DRaaS: How It Takes a Law Firm's DR Beyond Insurance

Keep in mind that insurance should never be viewed as an all-encompassing solution for business continuity. And no single solution will ever fully protect your firm's operations. It's the same as having car insurance: having it does not guarantee that you will drive safely, that you won't have a wreck, that you won't get injured or that you'll fully recover from any sustained injuries. It simply provides funds for the aftermath of any occurrence.

There's nothing inherently wrong with insurance. It's about taking a reactive vs. proactive approach to your firm's continuity strategy. The very definition of insurance implies action after something has happened — which isn't an adequate way of thinking when it comes to the protection of the modern law firm. To enable complete coverage of a law firm's assets and continued operation, a new approach is needed.

In order to accomplish a comprehensive availability strategy, IT teams must balance both preventative and restorative measures in threat mitigation. Every cybersecurity and IT disaster recovery (DR) solution are just pieces of the wider puzzle of a law firm's continuity — but important pieces nonetheless.

Proactivity is key for the restorative aspects, since these solutions must be reliable when called upon. For this reason, law firms should be testing their recovery processes and DR plans to ensure that when, not if, a breach occurs, they can effectively recover and remain available for clients. This approach should emphasize a well-tailored plan, inclusive of a firm's leadership.

Why 'Backups Only' Is Inadequate for Tackling Threats

Disasters aren't just tornadoes, floods and earthquakes anymore. With the ever-growing threat landscape, law firms must now plan for events beyond weather-related scenarios, such as power outages, cybersecurity incidents, human error, terrorism, etc. For this reason, these events must be fully integrated into your firm's response plan.

Traditional forms of DR such as “backups only” have always been reactive, rather than proactive in recovery scenarios — which means they just aren't fast enough to keep pace with the uptime demands of today's legal practice. Think of the time it takes to retrieve hardcopy backups from an offsite vault, identifying which ones are the most recent copies for recovery, then loading them onto your IT systems. It might be cheap, but at the end of the day, it takes too long.

The problem is that DR is often viewed as a form of insurance for something that will likely never happen, and thus does not receive the due diligence and attention it needs. This is a troubling trend to see, especially in the legal industry, where data and client retention are at the cornerstone of a law firm's vitality.

When you have clients depending upon the availability of lawyers for due representation, you can't leave your firm's operations to chance in the event of a disaster. Adding to this pressure are the growing regulations on industries for which law firms are often counseling. Auditors and insurers need to know your firm isn't the weak link. For this reason, law firms not only need robust DR plans — they must also have a way to prove the effectiveness of these plans to stakeholders. This why Disaster Recovery-as-a-Service (DRaaS) has emerged for adoption among law firms.

Why DRaaS Is Used by Law Firms

There are three types of DRaaS: 1) self-service; 2) assisted; and 3) fully managed. The difference between these aren't necessarily between the types of solutions available, but in the level of service the third-party provider gives the law firm during implementation, daily management and recovery execution.

No matter the service model, DRaaS keeps data and systems recoverable within a cloud-based environment for ongoing operations. It has shifted the realm of DR to a new perspective: it functions as a form of enablement.

Modern improvements in technology now mean that DRaaS tools can be used for so much more than just DR. Through the use of customizable solutions, DRaaS balances the preventative and restorative measures needed for a holistic approach.

Here's what DRaaS can do for law firms:

1. Full integration with your cybersecurity strategy through detailed processes that enable quick uptime after a breach has occurred.
2. Tools to help in migrating upgrades, infrastructure changes, or transition to the cloud.
3. A test bed for production testing, to avoid disruption to day-to-day firm operations.
4. Documentation of your IT systems and testing results for proof to constituents and auditors.
5. In a managed DRaaS service model, a team of experts to manage end-to-end maintenance and recovery on your firm's behalf (ideal for overburdened IT teams).

Modern legal practice demands full protection against threats, and DRaaS makes achieving this goal a reality. There's no longer a need to fret about cyber threats, human error, power outages and regional events, since DRaaS providers can empower firms with the latest technology innovations — and with pay-for-what-you-use and short-term contract options.

