While using cloud technology for data storage becomes the norm, many law firms continue to hold out on adoption or simply want to “test the water.”
This cautious approach in the current legal landscape keeps some firms from fully realizing the ever-increasing benefits. The major roadblock for cloud technology continues to be nontechnical decision-makers still under the assumption that cloud data storage is inherently less secure or that in-house IT departments lack the skill to properly secure the service.
In a rapidly evolving data privacy landscape, high-profile cases—including the Facebook/Cambridge Analytica scandal—keep security concerns naturally high on the list of barriers inhibiting law firms from embracing cloud technology. However, this concern appears greater in large organizations compared to smaller firms.
Larger organizations have more clients, stakeholders, and competitors in the market. Each of these factors increases concerns about their reputation in the legal industry. Consequently, any security issues could lead them to high risks, and security concerns based on the perception of cloud technology continue to create a negative influence in the legal community.
Similar to security, the issue of privacy likely has a significant negative impact on the adoption of cloud computing.
However, an informed decision on cloud data storage can help eliminate these fears. In fact, the following are five considerations to make in assuring that a firm makes the right decision and will adopt technology with better security than what a typical law firm can provide in-house.
Always on, always available
Data outages can cripple operations for many businesses, and law firms can be included in that group.
In today’s connected world, access to data on demand is paramount, and cloud storage can provide an “always-on” service guarantee. The services operate on high-performance network architecture with bandwidth shared across multiple links, which does not depend on a single backbone. This ensures full connectivity redundancy.
But beyond the network, data must always be housed in multiple locations so that in the event of a data center failure, a secondary site picks up the service with zero loss of availability. Note that backup sites should be in the same jurisdiction as the primary site to ensure data does not transfer across borders inappropriately.
As data security regulations tighten, law firms need to know where data is stored at all times—even in the event of a disaster—to avoid any possibility of unnecessary legal exposure.
One size doesn’t fit all
Security should fit the needs of the law firm. While the baseline for any cloud storage must be industry-leading security, risk-averse organizations should look to leverage additional features if required.
With different budgets and specifications, the needs of an SME will be considerably different from those of an international law firm. Look to make security as basic as choosing storage capacity.
Whether you want the option to hand over management of encryption keys to a provider, require a FIPS 140-2 Level 3 HSM, integrate with a two-factor authenticated SSO or even deploy a hybrid cloud where the data resides on on-site servers, it is important to understand specific needs.
The legal sector goes to great lengths to protect client data, but this requires consistent monitoring and quick response when an unexpected problem arises.
Security goes beyond a list of certifications. Supply chain managers can identify whether cloud storage security exceeds that provided by in-house IT through careful analysis and consideration of the following questions.
- What authentication methods are in place?
- Has all support for insecure protocols been removed?
- How can the cloud storage integrate with in-house access management solution?
- How are the encryption keys managed?
The Cloud should save you money—but only if done right.
Law firms can cut costs by letting a dedicated team of security experts manage data.
Cloud providers have dedicated security-monitoring technology and highly experienced personnel that far exceed the capabilities of most in-house IT departments. They also manage dozens of compliance initiatives globally, so the use of cloud storage can be considered a part of a law firm’s compliance program.
But security is layered, starting with tight perimeters, and this can prove very costly if undertaken in-house. External data centers can include sophisticated alarms, entry systems, security guards that patrol the area, high fences, barbed wire, concrete barriers, security cameras, fire detection and compression, leak detection, redundant power supply, and redundant cooling. Even the most risk-averse organization can’t offer this protection, which can resemble those offered by security agencies and military installations.
Take the pain out of (mis)configuration with SaaS
According to Gartner research published this year, at least 95% of cloud security failures in the next four years will be the customer’s fault. Properly configured cloud storage is the most secure solution for storing and sharing files.
However, as many Amazon Web Services S3 customers learned at their own cost, it’s of little use if the customer can’t configure the solution properly. Always remember that software should be a service to the law firm, not a tool that requires constant in-house supervision and maintenance.
Cloud data security can help safely store a law firm’s most valuable nonhuman asset and enable improved agility and effectiveness. A law firm can reduce the in-house resources needed for frequent auditing to ensure systems remain up to date and in compliance with the ever-evolving regulatory landscape.
But cloud storage also provides the ability for a firm to control who can do what with the data. The proliferation of granular access regulates who can view, change, download and edit files as well as track exactly who has done what while processing the data. These can be laborious tasks for in-house IT to try and manage
Law firms should no longer harbor fears of security associated with cloud data storage. The shift for the industry has already begun, and law firms have the ability to properly evaluate the potential benefits for efficient legal service delivery with the embrace of technology.