CloudMask wants to protect your firm’s data—even in the event of a security breach. As a Clio integrations partner, CloudMask ensures an additional level of encryption to protect confidential information.
Dr. Wael Aggan, Co-founder, and CEO at CloudMask, has more than 30 years of experience in the field of international cybersecurity. He has advised international organizations such as the United Nations, the World Trade Organization, and UNESCO. He’s also consulted for the Canadian government, major Fortune 500 corporations, and large international banking organizations. He has a Ph.D. in Pure Mathematics and MSc degrees in Statistics and Operations Research.
We spoke with Wael to learn more about data security and how law firms, in particular, are at risk.
Clio: How did you come to found CloudMask?
Wael: The explosion of digital technologies in past decades has opened many opportunities for businesses to be more agile by collaborating with different stakeholders. It has also invited a new breed of organized crime and government sponsored attacks. Every day we see new, more sophisticated kinds of data theft, leaving many challenges for businesses and individuals in protecting their information.
We created CloudMask to answer this simple question: “How can we protect our data when our adversaries are much stronger than us?”
We wanted to ensure protection in the following ways:
- We wanted to ensure that malicious actors, unauthorized insiders, and cloud providers who have possession of user data couldn’t see confidential information.
- We wanted to ensure that organizations that collect private and sensitive information—and use cloud providers from around the world—remained compliant with data privacy and sovereignty regulations.
- We wanted software as a service (SaaS) vendors to provide their customers with data protection that would improve their offerings and reduce their risk of a breach.
Why is CloudMask significant? How does it help your users?
Wael: Current security solutions are based on using barriers such as firewalls and passwords to protect application and network data. But our adversaries are capable of breaching these security barriers. Every day, we see significant intrusions into all types of organizations and governments—that spend millions to protect their infrastructure.
We need a new approach. We need to protect the data itself, not just the entry points to where the data resides.
Let me give you a simple example, if you are using Gmail or Google Drive, the only protection that you have is your username and password. If your password is leaked, all your data will be accessible to hackers. If you are using CloudMask, and a hacker accesses your Gmail account with your password, he will not be able to see your data. CloudMask masks your data in the cloud, making it look like gibberish if any unauthorized parties or hackers get into it.
Data security shouldn’t just be about preventing access to data. It should also take into consideration what happens if and when a hacker gains access—which is inevitable. If you’re a target, someone will be able to access your data. What matters is what the hacker sees when they do gain access. CloudMask protects your data, keeping it private even when there is a breach.
What are the potential consequences of a data leak?
Wael: The consequences of a data breach are far reaching and can be detrimental to a company of any size. It can include organization-incurred costs across the board, loss of customers, litigation and fines, and a decline in share value. It is clear that data breaches are a pervasive problem for most organizations in the United States today.
How are law firms in particular at risk of data leaks? What makes them a target? Who might be targeting them?
Wael: Law firms are becoming a top target for cyber criminals. In March 2016, the FBI’s Cyber Division issued an alert informing us that hackers were specifically targeting law firms. Yet, despite negative repercussions in terms of cost and reputation diminishment, many firms do not take the appropriate steps to prevent a data breach, or to prepare for and mitigate the consequences when the inevitable occurs. Because of this fact, hackers find it is much easier to hack into law firms to find sensitive information that might relate to insider trading, mergers and acquisitions, important litigation cases, and many other aspects of their private information.
Also, data security is becoming an ethics requirement among state bars. They’re increasingly focused on it, which I think will drive attention to the issue.
How does CloudMask benefit Clio users?
Wael: Clio’s partnership with CloudMask is taking an already strong commitment to information security to levels unparalleled in the legal practice management software market. The unique value proposition of CloudMask offers Clio’s customers the capacity to implement and automatically carry out data protection policies using an approach to encryption known as “zero trust” computing. Zero trust means that customers and users own and control their own encryption keys; selected sensitive data never leaves a device without being masked; and cloud-computing services, or other third-party middlemen, never encounter that sensitive data in an unencrypted format. The Clio-CloudMask solution enhances Clio’s commitment to Legal Cloud Computing Association (LCCA) Security Standards. CloudMask’s Common Criteria Certification also helps attorneys simplify their approach to technical due diligence.
What are you looking forward to most at this year’s Clio Cloud Conference?
Wael: We want to deliver the message that law firms are a top target for cyber criminals—and that firms must move, now, to protect their clients’ data. At the same time, we will demonstrate that top security protection is low-cost and easy to implement.
CloudMask is a Gold Exhibitor at this year’s Clio Cloud Conference. Want to meet Wael in person? Use coupon code “ClioCloudMask” when registering for Clio Cloud Conference 2016, and you’ll receive a $150 discount for any Standard or All Access Pass.
Share this article: