Cloud Storage

The idea of cloud storage has become more pertinent over recent years given the exponential advancement of technology. More businesses endeavour to have more ‘paper-less’ environments with the view to creating more efficient, not to mention tidier, storage systems. ‘Cloud storage’ or ‘cloud computing’ was defined by the United States Department of Commerce National Institute of Standards and Technology as a model for enabling convenient network access to a shared pool of resources, including networks, storage and applications, that can be accessed with minimal service provider contact.

Types of Cloud Storage

There are many different cloud storage models which each carry different risks. These include, but are not limited to, private cloud, community cloud and public cloud. Private cloud is where the cloud infrastructure provides for the exclusive use by a single organisation e.g. Cisco. Community cloud is for the use by a specific community of organisations that share the same mission e.g. Google Apps.  Both the private and community clouds may be owned and managed by the organisation, a third party or mixture of both and exist on or off premises. Public cloud is for the open use by the general public and is typically owned and operated by a government department or a business e.g. Amazon.

Benefits of Cloud Storage

Some of the benefits for investing in cloud storage include reliable backup storage, more storage capacity, flexibility, economies of scale, more efficient professional services, reduced IT costs, fewer hardware write-offs, better quality servers, and reduced risk of losing physical files during natural disasters as has occurred in the Christchurch earthquakes.

However, with these benefits come a number of risks.

Risks of Cloud Storage

Client confidentiality is a core concept, for example, within the legal industry, a lawyer has a duty to protect and to hold in strict confidence all information concerning a client’s business and affairs under the Lawyers and Conveyancers Act 2006 and the Privacy Act 1993.  Generally, this is one of the major factors for some businesses being reluctant to implement cloud storage systems. There have been a number of unfortunate instances where private information has been disclosed; for example, in February 2015 the United States Internal Revenue Service was hacked whereby personal information of 334,000 accounts was unlawfully accessed through the online tax system.

Potentially, a cloud storage provider could have access to client information or even sell stored information to unauthorised persons. With cloud storage having no geographical boundaries, the relevant and applicable legal jurisdiction can become blurred, particularly in the context of overseas third party cloud storage providers. Cloud storage providers may require ownership of the stored data to protect their interests and may provide information to government agencies when requested. In light of this, when engaging services of cloud storage providers, the terms and conditions of any agreement should be carefully considered. Further, a cloud storage provider would need to be capable of customising software for, by way of example, the legal industry, and adapting to its changes. Local cloud storage providers may have the flexibility to provide this; however, they may not offer the same technology and financial security as overseas cloud providers.

Anyone who engages the services of a cloud storage provider must ensure that client confidentiality will not be compromised and all reasonable steps have been taken to ensure third parties or hackers cannot access client data. Accordingly, clients should be informed that their personal information is held with a third party.

Methods to Mitigate Cloud Storage Risks

Even with all the necessary precautions in place, breaches may still occur. However, there are ways to mitigate the risks associated with cloud storage; examples include implementing the necessary agreements for acceptable service levels and remedies for non-compliance and conducting due diligence of service providers; creating strict restrictions and security on access to information; enforcing terms for the transfer of data; and knowing where the data will be stored and the privacy laws applicable. Backup systems for damage control must be established and highly confidential information could be stored in a different manner to low risk information.

The decision to invest in cloud storage is a balancing act between the efficiencies of technology and the potential risks associated with privacy in the light of business strategy and priorities.