Washington D.C. – 7 March 2016 – According to a survey conducted by Consilio, a global leader in eDiscovery and document review services, 64 percent of legal technology professionals cited “inadvertent disclosure of sensitive data” as the biggest risk of using cloud-based applications. At the same time, 55 percent of respondents at law firms and in-house law departments revealed that workplace data stored on cloud applications is “often” or “almost always” considered in legal or investigatory matters.
“The use of cloud-based applications in business is exploding, and many times management may not even know the full scope of unsanctioned cloud application use across the enterprise,” said John Loveland, managing director, Consilio. “This mushrooming utilization has vastly outpaced the risk and compliance measures needed to adequately manage risks for the protection of intellectual property, compliance, data privacy, records retention, among others.”
Other risks of cloud-based applications that were cited include: theft of intellectual property (39 percent), regulatory compliance failures (26 percent), inability to adequately identify relevant data for eDiscovery (25 percent), service outage (21 percent) and inadequate application of document retention (16 percent).
“With regard to eDiscovery, the growing use of cloud-based applications is a hindrance to effective execution, which requires a comprehensive data map of storage locations,” said Loveland. “Once non-sanctioned applications such as public cloud services enter the equation, the universe of potentially relevant data sources increases dramatically as do the risks of inadequate identification of data and inadvertent spoliation.”
Addressing Shadow IT Risks Across Organizations
One of the most prevalent threats to a company’s information assets and its discovery, compliance obligations is Shadow IT, which is hardware or software used within an enterprise that is not supported or administrated by the organization’s IT department. The ubiquity and ease of cloud-based Software-as-a-Service (SaaS) applications has magnified the challenges of Shadow IT. Skyhigh Networks, the cloud access security broker, echoed the significance of this trend in their Q4 2015 Cloud Adoption & Risk Report. The study revealed that the average organization uses 1,154 cloud services to upload 5.6 TB of data each month.
Without consistent security measures, Shadow IT such as public cloud applications can inadvertently expose confidential corporate information and create other risks.
What is more concerning, is that over a quarter of respondents reported that their organization “rarely” or “never” actively addresses security risks associated with Shadow IT. Almost half of legal technology professionals (45 percent) cited that their organization addresses these risks “sometimes”, while only a quarter (26 percent) committed to this process “very often”.
“The survey confirmed what we have already seen anecdotally for the last few years; many organizations are enabling Shadow IT to enter their daily business operations without enough concern about the risks of these platforms,” said Loveland. “If an organization is faced with litigation in the future, this cavalier approach can make eDiscovery exponentially more complicated and expensive, during a time when efficiency and accuracy are paramount.”
Additional findings from the survey include:
- Reaching A Data Security Awareness Tipping Point – When respondents were asked how apprehensive they were about the potential security risks of cloud-based applications, 62 percent of respondents noted that they were “concerned” or “very concerned”, while only two percent disclosed that they were “not concerned at all”. The growing prevalence of cloud-based application use reflects a need for both law departments and firms to review data security procedures and adopt a more proactive risk management approach.
- Cloud Migration Risks Are Paramount – Organized, careful migration of data to the cloud is essential. Cleaning up data prior to migration is a must. All data – including Shadow IT – should be accounted for and classified to reflect its level of sensitivity. Unsurprisingly, 67 percent of respondents saw migration to the cloud as an “important” or “very important” part of an organization’s information governance program.
The survey of 148 legal technology professionals, from in-house law departments, law firms and government affiliated entities, was conducted by Consilio at the Legaltech® New York 2016 conference held February 2-4, 2016.
Consilio, a Shamrock Capital Advisors company, is one of the largest global eDiscovery and document review services providers, with extensive experience in litigation and antitrust matters and internal and regulatory investigations. Recently joined with Huron Legal and Proven Legal Technologies, Consilio supports law firms and corporations with innovative software and cost-effective, end-to-end litigation services that include eDiscovery, document review, information governance and compliance, law department management, contract management and legal analytics. ISO 27001 and Safe Harbor certified, the company can deploy its services rapidly and efficiently to clients anywhere in the world from offices and data centers in North America, Europe and Asia. For more information, please visit uk.consilio.com.
(O) +1 212 279 3115 x108