Law.com Subscribers SAVE 30%
Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
Cloud-Safe: 10 Things You Should Know About Cloud Computing Security
Cloud computing has grown from being a promising business concept to one of the fastest growing segments of the IT industry. Cloud computing and it's related technologies, such as virtualization, are on top of the minds of corporations and law firms in 2010; and the number of companies releasing cloud-based technologies and software-as-a-service (SaaS) platforms is growing exponentially.
Though the cloud may be the industry's key to managing massive and exponentially increasing volumes of electronic data, some serious questions regarding security are being asked, and for many, security issues are the key barriers to adoption.
Let's assume you have succumbed to the cloud's many charms: reduced cost, infinite scalability, automation, flexibility, mobility, etc., and are anxious to leverage the power of cloud infrastructure for your organization ' but still harbor concerns about the cloud's security protocols. You are not alone.
Relationship Building Is Central to Security
Introducing a third-party inherently complicates the security analysis that needs to be undertaken. In doing so, the physical security, software patches, upgrades, backups and business continuity programs that were once solely the province of the customer now become the integral part of the contractual relationship between the customer and the cloud provider.
The good news for customers is that cloud computing companies are competing to provide as much transparency and certification necessary in order for law firms to trust a third party with their data. So for anyone new to cloud computing security issues, the first step is gaining an in-depth understanding of the data security measures cloud providers have already implemented, and to do an honest apples-to-apples comparison with their firm's current security protocols.
Your Data Is Already in the Cloud
This comparison is critical because for most businesses, electronically stored information (ESI) is already available via the Internet ' whether deploying cloud computing and storage or using a private, local area network (LAN) infrastructure.
This is particularly true if your organization supports VPN (Virtual Private Network) access to your local data, a nearly ubiquitous technology. So when your organization offers access to confidential or proprietary data via HTTPS to a user with an authorized account, your data security protocols must be compared to those of cloud computing providers you are considering.
Top 10 Security Issues
1. Physical Protection. Data facing the Internet ' cloud or LAN based ' should be hosted in locations where critical facilities have extensive setback and military grade perimeter control berms. Access to these facilities should be tightly controlled, both on the perimeter of the property and again at any entrance points to a physical structure that houses data. State of the art intrusion detection systems, video surveillance and multi-factor staff authentication are all necessary. The physical building should also be limited to only those with a legitimate business need relating to the data center, with appropriate log-keeping and periodic auditing of physical security procedures.
2. Who Has Access? What are the physical, logical and personnel controls over physical access to the data? Security not only means no one else can access your confidential data, but it also means that you can access it ' easily, simply, at any time, with optimal “up-time” and without undue delay or headaches. This delicate balance of accessibility and protection is a vital component of cloud-based platforms.
With any IT infrastructure, users would not have “accounts” if they didn't need direct and immediate access to data. And any data resource to which users have direct access needs to be protected. In the grand scheme of data security, it's easy to overlook a seemingly small thing that is fundamental to data protection ' a stringent and effective organizational password policy. Organizations' greatest security vulnerabilities lie in the strength of their passwords. Protecting against unauthorized access is of critical importance; strong passwords play a key role in the security process.
Major Differences In UK, U.S. Copyright Laws
This article highlights how copyright law in the United Kingdom differs from U.S. copyright law, and points out differences that may be crucial to entertainment and media businesses familiar with U.S law that are interested in operating in the United Kingdom or under UK law. The article also briefly addresses contrasts in UK and U.S. trademark law.
The Article 8 Opt In
The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.
Strategy vs. Tactics: Two Sides of a Difficult Coin
With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.
Legal Possession: What Does It Mean?
Possession of real property is a matter of physical fact. Having the right or legal entitlement to possession is not "possession," possession is "the fact of having or holding property in one's power." That power means having physical dominion and control over the property.
The Stranger to the Deed Rule
In 1987, a unanimous Court of Appeals reaffirmed the vitality of the "stranger to the deed" rule, which holds that if a grantor executes a deed to a grantee purporting to create an easement in a third party, the easement is invalid. Daniello v. Wagner, decided by the Second Department on November 29th, makes it clear that not all grantors (or their lawyers) have received the Court of Appeals' message, suggesting that the rule needs re-examination.