|
|
In the September/October 2011issue of The Pennsylvania Lawyer, published by the Pennsylvania Bar Association, practicing attorney and technology consultant, Shannon Brown, provides a very thoughtful and informative primer on the “why’s and wherefores” of cloud computing. His article offers some important background for attorneys attempting to understand the “alphabet soup” of current cloud computing terminology.
He also outlines why it is important for attorneys to understand some of the risks associated with cloud computing, and how to mitigate those risks to insure compliance with various judicial opinions on the topic. Specifically, he cites Ethics Informal Opinion (2010-060, 1/10/2011) of the PA Bar Association’s Committee on Legal Ethics and Professional Responsibility, which states that attorneys may ethically allow client confidential material to be stored ‘in the cloud’ “… provided the attorney makes reasonable efforts to assure that the material is confidential.”
As Brown states, any attorney contemplating a cloud-based storage solution will need to understand what constitutes “reasonable efforts” regarding the confidentiality of data stored. To help with this determination, the author suggests three areas for attorneys to probe carefully before committing to the cloud. They are:
- Data encryption practices adopted by the vendor
- Awareness of the physical storage location of the data itself
- Procedures for disaster recovery of data made available by the vendor
NetDocuments appears to do rather well in all three of these crucial categories.
All documents sent to and from NetDocuments use secure SSL protocols with 128 bit encryption keys, and all documents stored on the NetDocuments servers are fully encrypted. Multiple additional technical and procedural safeguards are in place to insure that your documents are available only to you and to those with whom you choose to share them.
NetDocuments servers are located exclusively in the U.S. for U.S. firms, as well as two redundant datacenters in the UK. All data becomes replicated between the two secure hosting centers, insuring continuity of access. In the event of a disaster at one site, access to the replicated site is instantaneous and transparent to the user. You can read the details for yourself in the NetDocuments Technical Overview.
So, all of you Pennsylvania lawyers out there, rest easy knowing that NetDocuments fully complies with the standards as currently defined by your Committee on Legal Ethics and Professional Responsibility, and as further explicated by a practicing attorney who is also a knowledgeable technology professional.
The cloud can indeed be a dangerous place. Perform your due diligence accordingly.
Post written by Jack Schaller of Eastern Legal Systems (ELS). ELS is one of NetDocuments valued Business Services Partners. Jack is a partner and Director of Client Development and operates out of the firm’s Blue Bell, PA office.
Eastern Legal Systems LLC is a regional technology consulting firm specializing in legal billing and accounting, practice management, document management, and network optimization for small to mid-size law firms. Spanning the “Metroliner Corridor” of the Eastern United States seaboard, Eastern Legal Systems serves clients in New York, New Jersey, Pennsylvania, and Washington, D.C. from offices in those four locations.
Our mission is to add value to each project we initiate for our law firm clients, through our combination of extensive software and training experience, our deep knowledge of the products we support, and our solid legal industry background.
October 5th, 2011
Tags: Attorney, Cloud Computing, Content Management, document management, law firm, Legal Administrators, Legal SaaS, legal technology, LegalTech, Security, Technology|
Category: business continuity, Cloud Computing, Compliance, document management, Ethics, legal, Legal Ethics, legal technology, SaaS, Technology
No Comments »
OREM, UTAH – February 17, 2010 – NetDocuments, the leading Software-as-a-Service (SaaS) content management service provider, announced today it has completed the SAS 70 Type I audit, and it has also completed the Truste EU Safe Harbor Certification, acknowledging that NetDocuments delivers its SaaS content management service and its web site in accordance with these standards.
The SAS 70 standard (Statement on Auditing Standards No.70) was developed by the American Institute of Certified Public Accountants (AICPA), and is an internationally recognized auditing standard. SAS 70 designation represents that the AICPA or its designees have conducted a rigorous audit of the NetDocuments controls and safeguards over its information technology and all related processes.
SAS 70 Type I audit describes the company’s internal controls at a point in time and assesses whether they were suitably described to achieve control objectives. In six month’s time, NetDocuments will complete the SAS 70 Type II audit demonstrating the operational effectiveness of its controls over a period of time, and then maintain it year after year.
The TRUSTe EU Safe Harbor Seal communicates that a Web site has committed to protecting the privacy of EU visitors through compliance with the EU-US Safe Harbor Framework and participation in TRUSTe’s Watchdog Consumer Dispute Resolution service. The EU-US Safe Harbor Framework was developed by the U.S. Department of Commerce in concert with the European Commission to provide a framework by which US companies may comply with EU privacy directives protecting the personal information of European citizens.
“It’s absolutely essential for NetDocuments’ customers to have confidence in their hosted services provider and ensure we have effective controls, standards and infrastructure in place to comprehensively protect their data,” said Ken Duncan, CEO at NetDocuments. “We are committed to do everything we can to service our customers with the highest standards.”
February 17th, 2010
Tags: accounting, CPA, law, legal tech, Security, Technology|
Category: business continuity, Cloud Computing, customer service, legal, legal technology, SaaS
No Comments »
This post was authored by Danny Johnson of the NetDocuments sales and marketing group.
The Fourth Amendment in the Bill of Rights protects against unreasonable searches and seizures and is a vital part of the United States Constitution. As data stored in the cloud continues to proliferate, the debate on how this law relates to the security of this data will become increasingly important.
Recently, a very in depth analysis on this topic was released in the June 2009 edition of the Minnesota Law Review titled, “Defogging the Cloud: Applying Fourth Amendment Principles to Evolving Privacy Expectations in Cloud Computing.” The article discusses how the fourth amendment relates to data stored in the cloud.  The article was written by David Couillard, who is in his final year at Minnesota Law School.
