Back to Blog

Cloud and Compliance – protecting your client data

Post by |

Cloud computing is proliferating the legal sector as firms see the benefits of having effective business continuity procedures in place and being able to offer staff more flexibility around how and where they work.

As firms consider the opportunities provided by the cloud, it is important to consider the security and compliance aspects relating to its use. Far from adversely affecting your ability to comply, a cloud solution from a credible provider supports compliance and offers a robust and secure solution for your firm.

When it comes to data security and combating cyber threats, cloud providers of substance make security a centrepiece of their proposition and they will spend far more on infrastructure and security to mitigate threats than a typical law firm could. Furthermore, cloud-based hosting offers the ability for firms to better manage their systems through centralised data and applications, which reduces risk and allows firms to benefit from enterprise level security systems.

Having the ability to deliver a service under any circumstances is a requirement for law firms. This is where cloud comes into its own; an internet connection is all that's required for a member of staff to securely access all their normal desktop applications and data anytime and anywhere, delivering an uninterrupted service to clients in the event that they cannot work from their usual location. Moreover, cloud offers comprehensive disaster recovery and business continuity planning. In the event of a disaster or significant loss of data, it is possible to roll back the clock and retrieve all data and applications, avoiding the significant costs, both financial and reputational, that a breach can incur.

Consideration needs to be given to the location of data, it's jurisdiction and the ability of regulatory bodies to inspect data and records. Where will data will be held – will this be in the UK? International suppliers may be accountable to international regulation on data disclosure which conflicts with your requirements.

Questions to ask your cloud provider

When considering a cloud supplier, look for one with experience in the legal sector, who can demonstrate their compliance and ask to speak to their clients. Also seek recommendations from your case management and other application providers.

The SRA clearly sets out its minimum standard for firms wanting to work on the cloud. Of key importance is the onus on firms to conduct the necessary due diligence on potential providers, asking the right questions to ensure compliance. Beware - It is not down to the provider to do this and not all providers are SRA compliant.

Firms need to know specifically about:

  • What is the infrastructure of the proposed data centre?
  • Who is the owner of that data centre?
  • What is their capacity?
  • What is their disaster recovery failsafe?
  • What security is being offered in the event of failure or destruction of the physical premises?

Sadly, failure to know this information could result in costly fines if the SRA asks questions that firms cannot prove they have answers to. Most importantly, not knowing can cause reputational issues, which will ultimately impact firms' profitability and their clients too. From a risk management perspective, it's better to be safe than sorry.

About the Author:


With over 10 years of experience of IT infrastructure and datacentre solution management, Andrew leads the highly-skilled team of technical consultants and analysts at Converge Technology Specialists. His wealth of knowledge has proved invaluable to clients in terms of network design, harnessing ‘best of breed’ technology and creating infrastructure roadmaps that are aligned with business strategy. Operating solely in the legal sector, Andrew is well-placed to advise on the technical nuances attributed to law firms with particular expertise in application performance improvements linked to infrastructure. Often asked to speak at sector-leading events, Andrew has recently focussed on the growing threat of cybercrime and the risks posed to law firms, offering practical guidance and advice on how to mitigate against the likelihood of attack.

Converge Technology Specialists
As the only Cloud Computing Provider dedicated to UK law firms, Converge Technology Specialists have over 10 years’ experience advising law firms on how to align their IT roadmap with the firm’s overarching business strategy. Delivering a suite of hosted and managed infrastructure services, including Hosted Desktop, IaaS, DRaaS and Infrastructure Support, Converge Technology Specialists work closely with firms to facilitate key business goals including improved productivity, mitigating the risks of cyber-crime and achieving growth.

| See all our contributors
Back to Blog