Skip to main content

News

  • AddRemove
  • Build a Report 
Media Coverage

On-Premise Cloud Deployment: A Myth of Control?

6 July 2017
Legaltech News

In-house legal departments and law firms looking to become leaner, cost-effective businesses will oftentimes turn to cloud storage to inexpensively store data and enable mobile lawyering. But just how these organizations should deploy cloud technology, whether on-premise or through a third-party provider, is up for debate. While there are cost savings with either deployment, each comes with different levels of data security risk.

Dave Logue, senior lead data recovery engineer for KrolLDiscovery, often hears from corporations who believe they have more control over their data security when their cloud infrastructure is stored in-house. But he noted that in many cases such control “is just perception” and not reality.

A recent KrolLDiscovery report, for example, found that 40 percent of data loss in on-premise cloud systems is caused when those with access to the cloud infrastructure and data, such as internal IT staff, erroneously erase virtual applications and the data they contain.

Logue noted this risk of human error is less common in third-party cloud providers given that the “expertise of people [they retain] is usually higher than some of the training and expertise of the people retained by the individual businesses.”

The report also found an additional 36 percent of data loss at companies with on-premise cloud deployment was due to a hardware failure within the system, a problem Logue believed is less prominent at third-party cloud providers because they often have backup systems and redundant hardware that kicks in to quickly replace offline hardware.

Of course, such data loss risks are largely dependent on how organizations build out and support IT staff, and they may be negligible at organizations with highly skilled and well-funded IT departments.

But well-built IT resources do not mitigate all potential data security problems in an on-premise cloud deployment. Kevin Broyles, co-founder and managing partner at FisherBroyles, a law firm that extensively uses third-party cloud providers for their operations, sees an inherent cybersecurity risk in storing IT infrastructure, applications and data in-house.

“You’ll find a lot of IT professionals out there that [advise] companies to not have any locally hosted data for reasons of greater cyberrisk and greater natural disaster risk,” he said.

To be sure, the specific level of vulnerability a company faces when keeping their data and IT infrastructure in-house is dependent on their particular situation.
Logue noted that “sometimes there are real security needs that can’t be met” by third-party cloud providers for companies whose information is highly regulated or needs to be watched and stored closely.

And what’s more, the security offered by such third-party cloud providers is far from infallible, especially at smaller providers. In February 2017, for instance, CloudFare inadvertently leaked sensitive data of its clients online. Discussing the breach with Legaltech News, Marcus Christian, partner at Mayer Brown, cautioned against putting too much trust in any one provider or technology.

“I think that people think there’s going to be a silver bullet to protect technology. To date, that silver bullet hasn’t been found. We shouldn’t be relying on or planning for that day to happen,” he said.

But Broyles noted there are ways to mitigate the risks of breaches. For instance, he likens his own firm’s operations to the distributed nature of blockchain technology—because it hosts data in multiple locations, it is harder for that data to be fully comprised or stolen.

“To borrow from a military analogy, [organizations] that host data locally amass all their troops in one location, so they’re an easier target,” he said.

*****

Reprinted with permission from the July 6, 2017 edition of Legaltech News© 2017 ALM Properties, Inc. All rights reserved. Further duplication without permission is prohibited.

The Build a Report feature requires the use of cookies to function properly. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently. If you do not accept cookies, this function will not work. For more information please see our Privacy Policy

You have no pages selected. Please select pages to email then resubmit.