Making the Move: What should legal organizations consider when assessing how the cloud fits into their future?
The COVID-19 pandemic—coupled with the remote and hybrid work models that arrived in its wake—has spurred a move to the cloud for many of the key business systems that legal organizations rely on, from document and email management to collaboration and more.
Parts of the industry, however, have yet to move from on-premises installations to the cloud. What should these organizations—spanning law firms, corporate legal departments, solo practitioners and other legal organizations—consider when assessing how cloud fits into their future?
Compliance is complicated
With each passing year, the compliance and regulatory environment gets more complex. From Brexit and the General Data Protection Regulation to the California Consumer Privacy Act, there are a host of new laws and regulations that govern where data needs to be stored and how it needs to be managed.
Building your own data centers in a variety of different countries to ensure data physically resides in those regions isn’t a viable or practical undertaking for anyone but the largest and most well-resourced organizations. Consequently, to successfully manage these ongoing changes, IT and business leaders will have to rely on cloud and software-as-a-service platforms to keep their data private, secure and aligned with increasing and changing global regulations as part of their digital strategies.
Cloud vendors—those providing a cloud-based document management system, for example, or a cloud-based billing system—provide greater flexibility for legal organizations on this front. Vendors that leverage a modern cloud with an infrastructure-as-code foundation can deploy new instances of a SaaS solution at the push of a button in any geographic location hosted on public cloud infrastructure.
Take the example of a British law firm with European Union clients. The data for those clients needs to be domiciled in the EU. Rather than going through the costly and time-consuming process of finding a data center in the EU and manually configuring servers, the law firm’s cloud vendor can leverage public cloud infrastructure and deploy a new instance of its service in the EU, allowing the firm to service its EU clients without breaching any compliance protocols. This approach would likely come together more quickly and cost the firm less.
The above scenario highlights the importance of legal organizations relying on cloud-based vendors that utilize a public cloud infrastructure provider with the broadest possible global footprint.
In a world where a thicket of new regulations increasingly needs to be carefully navigated, this type of flexibility and agility is a need-to-have rather than a nice-to-have for legal organizations that wish to effectively serve their clients—and it can be delivered only via a modern cloud.
The security landscape today is considerably more challenging than it was just a few years ago. Security breaches and cyberattacks regularly make the headlines, and ransomware attacks by well-organized criminal elements and opportunistic troublemakers continue to proliferate, with law firms being prime targets. Organizations must ensure strong security policies are in place for data at every stage of the data life cycle—as it is being processed, transmitted or stored.
Fortunately, a move to the cloud helps protect against these threats, providing greater security for the sensitive and privileged information that these bad actors are trying to get their hands on.
The cloud delivers this superior protection in several ways. For starters, most cloud vendors have more resources they can dedicate to security than all but the largest and most well-resourced organizations. In addition, if the cloud is built on zero-trust security principles—which assumes no implicit trust whatsoever, whether that’s trust of networks, trust between host and applications or even trust of superusers or administrators—it greatly enhances the level of security of critical assets.
For zero trust to fully deliver on this promise, however, zero touch must also be part of the platform life cycle. This means creating a hands-off operations model that takes the human out of the equation for everything from routine server maintenance to more advanced troubleshooting.
For example, when setting up a new instance of a cloud service, rather than relying on a human to manually configure all the settings and check all the right boxes—a process that can easily allow human error to slip in—a template that has already been properly configured can be deployed at the push of a button.
Similarly, for routine maintenance and troubleshooting, an automated tool—essentially, a software program that has been developed to execute a specific task—can be pushed into the production environment to carry out its task rather than allowing a human to get under the hood and play around with the data.
Crucially, these elements have to be architected into a cloud from the beginning, and in most cases, they cannot easily be bolted on after the fact. So when assessing how cloud fits into their future, legal organizations should ask themselves whether a cloud offering takes advantage of zero-trust/zero-touch principles. If not, it’s time to select a cloud offering that does.
Expecting the unexpected
As legal organizations assess how cloud fits in their future, it’s useful to look back on the last two-plus years, which revealed that we are living in a time of unexpected shocks to the system—and there are likely more on the way.
COVID-19 may be the first pandemic of the 2020s, but scientists purport that it likely won’t be the last in our generation. Likewise, weather-related disasters that unleashed floods and wildfires everywhere from Germany to Australia are unlikely to dissipate in the near term.
The redundancy and resiliency that the cloud provides ensure legal professionals can continue to access their valuable data and get work done, no matter what kind of wrench unexpectedly gets thrown into the gears of business as usual.
Those legal organizations that already had moved to the cloud found themselves well-positioned when COVID-19 or other disasters struck, and they were able to stay productive while working remotely without missing a beat.
With the right cloud partner—specifically, one that utilizes a resilient and highly available cloud architecture that spreads data across multiple data centers simultaneously, creating a virtualized availability zone—these types of unexpected events don’t have to be catastrophes-in-waiting so much as unanticipated occurrences that can be planned for and mitigated.
Ask the question
Ultimately, when assessing the future of a cloud-enabled infrastructure, legal organizations should ask themselves if the next five to 10 years are likely to present fewer challenges than what they face today.
Will the security landscape be less threatening? Will the regulatory and compliance landscape be less complex? Will the threat of a pandemic or a climate disaster have disappeared?
The answer to all these questions leans strongly toward no—which is all the more reason that legal organizations should lean toward yes for the cloud. By selecting a truly modern cloud that provides all the security, flexibility and resiliency they require, they can successfully plan for all that lies ahead, positioning their firm, their legal professionals and their clients for success.
Mark Richman is the principal product manager at iManage.
This column reflects the opinions of the author and not necessarily the views of the ABA Journal—or the American Bar Association.
The ABA Journal wants to host and facilitate conversations among lawyers about their profession. We are now accepting thoughtful, nonpromotional articles and commentary by unpaid contributors.
Read the Mind Your Business submission guidelines.