While the cloud offers you many everyday benefits as an immigration professional, it can also pose a security risk if you aren't careful. In the right setting and with a strong provider, cloud-based case management software is one of the safest places for you to store your immigration clients' information. In the wrong setting, it sets you up for lost work time and potentially leaked information, which in a legal setting, could be a violation of attorney-client privilege.
Knowing the use of the cloud is a balancing act, you're probably wondering how to tip the scale in your favor and ensure it's beneficial to you and clients.
"Using the cloud is a balancing act."
The best way to do this is to start off on the right foot from the beginning, by asking potential cloud providers certain essential questions.
Where are your servers?
The location of servers matters because the laws of the country or state in which they reside control how the data stored within them is treated. Other nations have different privacy and information security regulations than the U.S., which could inadvertently open up your immigration clients' information to third parties. It's critically important your clients' information is stored in data centers in America, so you can ensure the cloud provider follows U.S. laws and that you don't make your client a target for cyberattacks.
Additionally, you might not think of it this way, but when you store and retrieve information from the cloud it travels, potentially crossing state or international borders. International regulations can affect what type of information can cross these borders, and you could unknowingly cause your clients' data to be unnecessarily regulated.
How will my and my clients' data be protected?
It's essential the information you store on a cloud provider's servers is both physically and electronically secure. A strong cloud provider will limit who can physically access its centers and will have disaster recovery strategies in place, including fire retardant technology and data redundancy in geographically separate locations.
While it's standard for data to be encrypted while being stored and on the move, you should ask for specifics regarding the provider's encryption protocol to ensure it meets your needs.
How much uptime is guaranteed?
Many cloud users don't put much thought into up and downtime, assuming their information is always available. However, no cloud provider guarantees 100 percent uptime, but the amount they do guarantee is important. Providers who guarantee only 99 percent uptime in their service level agreements are allowing for nearly 15 minutes of downtime per day. This doesn't seem like much but equates to more than 87 hours each year. That's 87 hours you might not be able to access your clients' information. Providers who guarantee 99.99 percent are much better, allowing for only 52 minutes of downtime each year.
Do you provide training and on-going support?
You generally begin working with a cloud provider because you're purchasing software. It's best to have a relationship with a company that will not only provide initial training for the new platform, but also continue to provide IT support and further training throughout your relationship. Without these services, it will be your responsibility to find IT support through a third party or have it in-house.
How long have you been in business?
While history isn't always an indicator of future performance, it's best to work with a cloud provider that's proven their worth. Ask about the vendor's history, including how long they've been around and particularly, often they've worked with clients in the immigration industry, to see if the business fully understands your particular needs.
While there is other important information you need to know before forming a contract with a cloud provider, the above questions are the foundation of a strong due diligence process. By using these inquiries, you can learn a lot about a businesses, which can help you decide to move forward with them or look for something better.