The Law Review article was brought to my attention by James Urquhart, who writes on cloud computing for CNET.com. Urquhart breaks down the law review article and provides a clear path for how the law should treat data stored in the clouds in an article titled “Does the Fourth Amendment Cover the ‘Cloud’”?
Urquhart sums up the discussion very nicely and lays a solid framework as to how this issue could be approached:
“Coulliard wraps up with a suggested framework for applying the Fourth Amendment to “the cloud” that is very much in line with my own thinking. Treat digital assets on third-party sites not as transactions (like phone numbers dialed), but in the same way you would treat physical assets kept in an apartment or storage locker:
‘[T]he service provider has a copy of the keys to a user’s cloud “storage unit,” much like a landlord or storage locker owner has keys to a tenant’s space, a bank has the keys to a safe deposit box, and a postal carrier has the keys to a mailbox. Yet that does not give law enforcement the authority to use those third parties as a means to enter a private space.
The same rationale should apply to the cloud. In some circumstances, such as search engine queries, the third party is clearly an interested party to the communication. But when content data, passwords, or URLs are maintained by a service provider in a relationship more akin to that of landlord-tenant, such as private Google accounts, any such data that the provider is not directly interested in should not be understood to be open to search via consent or a waiver of Fourth Amendment protection.’
Amen, Mr. Coulliard. Personally, I hope the courts note this framework, and begin applying it to Fourth Amendment cases arising from Internet-based computing immediately. Furthermore, I call for Congress to explicitly codify a similar framework with laws that clearly and unequivocally state the rights of users with respect to their data in the cloud.”
I would recommend reading the entire Urquhart article to fully understand the implications and possible approaches to addressing the issue of cloud data and the fourth amendment.
January 26th, 2010
Tags: CNET, Founding Fathers, Govenment, Security|
Category: Cloud Computing, document management, legal, SaaS
2 Comments »
Orem, Utah, October 12, 2009 — NetDocuments, the leading Software-as-a-Service (SaaS) content management service provider, today announced that it has joined the RSA Secured® Partner Program to certify technical interoperability between NetDocuments and the RSA SecurID® two-factor authentication system from RSA,The Security Division of EMC (NYSE: EMC). The technically interoperable solution is now released for joint customers.
This certification signifies that a technical partnership has been established to increase security for joint customers to enforce user authentication into NetDocuments via RSA SecurID one-time passwords provided through hardware and software tokens. The RSA SecurID system is as simple to use as entering a password, but significantly more secure. Used in conjunction with RSA Authentication Manager software, an RSA SecurID token functions like an ATM card for a company network, requiring users to identify themselves with two unique factors — something they know (a password or PIN), and something they have (e.g. an RSA SecurID hardware token) — before they are granted access to secure business information stored in NetDocuments.
“RSA SecurID two-factor authentication complements NetDocuments overall security infrastructure which includes wire security, data-at-rest encryption, best-practices for datacenter security, document-based access control lists, ethical walls, smart auto ACL defaulting, Microsoft Active Directory single sign-on, certificate-based authentication, and our patented binding of access privileges into each document under our multi-tenant SaaS model,” said Alvin Tedjamulia, CTO, NetDocuments.
Customers who currently have RSA SecurID in place will now benefit from ease-of-deployment when used in conjunction with NetDocuments. Users of RSA SecurID can now use the same token to access their documents through NetDocuments as well as other existing corporate applications and networked resources. Similarly, current NetDocuments customers and end users can benefit from the ubiquitous presence and industry leadership of the RSA SecurID two-factor authentication system.
“We are pleased that NetDocuments is now technically interoperable with RSA SecurID technology and available to joint customers. Working with NetDocuments, we can meet the unique needs of the enterprise with a broad choice of innovative strong authentication methods that provide the proper balance of risk, cost and user convenience. This is critical in helping to best protect an organization’s information, identities and infrastructures,” said D.J. Long, Senior Director, Corporate Development at RSA.
About NetDocuments
NetDocuments was organized in 1998 as one of the first Software-as-a-Service (SaaS) companies in the world. Our vision is to leverage the Web and the SaaS delivery model to offer the most feature-rich and efficient document service, including the management and collaboration of work in process documents, emails and records. For more information about the company and management, go to www.netdocuments.com. For further information, please contact info@netdocuments.com or call +1.866.netdocs.
About the RSA Secured Partner Program
The RSA Secured Partner Program is one of the largest and longest-running technology alliance programs of its type, bringing over 1,000 complementary solutions across more than 300 organizations together. RSA SecurID®, RSA® Access Manager, RSA® Adaptive Authentication, RSA® Digital Certificate Solutions, RSA® Hybrid Authenticators, RSA® enVision, RSA® Federated Identity Manager and RSA® Key Manager Suite certification programs bring added assurance to customers that their solutions are certified as interoperable to help them achieve faster time to deployment and lower overall cost of ownership. The RSA Secured Partner Program reflects RSA’s commitment to driving inventive collaboration across the industry and support standards-based interoperability with its information-centric security solutions to help protect information, identities and infrastructures. For more information, please visit www.rsa.com/rsasecured.
# # #
RSA, enVision, Secured, and SecurID are registered trademarks or trademarks of RSA Security, Inc. in the U.S. and/or other countries. EMC is a registered trademark of EMC Corporation. All other company and product names may be trademarks of their respective owners.
October 13th, 2009
Tags: SaaS, Security|
Category: Cloud Computing, SaaS
No Comments »
|