This means that firms can shed their on-premises hardware and opt for solutions that won't box them in for the future. Because DRaaS offers a range of options to meet technology requirements, IT departments can gain full coverage for any outdated applications with hybrid solutions, enable greater use of SaaS for efficiency, and leverage the secure, yet flexible nature of the cloud for increased accessibility in the client-lawyer relationship.

When it comes to the livelihood of your law firm, you need to have a solution you can depend on. DRaaS is a way to achieve this confidence, with flexible and comprehensive options to meet the unique characteristics and goals of your firm. Want greater security features for your current setup? No problem. Want systems recoverable within minutes-to-seconds? You got it. The trickiest part is selecting the provider, with a crowded marketplace of over 500 companies claiming they do DRaaS on one level or another.

Here are some questions to ask yourself in finding the right DRaaS provider for your law firm:

• Does the provider offer solutions that can meet your needs today and in the future too?
• How will the provider ensure older applications are covered? Do they offer customized hybrid solutions?
• Will the provider assist in testing your solutions and to what degree?
• Will you be able to see that your solutions are working and secure?
• Does the provider align with your firm's culture?
• Is the provider willing to put promises in writing to ensure your firm is protected?

Basically, all of these questions get at a key takeaway: Ask hard questions and be critical of the answers. Your law firm is responsible for protecting sensitive information, so don't place your IT systems in the hands of someone who isn't invested in your success. The “insurance frame of mind” is no longer acceptable in meeting modern continuity demands, so be sure to find a provider who has unrivaled expertise and — most importantly — is proactive to the needs of your firm.

*****
Jeff Ton is executive vice president of product and service development for Bluelock where he is responsible for driving the company's product strategy and service vision and strategy.

With expectations for an always-on law firm, significant challenges within the legal industry to maintain competitiveness and perform due practice for cybersecurity and other disaster scenarios come from both clients and regulatory bodies. A comprehensive approach with an end-to-end availability strategy is imperative to mitigate the threats of downtime. And yet, this is easier said than done.

What's Wrong with Insurance?

I've seen that in many recent legal publications, cyber insurance has been getting a lot of attention. This is perhaps due to the increased prevalence of security breaches, and it's good of legal publications to provide their audience with solutions to their pain points. However, this specific form of insurance isn't fully mature yet and, thus, policies need to be reviewed carefully. Ask what the insurance provider will cover and under what circumstances, because when your firm is experiencing a cyber event, an investment in something that won't fully benefit your firm is unnecessary.

Keep in mind that insurance should never be viewed as an all-encompassing solution for business continuity. And no single solution will ever fully protect your firm's operations. It's the same as having car insurance: having it does not guarantee that you will drive safely, that you won't have a wreck, that you won't get injured or that you'll fully recover from any sustained injuries. It simply provides funds for the aftermath of any occurrence.

There's nothing inherently wrong with insurance. It's about taking a reactive vs. proactive approach to your firm's continuity strategy. The very definition of insurance implies action after something has happened — which isn't an adequate way of thinking when it comes to the protection of the modern law firm. To enable complete coverage of a law firm's assets and continued operation, a new approach is needed.

In order to accomplish a comprehensive availability strategy, IT teams must balance both preventative and restorative measures in threat mitigation. Every cybersecurity and IT disaster recovery (DR) solution are just pieces of the wider puzzle of a law firm's continuity — but important pieces nonetheless.

Proactivity is key for the restorative aspects, since these solutions must be reliable when called upon. For this reason, law firms should be testing their recovery processes and DR plans to ensure that when, not if, a breach occurs, they can effectively recover and remain available for clients. This approach should emphasize a well-tailored plan, inclusive of a firm's leadership.

Why 'Backups Only' Is Inadequate for Tackling Threats

Disasters aren't just tornadoes, floods and earthquakes anymore. With the ever-growing threat landscape, law firms must now plan for events beyond weather-related scenarios, such as power outages, cybersecurity incidents, human error, terrorism, etc. For this reason, these events must be fully integrated into your firm's response plan.

