New Year, New Technology: Law Firms Turning to Cloud Technology for Increased Data Security

Illustration: triloks/iStockphoto.com

Law firms are slowly making the shift to enterprise cloud-based platforms. This trend should pick up steam in 2020 as more and more firms look to leverage the technology to increase the security of their client data as well as lower costs, increase productivity and boost client satisfaction.

Cloud technology is already a mainstay in most enterprises today, but law firms are taking a more cautious approach in adopting this technology. According to the 2018 Legal Technology Survey Report by the American Bar Association, "cloud usage in 2018 bumped up very slightly, from 52% to 54.6%."

Despite this slow rate of adoption, law firms recognize the importance of cloud technology to their industry. A recent report by the International Legal Technology Association which surveyed 537 law firms, representing 116,000 attorneys, ranked cloud as the number one technology trend they believe will create "significant change or be a major factor in the legal technology profession." Even with recognition of cloud-based platforms as an efficient, scalable, low-cost way to use legal technology, adoption of this technology has been slowed by lingering concerns about confidentiality and security.

Law firms house a great deal of sensitive client information and are understandably concerned about the IT security of any technology solution they implement. However, many firms still think that legacy on-premise IT solutions are the most effective way to safeguard client data. The fact is that maintaining a secure on-premise IT solution is costly and complex. With these solutions, a firm not only has to implement the technical solution but also maintain proper security, which often takes a tremendous amount of knowledge, effort, and money.

As hackers become more sophisticated, it is increasingly challenging for law firms to keep up with security measures. In-house IT professionals at firms have found it very difficult, if not impossible, to keep every piece of hardware and software up to date, ensuring security settings are correctly applied and audited regularly and having a backup system in case of a failure or attack. Few firms have the personnel or resources to stay on top of this ever-changing cybersecurity landscape.

Concerns around cybersecurity have reached a fever pitch with the continued spate of publicized incursions, including the WannaCry ransomware attack in May 2017, which highlighted the potential dangers of using an on-premise IT solution.

The unfortunate reality is that cybersecurity threats like this are becoming more and more common. According to Norton, data breaches have run at a record pace in 2019 with 4.1 billion records breached and 3,800 publicly disclosed breaches. Law firms are not immune to these data breaches. According to the American Bar Association's 2018 report on cybersecurity, 23% of respondents overall reported that their firm had experienced a data breach at some time.

These statistics make a strong case for firms to leave behind their hesitancy about moving to cloud technology. Law firms should step up their adoption of enterprise cloud technology platforms to help them avoid data breaches that are costly not only in terms of financial loss, but also in damage to reputation and client relationships.

Making the move to cloud computing platforms provides firms with significant security advantages, including:

• Support by a large team of experts who make maintaining a secure IT environment their business;
• Multiple layers of authentication to minimize unauthorized access;
• Cloud isolation from individual devices (e.g. computers, phones and tablets) used by firm employees to keep the firm's files and data secure if one or more of these devices become infected with malware; and
• Comprehensive backup and recovery plans to prevent the loss of files and data in the event of a cyberattack or a physical disaster.

However, as law firms consider moving their files and data to the cloud in the new year, they should understand that this information is only as secure as protection measures offered by their provider. Before selecting an enterprise cloud platform provider, firms should ask their provider about:

Multi-Factor Authentication: Simply using username/password as a login credential is no longer enough to ensure secure access by authorized personnel. Ask about additional authentication methods to supplement the username/password, such as a physical token, a password card, a digital certificate, biometry or SMS password.

Access Management Policy: Make sure to ask whether or not the cloud-computing service platforms allow the firm to set access rights for each individual user so that employees, contractors or clients can only access information relevant to their roles.

Log Management: Logs are not only for compliance—they also help monitor suspicious activities and aid in forensic investigations in case there's a breach. Make sure the cloud service provider can keep track of every user that logs into the system and every document viewed and be able to provide the firm with this information upon request.

Data Backup and Recovery: A top-tier cloud service provider should have a comprehensive backup and recovery plan with multiple redundancies built in to ensure that the firm's data is secure whether there's a cyberattack or physical disaster. Ask if the provider has a well-designed recovery plan that will allow the firm to get up and running again with minimum downtime.

Vulnerability Analysis: Firms should also ask if a provider routinely carries out vulnerability analyses to ensure the security of the system. These analyses are important because they help the provider stay on top of security measures and ahead of malicious hackers.

Security Standards Compliance: Security standards for cloud computing are fast evolving. Make sure a cloud service provider is adhering to industry standards (e.g. SOC 2).

These are some of the key questions law firms should ask to understand a cloud provider's security model. The answers can help firms make an informed selection of a provider that best meets their data protection and security requirements.

The law firm shift to cloud technology will continue in 2020. The new year will see more and more firms embracing the technology not only to make their data more secure, but also to help streamline their operations and increase productivity and growth.

Travis Howe is the Chief Information Security Officer for Litify, a secure, extensible and rapidly evolving legal technology platform. Howe has over three decades of experience and has held several leadership positions in information security and privacy, including Conga, Department of Energy, Intrado, and US Navy.