How safe is cloud computing? It depends who you work with …

Much has been made in recent times of the benefits that can be derived from cloud computing. In fact the speed of growth in use of “the cloud” has been one of the major factors in the IT industry for most of the last decade. But how safe is cloud computing?

Traditionally a profession that has adopted a cautious approach to new technologies, the legal sector are showing increasing signs of understanding the financial and operational benefits of using the cloud as a resource for managing different types of information. The Solicitors Regulation Authority has highlighted this in recent publications, expressing the view that “Cloud computing is continuing to increase in popularity, with low cost and flexibility the key advantages. Cloud users do not have to maintain their own data storage or multiple site licenses for software. The cloud works out cheaper than direct data and program storage, and permits true mobile working with no need for data sticks or email transmission of files, both of which are key risks for data loss. Email is not inherently secure, while data sticks are easily lost and provide ready systems access for virus programs.”

However, there are of course risks. The SRA also points out that when a cloud-based service is implemented, control of data is effectively handed over to a third party service provider, and the ability of that provider to protect confidential information can represent an area of risk. Careful selection of the cloud system provider can effectively mitigate this risk, as there are very wide variations in the level of security that different companies offer.

Safe4 Information Management have made major investments in ensuring that the security of their customers’ data is given the highest possible priority. This is reflected in the way Safe4 have addressed the issues raised by the SRA. The measures Safe4 have taken include such key areas as ensuring that all data is held in ISO-27001 approved data centres in the UK, confidential information is never transmitted by email, all stored data is encrypted using highly secure ciphers, and that all contractual engagements are undertaken according to English law. Rigorous penetration tests, carried out by independent UK Government-certified agencies, also ensure that any areas of vulnerability caused by new internet threats are addressed as a matter of urgency.

The SRA also points out that “sound cloud computing providers offer better encryption and security than would be possible for a small or medium-sized solicitors’ practice storing its data locally.” Due diligence applied in the selection of the cloud service provider can help to bring the law firm the financial and operational benefits of this highly effective resource while making sure that its stored information is given the maximum protection possible.

The views of the SRA are echoed by the Law Society, which has also published guidance for law firms wishing to use the cloud.

A number of law firms in the UK have for some time been making use of the highly secure document delivery and storage service offered by Safe4 to share confidential information with their clients and other external parties. One law firm in Leeds is now in the process of introducing the use of Safe4 as a direct result of the way the SRA guidance has been interpreted and implemented.

For more information on how using Safe4 can benefit your law firm, please get in touch.  We will be very pleased to assist you.

Ben Martin





Ben Martin is a Director and founder of Safe4 Information Management

More new security and reporting features for Safe4

Safe4 has been enhanced again by the addition of stringent password strength checks for new users, and the ability to download some system reports directly into a .csv file for further analysis and manipulation. This will be further improved by extension to all reports in the near future.

At Safe4 we are constantly seeking ways to make the service more secure, and more flexible in the way it can be used. As always, this is largely based on customer feedback and the need to maintain vigilance in the face of an ever-increasing array of security threats.

For more information on how Safe4 can assist your business to manage confidential information more securely and efficiently, please get in touch with us.

Information security insights from McKinsey

Anyone who has an interest in the issue of cybersecurity should read the book excerpt ‘Repelling the Cyberattackers’ in McKinsey’s Quarterly, July 2015, by Tucker Bailey, James M. Kaplan, and Chris Rezek – click here to read the article.

However, as good as this advice is, especially as the world rushes at ever increasing speed towards digitising everything, we forget at our peril the need to concentrate on the basics. Having a secure online communication, document delivery and storage capability is a vital requirement and it is the place to start the whole process of planning a cybersecurity strategy.

Next comes getting everyone in the organisation into the habit of executing standard hygiene controls: regularly changing passwords, choosing a password methodology that has absolutely no connection to your personal life and only opening emails and especially attachments from people you know. Failure to adopt these simple rules is asking for trouble.

