Your SlideShare is downloading. ×
0
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

3 Reasons Why the Cloud is More Secure than Your Server

227

Published on

The days of VPN, desktop practice management software and ftp file sharing have given way to online applications like Google Apps, Dropbox and online practice management solutions. Fast, …

The days of VPN, desktop practice management software and ftp file sharing have given way to online applications like Google Apps, Dropbox and online practice management solutions. Fast, cost-effective, and easy-to-use, law firms of all sizes are moving to cloud-based systems to run their operations.

How secure is a cloud-based system though?

Learn about:

- Risks of servers and why securing data in the cloud is a better option
- Procedures every law firm can use to make cloud data storage highly effective
- How cloud applications can help firms meet strict statutory requirements

Published in: Law, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
227
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. 3 Reasons Why the Cloud is More Secure than Your Server Joshua Lenon – Lawyer-in-Residence @joshualenon Doug Edmunds – Asst. Dean for Information Technology @unclawinfotech
  • 2. Agenda •  Cloud Overview (5 minutes) •  3 Reasons the Cloud is More Secure – Economies of Scale (5 minutes) – Cybersecurity Framework (10 minutes) •  Framework vs. Confidentiality Duties – Lightning Advancement (10 minutes) •  Guest: Doug Edmunds (20 minutes) •  Takeaways (5 minutes) •  Questions (5 minutes)
  • 3. Instructors Joshua Lenon •  Lawyer, admitted in New York •  Lawyer-in-Residence for Clio Doug Edmunds •  Assistant Dean for Information Technology at University of North Carolina at Chapel Hill - School of Law
  • 4. CLOUD OVERVIEW
  • 5. NIST Cloud Definition “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction” Source:(NIST(Defini0on(of(Cloud(Compu0ng;(Special(Publica0on(800>145(
  • 6. Cloud Defined
  • 7. Cloud Defined
  • 8. 3 REASONS THE CLOUD IS MORE SECURE
  • 9. ECONOMIES OF SCALE
  • 10. Cloud Economies Dedicated(Security( Team( Greater(Investment(in( Security(Infrastructure( Fault(Tolerance(and( Reliability( Greater(Resiliency( Hypervisor(Protec0on( Against(Network(AMacks( Simplifica0on(of( Compliance(Analysis( Data(Held(by(Unbiased( Party( Low>Cost(Disaster( Recovery(and(Data( Storage(Solu0ons( On>Demand(Security( Controls( Real>Time(Detec0on(of( System(Tampering( Rapid(Re>Cons0tu0on(of( Services( Source:(Cloud.CIO.gov(
  • 11. Law Firms Current Security •  47% have no documented disaster recovery plan •  Only 39% have intrusion detection system •  Only 36% have intrusion prevention system •  32% never have outside security assessments performed •  Only 14% have server logs •  2% have ISO 27001 certification Source:(2013(ILTA(Tech(Survey(
  • 12. Federal Labor Relation Authority (FLRA) Case Management System •  88% reduction in total cost of ownership over a five year period •  Eliminated up-front licensing cost of $273,000 •  Reduced annual maintenance from $77,000 to $16,800 •  Eliminated all hardware acquisition costs •  Secure access from any Internet connection •  Ability to operate and access case information from any location in the world, supporting the virtual enterprise Source:(Cloud.CIO.gov(
  • 13. CYBER-SECURITY FRAMEWORK
  • 14. Cybersecurity Framework •  “Framework for Improving Critical Infrastructure Cybersecurity” •  Published by NIST in February 2014 •  Provides Core, Tiers and Profiles
  • 15. Cybersecurity Framework: Cores Source:(NIST,(“Framework(for(Improving(Cri0cal(Infrastructure( Cybersecurity,”(02/14/2014(
  • 16. Cybersecurity Framework: Tiers •  4 Tiers: – Tier 1: Partial – Tier 2: Risk Informed – Tier 3: Repeatable – Tier 4: Adaptive “Progression to higher Tiers is encouraged when such a change would reduce cybersecurity risk and be cost effective.”
  • 17. Cybersecurity Framework: Tiers •  Tier 3: Repeatable –  Formal risk management policies with reviews –  Organization-wide approach with training –  Collaborates with outside partners on risk management •  Tier 4: Adaptive –  Adapts security based on lessons & predictions –  Security is part of corporate culture with continuous improvement –  Actively shares information with partners
  • 18. Cybersecurity Framework: Profiles •  Current: security outcomes being achieved •  Target: outcomes needed to meet goals •  Compare Current and Target Profiles to identify gaps in security processes
  • 19. CYBERSECURITY FRAMEWORK VS. CONFIDENTIALITY DUTIES
  • 20. Model Rules of Professional Conduct •  Rule 1.1 – Competency – “lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology…” •  Rule 1.6 – Confidentiality – “lawyer shall not reveal information relating to the representation of a client unless the client gives informed consent, the disclosure is impliedly authorized in order to carry out the representation…”
  • 21. Model Rules of Professional Conduct •  Rule 5.3 - Responsibilities Regarding Nonlawyer Assistant – “person's [nonlawyer] conduct is compatible with the professional obligations of the lawyer…”
  • 22. Cloud Computing Ethics Opinions Source:(American(Bar(Associa0on(
  • 23. Framework vs. Ethics Opinions Framework helps map, measure, & migrate cost benefit analysis
  • 24. Cybersecurity Framework: Tiers •  Tier 3: Repeatable –  Formal risk management policies with reviews –  Organization-wide approach with training –  Collaborates with outside partners on risk management •  Tier 4: Adaptive –  Adapts security based on lessons & predictions –  Security is part of corporate culture with continuous improvement –  Actively shares information with partners
  • 25. Framework vs. Ethics Opinions Opinions fail to discuss regulatory requirements.
  • 26. Framework vs. Ethics Opinions Cloud services allow easier regulatory compliance
  • 27. LIGHTNING ADVANCEMENTS
  • 28. 28% of solo and small firms have no process for updating their computers. Source:(2013(ILTA(Tech(Survey(
  • 29. Lightning Advancements •  Cloud Services move at the speed of the internet. •  Real-time monitoring and upgrades keep your Software-as-a-Service on the cutting edge.
  • 30. Heartbleed
  • 31. “When weaknesses are discovered in cryptographic systems, the system will not necessarily become suddenly insecure.” Source:(Bruce(Schneier,(‘Cryptanalysis(of(SHA>1’(
  • 32. “Such discoveries impel migration to more secure techniques, rather than signifying that everything encrypted with that system is immediately insecure.” Source:(Bruce(Schneier,(‘Cryptanalysis(of(SHA>1’(
  • 33. GUEST: DOUG EDMUNDS
  • 34. Carolina Law - Background •  Part of UNC-Chapel Hill, nation’s oldest degree-granting public university •  Law school founded 1845 •  Charter member of ABA – 1920 •  Approx. 740 students; 63 tenure track faculty; 35+ adjuncts •  6 clinics with 70-80 students per year
  • 35. Clinical Program - Challenges •  Aging hardware •  Bad software support •  Short staffing •  Limited funding •  Campus security policies •  Skepticism of university counsel Photo(source:(hMp://0nyurl.com/lk5hy4u(
  • 36. Old Model vs. New Model Time Matters - Local •  Poor support for Macs •  Software upgrades difficult •  No redundancy – single server in place •  Vendor difficult to reach •  Students frustrated, faculty jaded Clio - Cloud •  Operating system agnostic •  Software upgrades totally transparent •  Geolocation of data centers and fully redundant •  Excellent vendor support and self-help resources •  Students and faculty love it
  • 37. Security Local Solution •  Security = just one thing your organization does •  Cobbled together, piecemeal •  Few if any guarantees •  Knowledge deficient •  No formal access controls Cloud Solution •  Data center’s rep & business depend on it •  Multi-layered, robust •  Guarantees in Service Level Agreement •  Expertise •  Monitored, controlled environment
  • 38. Policies & Procedures •  Rule #1 - Cloud adoption should not be based solely on convenience •  Rule #2 – Implement consistent metadata/ tagging standards •  Rule #3 - Leverage version control •  Rule #4 - Require security awareness training •  Rule #5 – Prohibit “rogue agents”
  • 39. Mobility & Agility •  True anytime, anywhere access •  Security is “baked in” rather than “bolted on” •  Accessible across platforms/devices •  No downtime due to server outages Photo(source:(hMp://0nyurl.com/l7wgd45(
  • 40. TAKEAWAYS
  • 41. Takeaways •  Cloud computing economies of scale provide security and service that cannot be matched by individual installations •  Organizations large and small are shifting to cloud-based services for increased savings •  Robust frameworks for measuring and mitigating risks are being developed for cloud services •  Cloud services are best suited for cutting edge implementations
  • 42. Action Items •  Read state ethics opinions on technology •  Commit to a cybersecurity review. – Document •  Cores •  Tiers for Firm and Vendors •  Current vs. Target Profiles •  Download the Cybersecurity Framework Core Exercise on GoClio.com/Blog
  • 43. ClioWeb Planning to move to the Cloud now? Try Clio for free & get 25% off your first 6 months
  • 44. QUESTIONS
  • 45. Thank You Doug Edmunds edmunds@unc.edu @unclawinfotech linkedin.com/in/ dougedmunds Joshua Lenon joshua@goclio.com @JoshuaLenon linkedin.com/in/joshualenon

×