Cloud Security

Safeguard cloud-based data and mitigate cyber risks associated with a remote workforce | js withheld

Safeguard cloud-based data and mitigate cyber risks associated with a remote workforce |  js withheld
Written by ga_dahmani
Safeguard cloud-based data and mitigate cyber risks associated with a remote workforce |  js withheld

[author: Stephen O’Maley]


Efficiency, scalability, speed, increased cost savings, and advanced security for highly sensitive data continue to be in high demand by users of eDiscovery services. To meet that demand, cloud technology promised several of those benefits.

However, advanced data security depends on how an eDiscovery service provider implements, maintains, and manages sensitive customer information.

This issue has become more prominent as most of the workforce is dispersed and often working from unsecured home environments has driven increased use of cloud services. This increased use of the cloud has opened the door to more risky data storage scenarios that might not be entirely apparent to users of eDiscovery services. In addition, the companies that provide these services may not be aware of all the risks inherent in their activities and processes.

Because the industry has moved toward commoditization over personalization, the workforce within some eDiscovery providers consists largely of junior staff who must follow strict protocols and procedures while in the office. While these activities may have been tried and tested in the office environment to meet minimum safety standards, most employees are likely unaware of the safety risks inherent in working from home.

This paper examines the inherent risks surrounding the protection of electronic customer data on cloud-based platforms that have emerged with the proliferation of the work-at-home environment. It also explains why it is important for users of eDiscovery services to review the technical skills, practices, and experience of the professionals who will deliver their data to ensure proper precautions are taken.


Many eDiscovery providers have recently migrated hosted customer data from private data centers to public or private cloud environments. As hosted data volumes have increased, so have the complexities involved in scaling the physical resources required to maintain private hosting environments in a way that meets customers’ requirements for speed, efficiency, redundancy, and security. Consequently, eDiscovery providers began to reexamine the risks and costs associated with their hosted wallets, and many of them turned to the cloud as a solution. But this also introduced other problems that may not have been fully reconciled to date and may have been exacerbated by the pandemic.


It is not uncommon for an organization’s most sensitive data to be found on eDiscovery platforms. That data often includes privileged communications, business strategy decisions, secret business information, potentially embarrassing personal communications, and other confidential communications from your employees, leaders, and legal advisors. The cloud hosting services that eDiscovery providers run have a range of security capabilities that are often unexamined by the eDiscovery user.

Due to the increasing sophistication of state and non-state hackers, there is a continuing and growing risk of infiltration by hostile actors. This was illustrated in 2020 solar winds attack on the US government. In that scenario, a trusted technology services company tasked with maintaining the computing environment within several of the world’s most secure data centers provided the gateway for hackers to access the most secure data. country confidential.

Then there are the risks inherent in work-at-home environments that have increased due to the COVID-19 pandemic. With the continued advancement and adoption of IOT (Internet of Things) devices and the expansion of high-bandwidth Internet services for residential consumers, there are multiple avenues for reliable Wi-Fi connected services in the home. in the form of “smart devices” (smart speakers, thermostats, alarm systems, televisions, etc.) are compromised in an environment that is not typically monitored for malicious network activity. This is compounded when employees of eDiscovery providers lack experience or knowledge of network security risks.


Cloud services offer the promise of unmatched reliability with limited downtime for eDiscovery users’ document review operations. Although there may be regularly scheduled maintenance intervals, emergency outages do occasionally occur. Consider Google’s court in December 2020. Disaster-related outages for users of cloud-hosted eDiscovery services can severely impact a customer’s ability to meet court-ordered and other production deadlines.

Privacy and data protection issues

Cloud hosting solutions can, and often do, provide local data storage to regional jurisdictions that require the redaction and identification of personally identifiable information (PII) before extraditing that information to another country (such as the United States). . This offers the promise of Electronic discovery providers have data storage available locally in the region required by privacy regulations.

However, given the multitude of regions around the world with data privacy regulations, a user of eDiscovery services should not assume that their data is hosted in accordance with local regulations. In general, users of eDiscovery services should confirm with their providers where the physical servers that will host the protected data are located.

Additionally, with most eDiscovery provider staff working from home due to the pandemic, it may be important to ask how a mindful approach to global data privacy regulations is being addressed.

world context

Cybercrime is projected to have cost the global economy nearly $1 billion in 2020. Additionally, hacking and infiltrations of government and commercial entities are increasingly seen as the best way for adversary nations and other bad actors to have the greatest impact on their targets. All of this is intensified by the global pandemic, when work-at-home environments and the increased use of social engineering in generally insecure environments present additional risks to the security of data under management.


What are some of the ways that users of cloud-based eDiscovery services can verify that their data is protected?

cloud security

An important step to take is to ask if the cloud-based eDiscovery solution has been certified against various security standards. While this is not a guarantee that your data will not be exposed, it does present some level of reassurance that security protocols are regularly tested by an unbiased third party. Some certifications that are relevant here include: SOC2 Type 2, ISO 27001, ISO 27017, ISO 27018, as well as certifications indicating that the hosting provider is aware of data privacy regulations and HIPAA requirements.

It is important to differentiate the certifications that are attributed to the cloud operator versus the data hosting service provider. For example, AWS, Google, and Microsoft Azure have a number of sophisticated data security certifications associated with their upstream operation of the cloud environment.

However, it is important to note that an eDiscovery platform running within that cloud environment employs its own security protocols to allow reviewers to access documents and, as a result, does not inherit all of the security controls that exist in the base layer cloud offering. Make sure you know what security protocols and certifications your app of choice can directly claim.

Work-from-home safety considerations

This presents additional considerations. Many eDiscovery providers will point to employee handbooks and corporate policy documents as an initial response, but in this unprecedented time, those guidelines are unlikely to anticipate a scenario where the majority of the workforce would work from disparate external locations. and not safe.

Depending on the technical environment available at the eDiscovery provider, steps can be taken to approximate the network restrictions in place at the office. No solution will be 100 percent risk-free, but there are best practices that can be implemented to mitigate major risks. For example, the provider can take a centralized security approach by using a VPN (virtual private network) connection to the office environment that restricts access to non-essential networks and prevents employees from using computers that are not for work .

It’s also crucial to be aware of the different levels of security restrictions appropriate for employees focused on different aspects of the eDiscovery process. For example, someone conducting the document review is likely to require less access to sensitive customer data than the project manager in charge of organizing the review. You need to understand what in-home procedures your provider is using and how that affects the security and exposure of your data.


Despite the issues that have arisen, cloud-based eDiscovery solutions provide users with numerous advantages to address the unprecedented challenges facing the post-COVID world. At the same time, it is equally important that users know and understand what protection providers are putting in place to safeguard their data. Cloud storage solutions address the issues facing aging technical infrastructure, can greatly bolster cybersecurity, and provide eDiscovery providers with the flexibility to operate in a global environment. The additional risks posed by work-from-home environments due to the pandemic mean that purchasers of these services must closely monitor the whereabouts, protection and technical environments employed by companies working with their sensitive data.

About the author


Leave a Comment