Welcome!

Cloud Security Authors: Zakia Bouachraoui, Yeshim Deniz, Terry Ray, Liz McMillan, Pat Romanski

Related Topics: @CloudExpo, Agile Computing, Cloud Security

@CloudExpo: Article

Is the Cloud Ready for Legal? | @CloudExpo #Cloud

If done wisely, moving to the cloud can actually be very easy for law firms

Cloud applications are well established for many activities such as CRM, HR, and billing. With the cloud paradigm proven for so many enterprise tasks, the question of cloud vs. on-premises seems like yesterday's - or even last year's - debate. But is the cloud ready to handle the unique requirements of legal work? The answer is yes, with a caveat. The cloud is ready for legal, but a legal firm must ensure its cloud vendor, cloud applications and internal processes for dealing with the vendor and applications are all in line with legal industry best practices.

According to research conducted by Hyperion Global Partners, the cloud is the third-ranked functional capability valued by legal firms. This is not surprising given the need to manage huge amounts of content across the enterprise, the desire to share this information with vendors and partners beyond the firewall, and the fact that user-created workarounds for managing and sharing content rapidly introduce points of risk into legal firms. Still, firms contemplating a move to the cloud must fully understand where and how the cloud can fit into the scope of all their legal processes. The nature of legal work is changing. Document management has evolved through matter-centric collaboration to become what is now called work product management. Today's mobile, tech-savvy new professionals expect access to their work product from anywhere, on a variety of devices. New forms of communication including text, social media, photographs of whiteboard notes, and documents scanned with mobile devices are now considered standard business practice.

These capabilities clearly require a cloud solution, but when it comes to the legal industry, the cloud presents a number of challenges. The first is a generally misplaced concern about security. With the regular success of data breaches that use phishing attacks to trick employees into compromising their networks, it's no wonder that the legal industry may be hesitant to adopt a technology that some may mistakenly see as further opening the door to cyberattacks. Within the legal industry, Hyperion notes that "privacy concerns and fears of compliance risk continue to keep the migration of sensitive or potentially sensitive information toward external servers limited." An American Bar Association (ABA) study recently reported that 15 percent of respondents acknowledged that as of 2015 their firms had experienced a security breach - a slight increase over previous years - while 23 percent admitted they did not even know if their firms had experience such a breach.

This general security concern is certainly taking a toll. Notably, 12 percent of respondents to the ABA survey reported having a client request a security audit or verification of the firm's security practices. An amazing seven sessions at last year's LegalTech New York on cyber security reflect a prevailing fear of attacks. As a result a "herd mentality" may be preventing cloud adoption in the legal industry - despite the disconnect between the common targets and methods of successful breaches and increasingly secure cloud services. Writes Michael Kemps in Legaltech News, "Firms seek assurances that other (often competitive) law firms, colleagues and industries have vetted and validated the options.... Law firms - for the most part - want to follow, not lead and let others make the missteps before they invest in something new." This is especially true of small and mid-sized firms that typically follow the lead of larger firms.

In addition to this general industry resistance, a cloud solution for work product management must address important legal requirements around stewardship and security over client information, stability of service to handle mission-critical activities, very large file sizes, and integration with other systems and applications. A cloud solution must also satisfy the needs of new legal professionals, who want more control over their hosting environment, including secure access to critical information anytime and anywhere, with seamless transitions between cloud and on-premises systems.

Innovative technology solutions are emerging that address these concerns. A key tactic that is gaining popularity in the legal industry is a hybrid approach to the cloud. A hybrid cloud architecture offers full functionality both online and offline, giving professionals the ability to seamlessly work from any location, even when Internet connectivity is nonexistent. Leading firms that have adopted hybrid cloud strategies report significant improvement in attorney productivity and governance with lower hardware and software costs.

In addition, the tide may actually be turning when it comes to legal firms using the cloud. Small and midsized firms, under constant competitive pressure, have started deploying cloud infrastructures and software as a service (SaaS) solutions.

For example, mid-sized Pryor Cashman LLP found that only about 40 percent of its attorneys ever used an on-premises content management system because it lacked the features and user experience they required. When the firm moved to a cloud-based system, however, it found that the implementation cost was over 50 percent lower than the cost of deploying an on-premises system and that the system could be delivered in less than six weeks. Most important, by providing the features and user experience their attorneys required, the firm significantly increased the number of lawyers actually using it for collaboration and document retention.

