a partner can offer, so in effect saying: don’t go for the cheapest provider who of course cannot then afford to invest in the level of security that a business requires in this age of cyber-crime.

    I hope it is clear that private is the only option NOT public cloud, although public cloud data storage is cheaper, and that Law firms should only partner with cloud providers that are on a good financial footing and have at least 10 years as a specialist cloud provider and existing and happy Law Firm clients.

Leave a Comment

By clicking Submit you consent to Legal Futures storing your personal data and confirm you have read our Privacy Policy and section 5 of our Terms & Conditions which deals with user-generated content. All comments will be moderated before posting.

Required fields are marked *
Email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.


Buyers beware

Some 12 years on from its first published research, the Society of Trust & Estate Practitioners has published a new report: Wills and Trusts – Buyers Beware.

European invasion – firms flood into the EU’s legal markets

The long march of lawyers across Europe continues apace more than 50 years after US law firms, together with their City counterparts, first opened offices in Paris and Brussels.

Legal project management – a mindset lawyers can easily apply

Where budgets are tight, lawyers will be considering what’s in their existing arsenal to still improve productivity. One effective, accessible and cheap tool is legal project management.

Loading animation