As ever, the human factor can be the weak spot – it is not just about putting secure IT solutions in place.

Paul Stallard May 15

Paul D Stallard – Hurndall-Stallard Associates – July 2015

Paul Stallard is an independent corporate communications consultant, and advises clients on matters relating to information security and other business-critical issues.

Beware of public Wi-Fi!

Paul Holland has published an interesting post on LinkedIn, highlighting the risks associated with using public Wi-Fi.  To quote Paul’s post:

“An investigation conducted in London has shown the ease with which personal data can be hacked when the target is using public Wi-Fi. Security and privacy software company F-Secure teamed up with penetration testing expert Mandalorian Security Services and the Cyber Security Research Institute to conduct the test – in this case, hacking into the devices of three politicians.

The politicians, deliberately selected from the most powerful chambers in UK politics, were Rt. Hon. David Davis MP, Mary Honeyball MEP and Lord Strasburger. The exercise was carried out with the permission of the politicians who, despite holding important positions within the different parliaments, admitted that they had received no formal training or information about the relative ease with which computers can be breached while using public Wi-Fi – a service they all admitted to using regularly.”

It is important to note that when using Safe4, all interaction with our service is fully encrypted, including the internet link from your device.  Even when using public Wi-Fi, Safe4 communications cannot be intercepted – as opposed to the huge risks that exist when using open email systems.

Is our health and wealth sufficiently protected?

The current spate of publicity about how poorly some charities seem to care for the personal information they keep about the donors who support their respective causes is yet another reminder of just how vulnerable organisations are when it comes to keeping customer information safe. After all if you give information to any business and especially to your doctor, your lawyer or your financial adviser you expect it will be kept safely.

The principles on which the very foundation of all businesses enterprises should be built has not changed since we all lived in the fields and we bartered to get what we needed to survive. Harnessing our resources to satisfy the needs and wants of our customers is the bedrock of all economies as all truly successful companies have proven. Yet of all the sectors in our economy the medical, legal and financial sectors are built upon another key driver. They have to deliver absolute client confidentiality because nothing is more private to us as individuals then our health and our wealth.

The General Medical Council, The Law Society and the Solicitors Regulation Authority produce a lot of sensible guidance on best practice for keeping client information safe, cyber security, and use of cloud computing etc. However, like many things in real life we are all spurred into action when something goes wrong, when the company’s system is hacked into or when there is a proven breach of confidentiality rules about which the injured party often complains most noisily.

So, why do we prevaricate about taking such action? Why are we so inclined to believe ‘it will not happen to us’? Well, it is just human nature I suppose, just like the fact that we all know we are going to die but none of us believe it is going to happen today. Many of us do lots of little things to put off that fateful day like take exercise, eat and drink sensibly so, why don’t we do a similar number of little things in our businesses to protect customer information?

The probability is that so much is not done to ensure client confidentiality because we either do not see where the holes are in our respective enterprises, or we do not know what to do – or if we do know what to do – we see it as simply too big and too complicated to handle. The answer has to be we must start somewhere and starting to do a small number of little things is the only way to get to that place where we are absolutely certain that we could not have done more.

So, come on then get in touch with your local information security expert and ask them to advise where you should begin. It may turn out to be a journey of a thousand steps but you have to start somewhere.

Paul Stallard May 15

Paul D Stallard – Hurndall-Stallard Associates – July 2015

Paul Stallard is an independent corporate communications consultant, and advises clients on matters relating to information security and other business-critical issues.

Another bumper month for Safe4

June 2015 proved to be another successful month for Safe4, with a record number of new users registering for the service, and 100% availability once again.  The uptime record of Safe4 is now amongst the best in the industry, and coupled with very high levels of security this makes Safe4 the ideal choice for any organisation that needs to deliver information securely to parties both internally and outside its own IT domain.

For more information on how Safe4 can help you to achieve total security combined with 100% reliability, please contact us.  We will be very pleased to assist.