Seeing into the Cloud: How to Mitigate Potential Ethical and Security Issues
Discovery Management Digest – Q2 2013
By Chris May, Principal, Deloitte Financial Advisory Services LLP
Federal lawyers may be used to a dizzying array of acronyms, but recent government security initiatives are beginning to sound a lot like alphabet soup—FISMA, NIST, FedRAMP, FIPS, and the list goes on. These are security initiatives for information technology (IT) that represent a fundamental shift in the way that agencies manage data, and they will have wide-ranging impacts across agencies for lawyers involved with litigation, particularly the eDiscovery phase. If attorneys haven’t done their homework on security initiatives and the federal government’s push to the cloud, they need to start now. They can begin by understanding what this means for how agency data is secured, where it resides, who actually owns it and how the changes will impact the way attorneys work with IT and provide information to opposing counsel. The government and many private businesses have already moved some of their data to cloud environments or are considering the move. Consider that two-thirds of mid-size businesses are either planning or currently deploying cloud-based technologies to improve IT systems management while lowering costs, according to a 2011 survey by IBM. The survey, Inside the Midmarket: A 2011 Perspective,¹ found that respondents anticipate that cloud computing will help them reduce costs, better manage IT, and improve system redundancy and availability.
While cloud computing can bring numerous advantages, the road to the cloud is not smooth or easy. While moving infrastructure, data storage, software, and other IT components to the cloud can save money and ultimately make eDiscovery easier and faster, there are significant security risks. Government lawyers must understand that their colleagues or third-party contractors in IT, who are already under significant pressure from these initiatives, may not be thinking of legal holds, chain of custody, spoliation, and other eDiscovery-related issues when they develop contracts and service-level agreements (SLAs) with cloud based providers. In order to stay ahead of these issues and ensure that cloud computing ultimately benefits agency employees and taxpayers, federal lawyers need to know what their IT departments are doing now with the move to the cloud and what they plan to do in the future. They also need to understand the ethical implications involved with cloud computing and moving client data to a virtual environment.
As used in this document, “Deloitte” means Deloitte LLP [and its subsidiaries]. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.
While the information in this article may deal with legal issues, it does not constitute legal advice. If you have specific questions related to information discussed in this article, you are encouraged to consult an attorney who can investigate the particular circumstances of your situation.