Cloud computing for lawyers not dummies! Part Four - Security and Privacy

In our last blog, we explored cloud economics. In this piece, we will discuss the important topics of security and privacy in relation to the cloud and more specially Microsoft Windows Azure (the cloud platform that underpins our matter management application).

We value the privacy and security of your data and they remain amongst our top concerns. Much has been written about these topics in recent times and in this instance we'll focus our attention on the benefits of Microsoft's Trust Centre http://www.windowsazure.com/en-us/support/trust-center/

Security

Windows Azure runs in data centers managed and operated by Microsoft Global Foundation Services (GFS). These geographically dispersed data centers comply with key industry standards, such as ISO/IEC 27001:2005, for security and reliability. They are managed, monitored, and administered by Microsoft operations staff that have years of experience in delivering the world’s largest online services with 24 x 7 continuity.

Privacy

The Windows Azure Privacy Statement describes the specific privacy policy and practices that govern customers’ use of Windows Azure.

The Windows Azure privacy statement states that Microsoft will not disclose customer data, administrator data, payment data or support data outside of Microsoft or its controlled subsidiaries and affiliates except as directed by a customer or described in the privacy statement. The key aspect of the privacy statement regarding customer data is set out as follows:

Microsoft will not disclose Customer Data to a third party (including law enforcement, other government entity, or civil litigant; excluding our subcontractors) except as you direct or unless required by law. Should a third party contact us with a demand for Customer Data, we will attempt to redirect the third party to request it directly from you. As part of that, we may provide your basic contact information to the third party. If compelled to disclose Customer Data to a third party, we will use commercially reasonable efforts to notify you in advance of a disclosure unless legally prohibited.

Microsoft complies with the E.U. Data Protection Directive (95/46/EC) which sets a baseline for handling personal data in the European Union.  The E.U. has stricter privacy rules than the U.S. and most other countries. 

Microsoft operates Windows Azure data centres around the world. Customers may specify the geographic regions where their data will be stored. Available regions are shown below.

 

Ad Coelum Technology will store data in the customer's home region. For customers in the UK, this will be Ireland, however Microsoft will also replicate data across sub-regions (Netherlands) for enhanced data durability in case of a major data centre outage.

We're working with a first class, secure cloud platform to bring peace of mind to law firms and their clients.