Similarly, Denver-based Hall & Evans began its cloud journey with a Microsoft Office 365 initiative, and this led to broader adoption of cloud services, including a 100 percent cloud-based content management system that offered extensive functionality. The firm has since reported reduced hardware and software costs, increases in productivity and user adoption, better email filing, and enhanced sharing among attorneys and practice groups.

As such successful use cases become well known, the adoption of cloud-based content management systems by law firms of all sizes is likely to accelerate.

Foundational Elements of Cloud Solutions for Legal
In this context, for law firms' IT departments, the discussion in 2016 shouldn't be whether or not to use the cloud, but how to best use it based on the firm's specific situation and needs, and what kind of cloud architecture, features, and deployment options make the most sense. As firms assess new technology, four foundational elements should be considered. A cloud strategy for legal should be based on security, functionality, performance, and availability.

Security
Law firms and their clients want to be certain that cloud vendors maintain the latest security standards for confidentiality and privacy. As such, data centers should be certified to the latest information security standards including ISO 27001 and SSAE16 SOC Type 2. Customer data should be encrypted in transit and also encrypted at rest in data centers. There should be no co-mingling of customer data. This can be ensured using virtual machines and segregated virtual private cloud systems.

Functionality
A hybrid approach offers full functionality and scalable, reliable performance both online and offline. This gives professionals the ability to seamlessly work from any location. Users should have a choice of a tightly integrated desktop or mobile client that can function with or without Internet connectivity. Server and client applications should integrate with key technologies that provide users with email and content production applications such as Microsoft Office 365.

Performance
Legal professionals need un-throttled connectivity for uploads and downloads of large document files that may exceed 2GB each. Data centers should have the processing power to handle billions of documents. For optimum performance, modern data centers utilize solid-state drives for rapid search, responding quickly to user actions, and caching file input/output. Wide bandwidth firewalls and VPNs can help provide the level of performance new professionals demand. To minimize latency, data centers can be located near the largest user communities.

Availability
To ensure high availability, hardware may be architected with a highly redundant design. An optimum disaster recovery site uses identical hardware with the same CPU and solid state drives as primary sites. Modern solutions also use virtual machine replication to the secondary data center for rapid disaster recovery. Disaster recovery plans should be tested regularly. If vendors deploy a virtual private cloud for each customer, failure of a component for one customer won't impact other customers.

The Future Is Within Reach
If technology vendors are attentive to today's users, they can engineer cloud solutions that are ready to handle the unique requirements of the legal industry and the demands of new professionals. Law firms and legal departments contemplating a move to the cloud should consider these questions as they evaluate technology:

  • Does it work anywhere?
  • Does it work the way professionals do?
  • Does it provide control over content location, maintenance, and upgrades?
  • Is it secure and resilient?
  • Does it map to the regulatory environment?
  • Does it have a proven track record in satisfying attorneys and staff?

If done wisely, moving to the cloud can actually be very easy for law firms - with minimal changes but with a significant impact.

More Stories By Alan Turner

Alan Turner is director of product management at iManage, a global leader in professional work product management. He has over 28 years of experience in product development and product strategy for complex software products and Software as a Service (SaaS).

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


IoT & Smart Cities Stories
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-c...
Machine learning has taken residence at our cities' cores and now we can finally have "smart cities." Cities are a collection of buildings made to provide the structure and safety necessary for people to function, create and survive. Buildings are a pool of ever-changing performance data from large automated systems such as heating and cooling to the people that live and work within them. Through machine learning, buildings can optimize performance, reduce costs, and improve occupant comfort by ...
The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask for permission to conduct invasive surveillance of their customers. Organizations that are not transparent about how their systems gather data telemetry without offering shared data ownership risk product rejection, regu...
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
Poor data quality and analytics drive down business value. In fact, Gartner estimated that the average financial impact of poor data quality on organizations is $9.7 million per year. But bad data is much more than a cost center. By eroding trust in information, analytics and the business decisions based on these, it is a serious impediment to digital transformation.
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
Predicting the future has never been more challenging - not because of the lack of data but because of the flood of ungoverned and risk laden information. Microsoft states that 2.5 exabytes of data are created every day. Expectations and reliance on data are being pushed to the limits, as demands around hybrid options continue to grow.
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities - ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups.
As IoT continues to increase momentum, so does the associated risk. Secure Device Lifecycle Management (DLM) is ranked as one of the most important technology areas of IoT. Driving this trend is the realization that secure support for IoT devices provides companies the ability to deliver high-quality, reliable, secure offerings faster, create new revenue streams, and reduce support costs, all while building a competitive advantage in their markets. In this session, we will use customer use cases...