In a digital era where Cloud Storage is becoming used massively, this carries a lot Data Protection Risks. Keshet Berko Arbibe , a Legal Marketing Consultant at Robus Consulting Group, explains the risks and the opportunities.
Data Protection Risks in the Cloud Storage: 2022
Cloud Storage – an outstanding opportunity in the Big Data era, or a major risk in data protection aspects?
Solutions for storage of massive amounts of data is a central necessity in this modern era – it’s a type of mechanism a company just can’t do without. On the other hand, the importance of data protection is gaining more and more support and awareness across industries world-wide – and rightly so. Can the two go hand in hand – or do they contradict each other?
There is no doubt legal information is one of the most confidential, sensitive types of information out there. Exposing it can have harmful consequences – besides the massive damage to the firm’s reputation, it contains serious legal implications and risks, among others:
- Violation of confidentiality restrictions that are posed by law on databases in general, and legal information in particular
- Unauthorized access to such information can establish a cause of a tort claim for the object of the information
Although law firms are the ones guiding their clients through heavy regulation regarding privacy policies’ compliance, it seems like their own data protection processes does not receive an appropriate consideration, in their own ongoing work.
The ransom cyberattack on Grubman Shire Meiselas & Sacks law firm
Lately, some pretty disturbing occasions occurred around the world, that emphasis the importance of data protection. A prominent one is the ransom cyberattack on Grubman Shire Meiselas & Sacks law firm, in which hackers used ransomware (a type of malware) in order to still up to 756GB of sensitive legal information about high-profile celebrities, requesting over $40M USD as ransom in order to not disclose the information.
This type of malware is usually used on information stored on a private network, and the request for ransom is usually via Bitcoin, in exchange for the encryption keys.
Does storing data on the cloud the adequate solution for legal information in terms of data protection?
The benefits of storing data on the cloud are clear:
- Information can be accessed from any computer that has authorization – everywhere
- No need for a huge servers room
- Creating an ability to manage a huge amount of information, analyze it and conclude fascinating insights
- Usually, the biggest cloud companies are extremely experienced and professional since they do their job in the largest scale in the market – and that makes this type of data storage cheaper in the long term
But does it really cover and provides a holistic solution to the data protection risks mentioned above?
The answer to the question whether using the cloud mitigates the data protection challenges or worsens them, is rather simple – it depends on the execution.
This can be demonstrated by using a case study: In the summer of 2019, a former AWS (Amazon Web Services) Engineer was arrested for breaching massive amount of Capital One Bank accounts. Due to a cloud firewall misconfiguration, a massive amount of sensitive data was accessed, including credit applications, Social Security numbers and bank account numbers.
Many security vulnerabilities are caused by poor configurations.
Many security vulnerabilities are caused by poor configurations. In order to secure information in cloud environment, a system of permission that grants certain users to perform certain tasks is a necessity.
In some cases, those permissions are granted by an external service such as firewall system which is meant to filter and deny access of requests that lack sufficient authorization, and protect the information stored. Once those permissions were misused – a free access to the AWS bucket was granted.
In the past, the configuration process of firewalls was more complex, and included using a complicated mechanism – CLI (Command Line Interface- text display only). These types of systems deterred many users (mostly, the unexperienced ones), so lots of firewalls decided to transfer the process to a more graphical way of data display (GUI – Graphical User Interface), making it much more user-friendly.
The problem was, that the easier the usage of it got, the more unprofessional personas felt more confident dealing with it – causing major damages to the authorization mechanism, resulting in providing access to irrelevant people, an access that was clearly unrelated to their work.
Due to the fact that the technology seems accessible and relatively simple to use – people think it’s less complex and disparage the process in terms of professionalism, time and effort. But that is not the case. One should be highly skilled and attentive while using firewalls, authorization mechanism and the cloud.
The cloud environment is an extremely strong and reliable system.
The cloud environment is an extremely strong and reliable system once it is configured and defined correctly – it should be decided exactly what each member is allowed to do and what information they are qualified to be exposed to.
The default must be – denying access from everyone (“default-deny policy”), and gradually permitting the access relevant for each individual. That narrows the possibility of people being exposed to information they simply do not need in order to get their work done, and other permissions will be blocked for them.
For example – in large law firms the default should be that there is no cross-department data going around for no good reason. The exceptions should be handled specifically. In addition, it is important for data protection specialists working closely with the firm, to monitor errors and consider edge-cases. It sounds complicated and maybe inefficient – but this sort of conduct saves a lot of mess later on, as illustrated above.
Data protection risks in the cloud storage: Conclusion
Data protection is definitely not something to be taken lightly or try to save over, especially at the legal sector – in law firms and in-house legal departments as well. Investing time and efforts and being thorough and meticulous within the data protection process allows you to enjoy the benefits of using the cloud, while minimizing – and nearly disappearing, if the process is done properly – the many risks of information leakage and data breach.
About Article’s Author: Keshet Berko Arbibe
Keshet Berko Arbibe is a Legal Marketing Consultant at Robus Consulting Group
Are you seeking more High-Tech Trends?
If you are interested in discovering more high-tech startups tips, check out our High-Tech Online Magazine or our High-Tech Company Directory. If you would like to be included in an article or in our High-Tech Directory, feel free to contact us by leaving a comment, by leaving a message on LinkedIn or email us to firstname.lastname@example.org for more information.