Secure Cloud Storage


4-Step Computer Security Upgrade

Learn to encrypt your files, secure your computer when using public Wi-Fi, enable two-factor authentication, and use good passwords.

Once you move to a paperless office, the next step is making your files accessible from anywhere. The firm I work at uses Dropbox, which works rather well and appears to have a heads up over the competition. A relatively new service, however, called Wuala (Waa-lah), looks like a nice alternative.

Is the cloud secure?

Your files get uploaded from your computer onto the Wuala cloud, which means you can access your files from any other computer. Wuala, however, encrypts all of your files before it uploads them. That means Wuala employees cannot read and cannot access your documents. For attorneys concerned about attorney-client privilege, or confidentiality in general, that is a neat feature.

In addition, the password you use to login to Wuala is never shared with the company. Again, this limits (perhaps eliminates) the possibility of unauthorized users accessing your data.

Other helpful features

Wuala will instantly sync up files you are working on, just like Dropbox. Open something on one computer, then open it again on another one to work on the updated file.

You can also share files by emailing people links to certain files. I believe Dropbox is beta-testing this feature, and I actually have some concerns about it. For example, if you want to share something with a client, sending an email is still less public than creating a hyperlink to the file. Although the chances of anyone finding that hyperlink are remote, that still means whatever you shared is floating on the internet.

Cheap enough to try

You can purchase as little or as much storage as you need. Somewhere between 25 GB and 100 GB should be just plenty, with prices ranging from $49 to $129. At those prices, I would suggest trying Wuala or Dropbox and watch how much time it saves you.


Get Lawyerist in Your Inbox, Daily

Current Articles
Current Lab Discussions
  • Randall: Issues related to cloud security are far more expansive than you have mentioned here. I thought it important to let readers know that simply knowing that a vendor encrypts data is just the tip of the iceberg. Lawyers must do their due diligence in evaluating any vendor that will store law firm & client data. Best practices includes creating a written questionnaire to present to the vendor before deciding to give them control over your data.

    In my blog post Lawyering in the Cloud: Where Do You Start (, I describe some of the issues that must be addressed:

    “In order to avoid these pitfalls, it is necessary to investigate your hosting company to determine what security measures they employ, where their data centers are located and how they are protected. You need to determine their data retention policies and clarify what process will be employed to return data if the company goes out of business. If the hosting company contracts with third-party server companies, you need to know the terms of their agreement to be sure third parties are required to adhere to the guidelines necessary to protect legal data. The same information is necessary as these provides are now creating applications for mobile devices.”

    There are many other places that explain vendor due diligence: Information Law Group (, Stephanie Kimbro’s Virtual Law Practice (, and many others.

  • Steve

    Well, if security is your concern I would take a look at as well. Seems rather new but promising. Especially for exchanging data with clients.

  • Brian

    I use Nomadesk and am very happy with the service. It features cloud back up, file sync, local data encryption, online and mobile access, and the ability to wipe files off your virtual drive if your computer is stolen. Tough to beat all those features for $50/year.

  • @Donna As with other confidentiality issues, there is probably a wide spectrum between what attorneys are required to do and what may eventually become recognized as best practices. For example, when disposing of documents, secure shredding is considered a gold standard but there is no ethics opinion or case decision that I am aware of that has found that a lawyer violates her duty of confidentiality by not shredding.

    I think the same is true of cloud computing. Attorneys who are concerned about the security of their data –either because of the ultra-sensitive nature of the data, because the data is of a type that third parties would risk criminal prosecution to obtain, or because the attorney simply cannot sleep at night without having resolved every possible security issue– should certainly consider the steps you describe. But these suggestions have not been required by any ethics authorities thus far.

    I do agree that attorneys should think or inquire about what will happen to their data if the cloud company goes bankrupt or if the lawyer simply wants to switch providers, and also realize that data that is stored in the cloud like is stored in multiple servers in multiple locations, some of which may not even be in the country.

  • One fact that might be interesting to know for lawyers is this: with Wuala, the account password never leaves the user’s computer. All files are encrypted locally. So not even we (Wuala) can read the contents of the files stored in Wuala. This also implies that we cannot be compelled to reveal the data. Also, if someone breaks into our servers, all they can steal are encrypted files.
    Other online storage services know your password. So if some hacker breaks into their servers, they can possibly decrypt the content of your files. The litmus test is this: if an online storage service is capable of sending you your password or resetting it, they could possibly read all your data.

  • Wuala looks pretty cool, albeit a bit more pricey than Dropbox or SugarSync. I’d definitely be interested in checking it out to see how it stacks up.

  • The most important factor that each business needs to consider, when using Cloud servers services, is do you have a backup service as well? Meaning, if the server that your cloud space is stored on dies/malfunctions, how will your business restore your data? Don’t assume that your cloud provider does backup — few if any currently do offer this service.