A law firm’s duty of confidentiality does not stop at the office door, and it does not stop at the edge of your network. When client files live in the cloud, the obligation to protect them follows the data wherever it goes, including onto infrastructure you do not own, in datacenters you have never seen, operated by people you have never met.
ABA Model Rule 1.6(c) requires lawyers to make reasonable efforts to prevent unauthorized disclosure of client information. Formal Opinion 477R extended that duty explicitly to electronic communications and stored data. Formal Opinion 483 added breach-response obligations. None of these rules tell you which cloud to use. All of them make you responsible for the consequences of choosing badly.
This is a checklist for evaluating where your firm’s client data lives, written for the managing partner or IT director who has to make a defensible decision and document the reasoning behind it.
Why “the cloud” is not a single answer
The reflex answer is a mainstream SaaS suite: store everything in the big productivity cloud and assume the vendor has it handled. For many firms that is genuinely fine for ordinary documents. But “reasonable efforts” is contextual, and confidentiality is heightened for certain matters: sealed cases, matters under protective order, clients in regulated industries, opposing parties who are sophisticated and motivated, and anything touching national security or export-controlled information.
For those matters, three questions that the default SaaS answer glosses over become the whole decision: where does the data physically live, who can access it, and can you prove both.
The checklist
1. Data residency: do you know where the files physically are?
Many large cloud platforms move data between regions for performance, redundancy, and cost. For a firm with a confidentiality obligation, “somewhere in the provider’s global network” is not a satisfying answer to a client who asks where their files are.
Ask: Can the provider state, specifically, the datacenters where your data is stored and processed? Can they commit that it stays within the United States? Can they put it in writing?
A provider with US-only datacenters and a contractual residency commitment lets you answer a client’s question with a sentence instead of a shrug.
2. Personnel: who can touch the data, and under what jurisdiction?
Data residency is only half the picture. If your data sits in a US datacenter but can be administered by support staff anywhere in the world, the jurisdictional clarity you were trying to buy is gone.
Ask: Are the people who operate the infrastructure US persons? Is administrative access restricted, logged, and auditable? Can the provider produce a record of who accessed what?
3. Access control: is it built on the firm’s identity, or the vendor’s?
Confidentiality inside the firm matters as much as confidentiality from outsiders. The associate staffed on a matter should reach that matter’s files; the associate who is walled off for a conflict should not, and you should be able to prove the wall held.
Ask: Does the platform support single sign-on from your firm’s identity provider, multi-factor authentication, and role-based access scoped to the matter or workspace level? Can you produce an access log showing who reached which files and when?
This is also the technical backstop for ethical walls. A platform with workspace-scoped access and a complete audit trail turns “we told them not to look” into “the system did not let them, and here is the record.”
4. Audit trail: can you reconstruct who did what?
Opinion 483’s breach-response duty assumes you can determine what happened. You cannot meet a breach-notification obligation if you cannot tell which files were accessed.
Ask: Does the platform log every access and administrative action? How long is the log retained? Can you export it? Is the log itself protected from tampering?
A complete, retained, exportable, tamper-resistant audit trail is the difference between a defensible breach response and a guess.
5. Encryption: in transit, at rest, and who holds the keys?
Encryption is table stakes, but the detail that matters is key custody. If the provider holds the only keys, your data’s confidentiality ultimately depends on the provider’s own access controls and on lawful-access demands made to the provider rather than to you.
Ask: Is data encrypted in transit and at rest? What encryption standard? Can the firm hold or control its own keys? Is the cryptography validated, not just claimed?
6. Legal hold and retention: can the platform support a litigation hold and WORM retention?
Firms both impose holds and respond to them. The storage layer should support it natively.
Ask: Can the platform place content under a legal hold that prevents deletion or alteration? Does object storage support write-once-read-many (WORM) retention for records that must be immutable? Can retention policies be set per matter?
7. Portability and exit: can you take the data and leave?
A firm’s relationship with a cloud provider should not become its own form of confidential-data hostage situation. If changing providers means a painful, expensive, lossy extraction, that cost will eventually pressure a confidentiality decision in the wrong direction.
Ask: Are the storage and access APIs open and standard? Can you export everything without penalty or egress fees? If you leave, do you leave clean?
8. The breach plan: does the provider cooperate, and is it contractual?
When something goes wrong, Opinion 483 puts obligations on you. Meeting them depends partly on the provider.
Ask: Will the provider notify you of an infrastructure-layer incident, and on what timeline? Will they preserve evidence and cooperate with an investigation? Is that cooperation a contractual term or a hope?
How Open Edge maps to the checklist
We are a managed cloud built on open standards, and our Managed OpenCloud product is a file-sharing and collaboration platform designed for exactly this kind of confidentiality-sensitive use. Against the checklist:
- Data residency: US-only datacenters, with a residency commitment you can put in front of a client or a court.
- Personnel: US-person operators, with administrative access restricted, logged, and auditable.
- Access control: single sign-on from your firm’s identity provider, MFA including hardware keys, and role-based access scoped to the workspace level, which is the technical backstop for ethical walls.
- Audit trail: a complete, retained, exportable, tamper-resistant log of access and administrative activity.
- Encryption: in transit and at rest, against a FIPS 140-3 validated cryptographic module, with customer-managed key options.
- Legal hold and WORM: object storage with object-lock for write-once-read-many retention, and retention policies you control.
- Portability: open standard APIs, no egress fees, clean exit. We say this knowing it lets you leave, because a firm should never be locked in by the thing it trusted with its most sensitive files.
- Breach cooperation: an incident process that surfaces infrastructure-layer events to you, with evidence preservation and cooperation as part of how we operate.
Managed OpenCloud also gives the firm the practical collaboration features that make this usable day to day: web-based document editing, cross-platform sync, persistent team and matter spaces, full-text search, and a zero-trust architecture in which the platform administrators cannot read user content.
One honest note on language: we follow SOC 2 and ISO 27001 control frameworks and our architecture supports the confidentiality obligations described here. We do not claim certifications we do not hold, and for a firm documenting “reasonable efforts,” a provider that is precise about what it is and is not should be a feature, not a red flag.
The defensible decision
“Reasonable efforts” is ultimately a documentation exercise. If a confidentiality question is ever raised, you want a file that shows you asked where the data lives, who can touch it, how access is controlled and logged, how it is encrypted, and how you would respond to a breach, and that you chose a provider whose answers were specific and in writing.
This checklist is that file’s outline. Whether or not you choose us, run your current and prospective providers through it. The matters that need it most are exactly the ones where a vague answer will not hold up later.
Want to walk the checklist against Managed OpenCloud for your firm, including the ethical-wall and legal-hold specifics? Reach out at https://open-edge.io/contact.