Cybersecurity is a hot topic in the legal industry today. Naturally, as firms shift from local products to cloud-based products, they begin to worry about the security of their information in the cloud. Ah, distance makes the heart grow fonder…

Local solutions like Worldox offer a unique security proposition: documents are stored locally on equipment that you own. If you manage your own equipment’s security well, you’ll be okay. Cloud solutions, in contrast, are owned and secured by the vendor, meaning a firm is relying on their vendor to provide the security. Hence, with 3rd parties, your security is as good as the vendor you’ve chosen.

How does security in the cloud work?

Let’s evaluate how one vendor – NetDocuments – provides enterprise security so that your law firm won’t have to. I could tell you that they use SSL-128 and AES-265 encryption, or that they employ a quantum randomization number generator, but this is difficult to understand. Instead, let’s try this from a different angle. Here is a simple guide to how NetDocuments handles document security:

  1. A secure, encrypted tunnel is created between your workstation and the NetDocuments datacenter. Your document is sent through this tunnel to NetDocuments.
  2. Upon arrival, the document and its related metadata are containerized and encrypted. The encrypted document is then securely stored in a NetDocuments vault which is randomized.
  3. The key to the vault is uniquely created and likewise encrypted and stored in a separate vault.

Say a day later you want to continue working on that document. So you double click and the document opens in Word in about 1-2 seconds on your computer. But what actually happened during this time?

  1. The program finds the document in its vault and requests the key to unencrypt it. Only the software knows how to do this.
  2. The software makes sure the user requesting the document is from the correct firm with the adequate privileges.
  3. Once verified, the document is sent back through the encrypted tunnel and delivered to the endpoint user for editing.

There are many other things to consider when choosing your vendor. NetDocuments, for instance, has a division of labor such that no single employee has enough rights or knowledge to actually find a given firm document. Also, if the NetDocuments datacenter is breached, due to the randomized and anonymized construction, finding any document would be hopeless vain. In other words, beyond plain encryption, pick vendors that have implemented human and policy controls that eliminate certain attack vectors by definition. Sometimes, we don’t need bigger walls, we need smarter walls.