Hey, you, get off my Cloud!

Addressing eDiscovery Cloud Security Concerns

Hey, you, get off my cloud!

If you are handling your clients data for the purposes of litigation or an investigation, you will be very aware of the immediate concern of ensuring that your clients data is safe and secure. Therefore, as cloud storage becomes more common, questions surrounding the security of data held in the cloud become more prevalent. This blog outlines why you can put your cloud security fears at ease.

As eDiscovery and data storage solutions evolve, we are seeing an increase in the use of cloud storage for our data. A prime example of this is RelativityOne, a SaaS product that is hosted in the Microsoft Azure Cloud. Altlaw recently announced an extension of our partnership with Relativity to provide RelativityOne to our clients.

As with any new service or product there will be those who are sceptical to adopt change, and this is especially true when it comes to technology and data security.

As a RelativityOne partner, one of the most asked questions Altlaw receives is:

How secure is my data in the cloud? hey, you, get off my cloud

In short, the answer to the above question is – extremely secure.

The difference between legacy on-premise eDiscovery platforms such as Relativity; and cloud-based eDiscovery platforms such as RelativityOne is as follows:

  • On-premise eDiscovery platforms stored your data on servers which were owned / managed by your eDiscovery provider.
  • Cloud based eDiscovery platforms store your data on servers owned / managed by a third party which in RelativityOne’s case is Microsoft.
The second most common question Altlaw receives is:

Can the third party access our data i.e. Microsoft?

In short, the answer to this question is – no.

All data held in cloud storage is encrypted with an individual cipher which only your eDiscovery provider has access to. If in the extremely unlikely event that the storage is accessed, then the files will simply be random gibberish, a mass of numbers and letters which are useless and unusable without the encryption key. This RelativityOne encryption system is known as “Lock Box”.

I’ll use a building analogy to explain it. Let’s imagine that in the case of RelativityOne that Microsoft Azure is a tall sky scraper, to which they own and control the access to the building. RelativityOne have sublet one floor of the building. Relativity own and control access to this floor exclusively, meaning Microsoft cannot access the floor. RelativityOne then sublet rooms on this floor to vendors such as Altlaw. Altlaw then own and control access to this room exclusively, meaning that neither Relativity or Microsoft can access the room. In short, Microsoft own the building but can’t access the floor owned by Relativity; and Relativity can’t access the Altlaw room.

In Summary

Data stored in the cloud is extremely secure and cloud providers such as Microsoft Azure, Amazon Web Services, and Google Cloud all have to comply with rigorous compliance standards and meet dozens of international and industry-specific compliance standards, such as ISO 27001, SOC 2, Type II, HIPAA, and FedRAMP.

Microsoft’s Azure facilities compliance certifications far outstrip that of other on-premise solutions. Please take a look at Microsoft Azure cloud compliance guide over here: https://azure.microsoft.com/en-gb/overview/trusted-cloud/compliance/
Here are recent Microsoft Azure cloud compliance audits:  https://servicetrust.microsoft.com/ViewPage/MSComplianceGuideV3?command=Download&downloadType=Document&downloadId=33c31702-edf1-4eb0-a0a5-a857dab764bc&tab=7027ead0-3d6b-11e9-b9e1-290b1eb4cdeb&docTab=7027ead0-3d6b-11e9-b9e1-290b1eb4cdeb_ISO_Reports

 

If you require any of Altlaw’s eDiscovery services, feel free to contact us today and a member of our team will be in touch with you soon.

Menu