DropBox is a file sharing service that I started using a couple of years ago. It seamlessly syncs files over multiple computers and mobile devices. It works so well that I have several clients with multiple offices that use it as their file server. Its the perfect solution for firms that are just starting out and have multiple offices.
This past year I have been hearing comments that DropBox is not “secure”. These voices in the background are starting to get louder. One of them is my good friend and E-Discovery Guru Tom O’Connor. Tom is not the sort of person to jump on the fear band wagon when it rears its head, so I take his advice seriously. His concerns, not with DropBox per se, but online file storage in general center on maintaining confidentiality of client documents and include:
Besides Tom’s Concerns, here are some grumblings around the web
I have gotten to the point where I can no longer recommend DropBox to clients without some further enhancements. Not that I think my any of my clients data will be stolen. In fact, I think that there is a one in a million likelihood. I always have my clients use wep passwords on their wireless routers. I don’t really think that some is going to steal their data, however we put the password in place because we must take “reasonable steps” to protect our clients data.
One solution I have heard is to password protect your documents. In my mind, that is extremely impractical. No one wants to type in a password every time they open a document and users will go to great lengths to avoid doing so.
Another option is to use Worldox or NetDocs, Legal Specific Document Management Systems. I am a consultant on both these products and make money selling them to law firms. However most firms evolve into using a DMS so not many firms have one when they begin using DropBox.
The remaining option, then, is to use an encryption service which will encrypt the document on your computer, and then add it to DropBox. By encrypting your data, you make it completely unreadable to DropBox. So no DropBox employee could ever read your data. If someone hacked DropBox and stole your files, they could not read them. If a government agency subpoenaed your files, they would not be able to read them.
In fact, to break this encryption it “would take far longer than the age of the universe to complete”. In my mind, this is taking reasonable steps to protect your client’s data.
There are two limitations to encrypting your data on your PC. First, you must have the encryption program on all machines that are connected to DropBox, or you will not be able to see your documents. Second, you lose the ability to log into the DropBox website from a random computer and download a document.
Ernie Svenson , better known on the web as “Ernie the Attorney” ,always told me to look at security and usability as a sliding scale.
The goal was to find that happy medium. So if I have to sacrifice a small portion of usability to get greater security, its worth it.
Therefore I am testing BoxCryptor as my encryption service.
When you install BoxCryptor on your PC, it adds a folder to your DropBox account.
However, if you were to open that folder, it is all gobbledygook
BoxCryptor mounts a virtual drive.
If you open that drive up you can see your documents. Anything you put into that virtual drive automatically gets encrypted.
Again, if you go to the DropBox website, you will NOT be able to see any of your documents. That is the price you will have to pay for securing them.
There are some other similar services out there, but BoxCryptor was the only one I found that had an iPhone and iPad app. As you can see below, the app works pretty much like the DropBox App.
You can even open a document and email to someone else and the app removes the encryption.
Cloud date storage is fairly new and there are a variety of issues that have yet to be resolved. LinkedIn and Facebook take the attitude that they own every piece of data you put online. DropBox has even claimed at one point that they own the data you add to their service. Regardless of the ownership issue, at one point or another these cloud based storage services have had security lapses. There is also the issue of employees at DropBox or other storage companies having the ability to view your data. Other issues have been raised about these companies given your data to government agencies. Depending on where your files are stored, this does not necessarily mean the United States Government. Therefore with all this uncertainty, encrypting your client’s data on your end it a reasonable approach to making sure their data is safe.
We are very excited that Clio has opened a consulting program and have jumped at the bit to be a part of it. Clio is a Practice Management Program (Front Office) offered as a SaaS model which means that you pay for it monthly instead of one lump sum. Clio will help us work with an increasing growing segment of attorneys that are either on Macs or don’t have any equipment to run a server application. These are people we had to turn away before and now we can help them out.
For more information check out:
I have been getting a lot of questions about Hosted Exchange recently. Law Office Technology has been using it for over a year and selling and setting it for client sites for the past 6 months. If you are going to use hosted exchange, I recommend buying it from a company that does not force you to enter in your email password every time you open up Outlook. I had a client that purchased hosted exchange that did that, and every time they opened Amicus, it would crash outlook. Fortunately the hosted exchange that we resell does not ask you for the username or password when you log into outlook. If you are linking ay product with outlook, whether it be PCLaw, Amicus, TimeMatters, Worldox, ect, you must make sure that you do not have to enter in your password every time.
I will be in Missouri this upcoming week for their state’s Solo and Small Firm Conference. I will be working the Clio booth, which is Practice Management SaaS for attorneys.
For more info on Clio, click here: http://www.goclio.com/
For more info on the conference click here: http://members.mobar.org/sasf2009/index.html
Law Office Technology has begun the move to the Cloud. This does not mean that I have lost my mind although I know several people who will disagree. The servers at our office will be permanently shut down this weekend. We are not going out of business but making the next technology jump which is dumping the servers and moving to a hosted or cloud environment. I have run into a couple early adaptor law firms that already work this way and they can run heads and tails around a typical brick and mortars firm with much lower overhead.
Basically the ideal is that instead of buying a server, you rent the server from a hosting company. So, instead of a capital outlay of $5000 to install a server and paying a local company for support, you just pay $125.00 a month and get a guarantee 99.9% uptime.
I have started using Hosted Exchange 2007 and Hosted SharePoint. All of our company documents are in SharePoint and all our email is in Exchange. The company we use has 4 redundant data centers spread across the country which means I no longer have to worry about backups. I will post updates on how this is going.