Traditional forms of DR such as “backups only” have always been reactive, rather than proactive in recovery scenarios — which means they just aren't fast enough to keep pace with the uptime demands of today's legal practice. Think of the time it takes to retrieve hardcopy backups from an offsite vault, identifying which ones are the most recent copies for recovery, then loading them onto your IT systems. It might be cheap, but at the end of the day, it takes too long.

The problem is that DR is often viewed as a form of insurance for something that will likely never happen, and thus does not receive the due diligence and attention it needs. This is a troubling trend to see, especially in the legal industry, where data and client retention are at the cornerstone of a law firm's vitality.

When you have clients depending upon the availability of lawyers for due representation, you can't leave your firm's operations to chance in the event of a disaster. Adding to this pressure are the growing regulations on industries for which law firms are often counseling. Auditors and insurers need to know your firm isn't the weak link. For this reason, law firms not only need robust DR plans — they must also have a way to prove the effectiveness of these plans to stakeholders. This why Disaster Recovery-as-a-Service (DRaaS) has emerged for adoption among law firms.

Why DRaaS Is Used by Law Firms

There are three types of DRaaS: 1) self-service; 2) assisted; and 3) fully managed. The difference between these aren't necessarily between the types of solutions available, but in the level of service the third-party provider gives the law firm during implementation, daily management and recovery execution.

No matter the service model, DRaaS keeps data and systems recoverable within a cloud-based environment for ongoing operations. It has shifted the realm of DR to a new perspective: it functions as a form of enablement.

Modern improvements in technology now mean that DRaaS tools can be used for so much more than just DR. Through the use of customizable solutions, DRaaS balances the preventative and restorative measures needed for a holistic approach.

Here's what DRaaS can do for law firms:

1. Full integration with your cybersecurity strategy through detailed processes that enable quick uptime after a breach has occurred.
2. Tools to help in migrating upgrades, infrastructure changes, or transition to the cloud.
3. A test bed for production testing, to avoid disruption to day-to-day firm operations.
4. Documentation of your IT systems and testing results for proof to constituents and auditors.
5. In a managed DRaaS service model, a team of experts to manage end-to-end maintenance and recovery on your firm's behalf (ideal for overburdened IT teams).

Modern legal practice demands full protection against threats, and DRaaS makes achieving this goal a reality. There's no longer a need to fret about cyber threats, human error, power outages and regional events, since DRaaS providers can empower firms with the latest technology innovations — and with pay-for-what-you-use and short-term contract options.

This means that firms can shed their on-premises hardware and opt for solutions that won't box them in for the future. Because DRaaS offers a range of options to meet technology requirements, IT departments can gain full coverage for any outdated applications with hybrid solutions, enable greater use of SaaS for efficiency, and leverage the secure, yet flexible nature of the cloud for increased accessibility in the client-lawyer relationship.

When it comes to the livelihood of your law firm, you need to have a solution you can depend on. DRaaS is a way to achieve this confidence, with flexible and comprehensive options to meet the unique characteristics and goals of your firm. Want greater security features for your current setup? No problem. Want systems recoverable within minutes-to-seconds? You got it. The trickiest part is selecting the provider, with a crowded marketplace of over 500 companies claiming they do DRaaS on one level or another.

Here are some questions to ask yourself in finding the right DRaaS provider for your law firm:

• Does the provider offer solutions that can meet your needs today and in the future too?
• How will the provider ensure older applications are covered? Do they offer customized hybrid solutions?
• Will the provider assist in testing your solutions and to what degree?
• Will you be able to see that your solutions are working and secure?
• Does the provider align with your firm's culture?
• Is the provider willing to put promises in writing to ensure your firm is protected?

Basically, all of these questions get at a key takeaway: Ask hard questions and be critical of the answers. Your law firm is responsible for protecting sensitive information, so don't place your IT systems in the hands of someone who isn't invested in your success. The “insurance frame of mind” is no longer acceptable in meeting modern continuity demands, so be sure to find a provider who has unrivaled expertise and — most importantly — is proactive to the needs of your firm.

*****
Jeff Ton is executive vice president of product and service development for Bluelock where he is responsible for driving the company's product strategy and service vision and strategy.