The March/April 2014 issue of Law Practice had an article entitled “How to Select a Law Firm Cloud Provider” that asked some great questions about cloud security. Although well-designed cloud-based law office management software is safer than your desktop computer, not all cloud providers pay as much attention to security as we do. We’d like to address a few of the questions asked in the article:
What is the financial stability of the provider? A lot of companies are jumping onto the cloud without the financial backing they need. Many of these organizations will be gone in a year or two. CosmoLex is a relatively new company, but that doesn’t mean we are novices. CosmoLex is an offshoot of our sister company, Easy Soft, which has over 25 years in the legal technology field and over 10,000 happy customers. Most of those are coming over to CosmoLex billing software for lawyers so we have the financial clout and industry experience needed to survive.
Who owns the data? You do. Period. We make no claim to the data you store on our servers.
Is the data encrypted? The authors correctly point out there are two types of encryption to ask about. During transmission your data is protected by 128-bit SSL. During storage your data is protected in a SAS 70 compliant datacenter
Where is the data physically stored? We use only U.S.-based datacenters
How is the data stored? Each subscriber has a separate database schema on our systems. There is simply no way for another subscriber to reach your data, unless you give them your username and password.
Are updates automatic? Yes, CosmoLex is automatically updated at least once a month. The article points out that automatic updates can be bad, but only if it is an application that is installed to your computer. CosmoLex resides completely on the cloud with nothing installed on your local machine. Updates should never interfere with your practice’s computers or other software
The authors end the article saying that there are countless more questions that could be asked. We’ll ask a couple ourselves.
How do you know you are secure? The CosmoLex datacenter is audited daily by a 3rd-party security company that notifies our staff immediately if any vulnerabilities are found.
How often is data backed up? Security isn’t just about theft. Data loss is important as well. Your data is automatically backed up every four hours.