Lawyers e-Journal

Thursday, Apr. 12, 2012

Law Practice Management Tip

Layering security in the cloud II: client-side encryption tools

Previously in this space, we covered some homegrown methods for further securing documents uploaded to cloud providers. Our focus last time was on Dropbox, which had recently suffered a significant security breach.

However, what is known as 'client-side encryption' is not exclusively a jury-rig/do-it-yourself system, that is only applicable to one service.  While you can use, as we suggested last time, your existing productivity and security tools (like Microsoft Word or Adobe Acrobat and freeware products, like TrueCrypt) to encrypt your files for upload to cloud storage/sharing sites, there are also stand-alone products that will allow you to encrypt documents for upload to cloud providers, on-the-fly.

These services will, just like your homebrew solutions, allow you to reverse the general dynamic of the cloud upload, in which the cloud provider maintains the encryption key. With the use of a service dedicated to the proposition, you'll not only maintain the encryption key (that neither the cloud provider you use, nor the potential hacker will know), but you'll also have access to a more full-featured tool, that can work across devices.

Last time, we made reference to SecretSync, which sounds like it would work with SugarSync, but is promoted as being useful for engagements with Dropbox; and, there is also BoxCryptor, which ostensibly works with Dropbox, and CloudFogger. These tools, though, because they are another set of pre-encryption services, can work with just about any cloud provider. These programs are all free, to start, with rates accruing (or about to be accruing) based on the number of gigabytes in use; in this way, the pricing model exactly reflects that imposed by the services these client-side encryptors seek to further protect you on.

Everybody wants to make sure that their documents are secure on the web; now, you have two simple and distinct methods (d-i-y + third-party tools) to take control of your security in the cloud.

*Thanks to Jim Brashear, general counsel for ZixCorp, for bringing to my attention BoxCryptor, and then CloudFogger.  To hear Jim's thoughts on email encryption, listen here.

Tip courtesy of Jared Correia, Law Office Management Assistance Program.

Published April 12, 2012


To learn more about the Law Practice Management Section, which is complimentary for all MBA members, contact LPM Section Chair Thomas J. Barbar or Vice Chair Stephen Seckler.
©2017 Massachusetts Bar Association