According to other technology bloggers, there has been significant development in cloud security…which is sure to have an impact on e-discovery. What’s cloud security? To understand where you’re going, you have to know where you’ve been.

Anyone who uses computers for their home or business is connected to a server. A server is a software program (or a computer that runs the program) which provides a specific service to the computer(s) connected to it. Each server has a finite amount of power, so (1) it will run slower as the number of networked computers connected to it increase; (2) it will run slower as the size of the jobs requested by the network increase; or (3) both. You’ve probably experienced this at work: you and fifty of your coworkers are trying to print huge .pdf files simultaneously and it’s taking F-O-R-E-V-E-R.

Lucky for us office-types, IT specialists have discovered that the efficiency of the server-network interaction can be increased by using groups of servers instead of just one. A group of servers sharing tasks requested by a network is called a “cloud.” Chuck Hollis, who wrote the article on which this post is based, provides this definition:

By “cloud”, I mean any next-generation IT environment that’s (1) built differently — dynamic pools of virtualized resources, (2) operated differently — purpose-built zero-touch or low-touch operational models, and (3) consumed conveniently — use of resource includes pay-for-use models, or other forms of convenient consumption.

A pay-for-use model just means that you pay, for example, fifteen cents per gigabyte of information exchanged. Pricing may also be determined by the time it takes for the cloud to complete a specified task.

Why Clouds Deserve Special Treatment

When there are parts of projects from multiple networks going to clouds of servers, tracking information and protecting it from hackers can become difficult. Enter: Cloud Security Takes a Big Leap Forward. This article presents solutions to cloud-security problems.

The first problem a cloud can encounter is an attack by malware (aka viruses), some of which target the hardware itself. Thus, a basic way to secure your cloud is to make sure the hardware itself is secure - in other words, to create “hardware root of trust.” Intel has recently come out with hardy-hardware which promises to do just that. The press release boasts:

.. The foundation for this new trusted computing infrastructure is a hardware root of trust derived from Intel® Trusted Execution Technology (TXT), which authenticates each and every step of the boot sequence, from verifying hardware configurations and initializing the BIOS to launching the hypervisor.

Once the server hardware is secure, the hardware platforms of the networked computers must be secured. Software can be used to create “perimeters” around the network-server connection, for example, VMware. Next, there should be monitoring of the interaction and information exchange between the servers and network to ensure that information from the network isn’t likely to compromise the secure environment. Software called Archer can be used to determine the risk posed by exchanged information, and if there are any gaps in monitoring. Moreover, Chuck Hollis thinks that compliance with these security measures should be handled by the tenant (owners/users of the network who have an interest in the security of the information), as opposed to the service provider.

Still confused? This diagram might help:

Why should you care?

Okay, eDiscoverista, why should I care? Imagine that your server-cloud isn’t printing fifty .pdfs for you and your coworkers, it’s archiving all the information produced by your company since Y2K. Security is important to keep unwanted snoops out of the information, ensure that it hasn’t been mixed up with other information (maybe from other networks…because this might wave privilege), and to ensure that it hasn’t been lost or destroyed. If there is litigation and the information needs to be retrieved, the lawyers will have to know where it’s located and how to get to it. More importantly, if you want the lawyers to get a hold of your adversary’s information, the lawyers will have to figure out where it’s hiding. That’s why it’s so important to be aware that cloud computing is happening, and the information security risks clouds pose.

Not every company needs advanced cloud-security services, but some certainly will. In order to comply with ever-tightening e-discovery rules and manage cases effectively, lawyers need to know that cloud-security issues are out there…

*Leah R. Glasofer, the eDiscoverista, is a third-year student at Seton Hall University School of Law. She currently clerks at Daly, Lamastra & Cunningham, which handles insurance defense for Chubb Group of Insurance Companies. Upon graduation, Leah will clerk for Assignment Judge Yolanda Ciccone in Somerset County.