How safe is the cloud? Using the cloud is a highly complex, technical matter that poses numerous risks and challenges for lawyers.

You might have been amused by recent stories about the hacking of celebrities' private data accounts in the "cloud" and the publishing of nude photographs. But if your law firm uses the cloud to store information or run programs, have you considered that a similar breach of your information might leave you--and your clients--feeling more exposed than an undressed star?

Storing of digital information in the cloud and using programs that run in the cloud --basically huge banks of computers and servers owned by private companies--has been a hyped service in both the legal world and society at large in recent years. The Bar in 2013 approved an ethics opinion to guide lawyers, and its Law Office Management Assistance Service (LOMAS) has published an extensive list of tips on using cloud services.

Two experts contacted by the News echoed Bar cautions that using the cloud is a highly complex, technical matter that poses numerous risks and challenges for lawyers and law firms.

And any breaches might be more than just embarrassment--state and federal laws require reporting of any breach of a law firm's electronic records, if they affect enough clients or involve certain types of personal information.

"I only put stuff on the cloud that I don't mind being publicized across the world," said Sarasota attorney Steven Teppler, who co-chairs ABA and Florida Bar committees on e-discovery and teaches about technology and the law at Ave Maria Law School. "This is all part of an attorney's responsibility to supervise his or her agents. Depending on what flavor of cloud you use, there will be differing levels of risk. Most attorneys using the cloud ... are exposing themselves to anywhere from uncomfortable to unacceptable levels of risk."

If it seems unlikely to you that firms might be the target of hackers, consider what Eric Hibbard, who heads security for Hitachi Data Systems, serves on an ABA committee on digital security, and co-chairs the Cloud Security Alliances' International Standards Council, has to say.

"There have been instances where hackers have targeted law firms once they figured out the firms were involved in the company they were going after," he said, adding the hackers calculated the law firms would have less security on sensitive information than the target company. "There are some fairly sophisticated attackers out there who are involved in industrial espionage, Some are involved in organized crime. These are not your run-of-the-mill...