Charles Christian’s latest UnCut comment… So we received an invitation to meet with a startup in New York that has a new solution for addressing some of the issues that arise when lawyers use cloud-based file sync and document sharing services, such as Box, Dropbox and Google Drive, as opposed to the more traditional email and extranets as a collaboration platform between law firms and their clients.
Now we all know Dropbox is the Spawn of the Devil and should never be allowed anywhere within the enterprise – but it is just so damned easy to use. Drag and drop, bingo bongo – and for people who work with multiple devices from multiple locations, it is a way of ensuring you can have access to specific documents wherever you are and on whatever device you are running. (Declaration of interest: we are huge users of Dropbox on the Insider.) But, what does an organisation do about the security issues associated with it?
Option 1. is to ban Dropbox and Dropbox-type services and force everyone back within the enterprise firewall. However this is counter-intuitive because once you have lawyers happily using a specific software application, do you really want to not only stop them from doing this but also then have to re-educate them to use another application instead? An added complication here is getting the budget approved by the partnership because Dropbox is “free” whereas the alternatives cost money – and that’s not including the training.
Option 2. which actually seems to be the most widely used strategy – if some of the data coming in from the US and small firms is anything to go by – is for the firm to put its collective fingers in its ears and cover its eyes and pretend the widespread use of Dropbox is not really happening. This is obviously not a defensive position to take in the event of any compliance or regulatory issues arising.
Option 3. is to encrypt all data, so even if it does get lost in the cloud, there can be no unauthorised access. Unfortunately most encryption systems are a pain to use – and even if the law firm uses one, there is no guarantee that the client will be using the same platform or even want the headache of faffing about with encryption keys. Besides, the latest Snowden/NSA revelations suggest encryption is nowhere as near secure as we were all led to believe.
Option 4. which some firms have adopted, is to use a third-party service that offers the benefits of Dropbox but within a controlled environment. In the legal sector two of the best known offerings here are from Workshare and Egress (with its Switch system). Unfortunately this does run into the Option 1. problem…
Option 5. however this brings us back to where we started, with our American start-up friends, who are called AlephCloud. This company’s Content Canopy system aims to give users the best of both worlds by providing the full range of end-to-end encryption and audit facilities BUT while still allowing the actual sharing of documents to take place via Dropbox and similar services. In other words, not banning Dropbox but domesticating it? Sounds interesting. AlephCloud will be at LegalTech New York in February but in the meantime here is a short video clip…