When it comes to storing valuable, confidential, or patent-related data online, caution is essential. In the accompanying Innovation Cafe video, Gary Shuster recounts an eye-opening encounter with a patent-focused company that strictly controlled what could be accessed through its Wi-Fi—particularly search engines. Below, we unpack why storing sensitive data in the cloud can pose risks and how you can safeguard your intellectual property (IP) assets in the United States and beyond.
1. The Risks of Cloud Storage
A. Potential Third-Party Access
- Subpoenas and Legal Actions
Service providers can be subpoenaed for stored data (there are some restrictions in the US and elsewhere, but do you really want to count on your ISP figuring that out and asserting it?). If your proprietary information is use in search queries or documents, and they end up in your provider’s servers, they might be compelled to hand over that information in a legal dispute. - Employee Misuse
Even if a cloud provider has robust security policies, unauthorized internal access remains a possibility.
B. Data Leaks and Cyber Threats
- External Hacking
High-value targets—like inventions not yet filed or trade secrets—attract hackers hoping to profit from leaked information. - Accidental Sharing
Misconfigured permissions or simple user errors can expose critical files to unintended parties.
2. When (and When Not) to Use the Cloud
- Sensitive IP Materials
Draft patent applications, invention disclosures, or critical R&D data may be best kept off public cloud servers unless you use strong encryption and carefully manage access. - Non-Sensitive Collaboration
For routine teamwork or less confidential projects, cloud platforms can speed up workflow and simplify version control—just be mindful of sharing settings. - What I’ve Long Told Clients
Some of my legal clients are familiar with this advice: “Don’t store information insecurely unless you are comfortable (a) being asked to read it in front of a judge and jury; (b) having your friends and family read it; and (c) seeing it in the New York Times.” Now the New York Times reference is a bit dated, but you get the picture: Imagine what it would be like if the information was the top result when you are searched for online.
3. Best Practices for Cloud Security
- Encryption First
- Stored Encryption
Even if stored files are compromised, encryption can prevent unauthorized users from reading the content. That said, you should assume that governments and big tech companies have access to quantum computers, encryption algorithm flaws, back doors, and other ways to access your data. - End-to-End Encryption
Look for services where data is encrypted before leaving your device and remains encrypted during transit and storage. This too is not a lock. If you haven’t heard of a man-in-the-middle attack, read up on it.
- Stored Encryption
- Zero-Knowledge Providers
- Limited Access
Some cloud services employ a “zero-knowledge” model, meaning they cannot see your files or decryption keys—reducing the risk of subpoenas affecting your data.
- Limited Access
- Local or Private Cloud Solutions
- In-House Servers
Companies with the resources may store sensitive data on their own encrypted servers, providing tighter control over access. - Hybrid Approach
Keep highly sensitive information off public platforms, while routine documents or collaboration tools can remain in the cloud.
- In-House Servers
- Strict Access Controls
- Least Privilege Principle
Only grant the minimum level of access needed. - Regular Audits
Conduct periodic reviews of who can view, edit, or download files.
- Least Privilege Principle
- Secure Your Devices and Networks
- VPNs and Firewalls
Guard your own Wi-Fi networks with robust security protocols. - Two-Factor Authentication (2FA)
Whenever possible, enable 2FA for cloud logins and related services. If you are offered the option to “remember this computer”, don’t take it unless you are entirely sure that nobody can access data sufficient to impersonate your computer. I’m not certain how you could ever be entirely sure of that, please leave a comment below if you’ve figured it out.
- VPNs and Firewalls
- Opt for higher security when your ISP offers it
- For example, you can use Google’s Advanced Protection program.
4. Legal Considerations
- U.S. Patent Law
While patent applications themselves remain confidential until published by the USPTO (usually 18 months after filing), it only means that the USPTO will not release them (subject to the risk of bad actors hacking into the USPTO). If you store a copy in the cloud, all of the security in the world at the USPTO won’t help you. - NDA and Confidentiality Agreements
If you must share sensitive data online, ensure proper non-disclosure agreements (NDAs) are in place. Written agreements can deter accidental or intentional leaks. They also have the side benefit of keeping the one year “on sale bar” clock from starting on your patent application (usually).
5. Key Takeaways
- Proactively Secure Data: Don’t rely on cloud providers alone—encrypt, audit, and carefully manage who can access your info.
- Assess Your Risk Profile: If your data is highly valuable or patent-critical, consider local or zero-knowledge solutions.
- Stay Vigilant: Technology evolves rapidly. Regularly update your security measures and train team members to recognize potential threats.
Want More Details?
Watch the accompanying Innovation Cafe video to hear Gary Shuster’s personal anecdote about why even a simple internet search on public Wi-Fi can raise red flags—and how you can shield your proprietary information from prying eyes.