Cloud computing is proliferating the legal sector as firms see the benefits of having effective business continuity procedures in place and being able to offer staff more flexibility around how and where they work.
As firms consider the opportunities provided by the cloud, it is important to consider the security and compliance aspects relating to its use. Far from adversely affecting your ability to comply, a cloud solution from a credible provider supports compliance and offers a robust and secure solution for your firm.
When it comes to data security and combating cyber threats, cloud providers of substance make security a centrepiece of their proposition and they will spend far more on infrastructure and security to mitigate threats than a typical law firm could. Furthermore, cloud-based hosting offers the ability for firms to better manage their systems through centralised data and applications, which reduces risk and allows firms to benefit from enterprise level security systems.
Having the ability to deliver a service under any circumstances is a requirement for law firms. This is where cloud comes into its own; an internet connection is all that's required for a member of staff to securely access all their normal desktop applications and data anytime and anywhere, delivering an uninterrupted service to clients in the event that they cannot work from their usual location. Moreover, cloud offers comprehensive disaster recovery and business continuity planning. In the event of a disaster or significant loss of data, it is possible to roll back the clock and retrieve all data and applications, avoiding the significant costs, both financial and reputational, that a breach can incur.
Consideration needs to be given to the location of data, it's jurisdiction and the ability of regulatory bodies to inspect data and records. Where will data will be held – will this be in the UK? International suppliers may be accountable to international regulation on data disclosure which conflicts with your requirements.
Questions to ask your cloud provider
When considering a cloud supplier, look for one with experience in the legal sector, who can demonstrate their compliance and ask to speak to their clients. Also seek recommendations from your case management and other application providers.
The SRA clearly sets out its minimum standard for firms wanting to work on the cloud. Of key importance is the onus on firms to conduct the necessary due diligence on potential providers, asking the right questions to ensure compliance. Beware - It is not down to the provider to do this and not all providers are SRA compliant.
Firms need to know specifically about:
- What is the infrastructure of the proposed data centre?
- Who is the owner of that data centre?
- What is their capacity?
- What is their disaster recovery failsafe?
- What security is being offered in the event of failure or destruction of the physical premises?
Sadly, failure to know this information could result in costly fines if the SRA asks questions that firms cannot prove they have answers to. Most importantly, not knowing can cause reputational issues, which will ultimately impact firms' profitability and their clients too. From a risk management perspective, it's better to be safe than sorry.