Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

What Do Law Firms Need to Know About Cloud Cybersecurity?

By Alvin Tedjamulia
July 01, 2016

Here's the premise: The cloud is a fundamental technology solution option that truly solves all kinds of law firm business and legal IT challenges including innovation, security, governance, global availability, etc. Modern law firms want the efficiency, the security and the global access of the cloud, while satisfying the security demands of their clients.

Recent high-profile data breaches of internal IT systems at major international firms are causing clients to increase the scrutiny of their outside counsels' cybersecurity efforts. Now, more than ever, it's essential to ensure law firms are doing everything they can to safeguard their clients' data against ever-evolving threats. At times, this seems like it might require a PHD in security and data governance ' a role even a law firm chief information security officer is not singularly equipped to take on.

Rather than trying to address today's increasingly demanding security requirements all on their own using traditional systems and means, law firms and corporate legal departments are increasingly looking to trusted cloud-based solutions that have been purpose-built to safeguard client data. A 2015 Cloud Security Alliance (CSA) survey of 200 IT and security professionals revealed that “64.9% of IT trusts the cloud as much or more than on-premises.” The recent 2015 ILTA Technology Survey'further underscores this trend, stating that only 4% of law firm respondents cited “cloud apps/data security” as a major security challenge compared to the broader concern of “balancing security with usability.”

In 2016, modern cloud solutions provide world-class levels of security and data privacy, including encryption at rest with the strongest levels of cryptography, Hardware Security Modules (HSMs) for the protection of cypher keys, unique encryption keys per document, customer custody over encryption keys, best-in-class perimeter defense, and denial of service prevention, just to name a few.

Law firms large and small can leverage cloud-based security to protect themselves from future data breaches and safeguard their client data. Here's a “short list” of essential cloud security realities and benefits every firm should take to heart:

Encryption at Rest ' Accounting for the Essentials

Knowing where firm documents and especially firm client documents reside, and who can access them, are seemingly a basic security necessity. When the data stored in a DMS is not encrypted, law firms are effectively commingling sensitive data from all their different clients in one big unencrypted library, and also exposing sensitive data in “clear text” to potential external and internal hackers, including system administrators. Surprisingly, many law firms today still have not implemented basic encryption at rest with their traditional DMS due to cost, complexity, and lack of native support for encryption at rest in traditional systems. Thus, encryption at rest has become a baseline standard to protect against unauthorized access to sensitive information. Modern cloud platforms can automatically encrypt all data at rest, with the encryption keys securely managed, processed, and stored inside hardened, tamper-resistant Hardware Security Modules (HSMs).

Unique File Encryption ' The Next Frontier

While ensuring that client data in the DMS is encrypted at rest is extremely important, equally important is how that data is encrypted. If a single cryptographic key is used for all data stored in a DMS, a hack of that single key could expose the sensitive data for all of a firm's clients. Cloud platforms can provide a separate and unique encryption key for each document. Under this model, in the unlikely event of an encryption key being compromised, only a single document would be exposed, as opposed to all of a firm's client data. The latest cloud solutions also enable companies to maintain custody over matter or workspace encryption keys, giving law firms the ability to completely revoke the cloud service provider's access to data at any time.

Leverage 'Built-In' Security and Compliance

It is increasingly not enough to simply host traditional systems in third-party datacenters that have obtained security certifications. In a native cloud environment, the actual software platform itself, as well as the internal operations of the vendor delivering the infrastructure, is able to achieve the highest levels of built-in compliance and security. In this manner, law firms can “inherit” the levels of security and compliance that will give clients peace of mind and help fulfill the most stringent security audit requests.

Hybrid Cloud Solutions: A Viable Security and Compliance Option

While most experts agree that modern cloud platforms provide higher levels of security and compliance than individual law firms can offer, there are still certain client-driven requirements that will require locally stored data for data sovereignty and client information governance reasons. In this case, applications such as a firm's DMS can still be delivered via the cloud, but designated data storage may remain locally within a firm's specified location(s). To ensure a seamless experience for end users, it's essential that the storage location (cloud or on-premises) be configurable on individual clients/matters all within a single repository or library.

Built-In Advanced Security Protections for End Users and Devices

Modern cloud platforms can not only improve the safeguarding of client data from a back-end standpoint, but also from the front-end/end user standpoint through enforcement of: 1) strong passwords through federated identity integration; 2) two-factor authentication at all times and on all devices; 3) restricted access based on devices and IP addresses; 4) validated audit trails and history logs; and 5) access control restrictions for externalizing or e-mailing specific documents. If built into cloud solutions, these end-user and device security controls ensure comprehensive but seamless security.

Conclusion

Law firms of all shapes and sizes are moving to the cloud at an unprecedented rate to improve security and compliance. The pace of innovation in the cloud is many times faster than a hosted or an on-premises implementation. Modern cloud platforms have been purpose-built to safeguard data and, coupled with proper internal training and controls, provide a robust “Security as a Service” solution for client data. This unique value proposition will increasingly be a key driver as law firms look to increase competitiveness and enhance their value to clients.

The inevitability of the cloud is here as on-premises and hosted on-premises systems simply can't keep up with native cloud security innovation. According to IDC, growth for cloud services and related IT spending is eight times greater than the overall IT services market. The cloud question becomes not “if” but “when” and “what goes first.” The dramatic shift and speed of innovation requires IT groups to change the way they operate, moving from a one-time technology purchase/project mentality to a service-based mindset. However, once they do, they will inherit a world class security platform that far exceeds internal capabilities and satisfies the toughest client requirements.


Alvin Tedjamulia is NetDocuments' CIO and an original co-founder. He frequently writes and speaks on topics of DMS security and world-class software-as-a-service and security-as-a-service delivery.

This premium content is locked for Entertainment Law & Finance subscribers only

  • Stay current on the latest information, rulings, regulations, and trends
  • Includes practical, must-have information on copyrights, royalties, AI, and more
  • Tap into expert guidance from top entertainment lawyers and experts

For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473

Read These Next
'Huguenot LLC v. Megalith Capital Group Fund I, L.P.': A Tutorial On Contract Liability for Real Estate Purchasers Image

In June 2024, the First Department decided Huguenot LLC v. Megalith Capital Group Fund I, L.P., which resolved a question of liability for a group of condominium apartment buyers and in so doing, touched on a wide range of issues about how contracts can obligate purchasers of real property.

Strategy vs. Tactics: Two Sides of a Difficult Coin Image

With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.

CoStar Wins Injunction for Breach-of-Contract Damages In CRE Database Access Lawsuit Image

Latham & Watkins helped the largest U.S. commercial real estate research company prevail in a breach-of-contract dispute in District of Columbia federal court.

Fresh Filings Image

Notable recent court filings in entertainment law.

The Power of Your Inner Circle: Turning Friends and Social Contacts Into Business Allies Image

Practical strategies to explore doing business with friends and social contacts in a way that respects relationships and maximizes opportunities.