Our world is rapidly changing, technology is advancing at an extraordinary pace, and law firms and businesses are having to adapt to become more proactive and innovative if they are to survive and thrive amid the pace of this exponential evolution.
It is no exception that technology has proven to be, and will remain, a constant and continually evolving phenomena. To stay ahead of the game, law firms and businesses need to brace for continual change or face being left behind the competition.
The business model of yesterday is struggling. Organisations are beginning to learn to capitalise on new digital capabilities that could be transformational in the future of their survival and success. Now is the time to constructively and innovatively consider reinventing the company’s business strategy to include the potential impact of the internet, and the technological environment that now incorporates our daily personal and working lives via mobile communications, social media, analytics and cloud computing.
In addition to this, law firms and businesses are realising that there is a crucial need to reshape strategic planning and ensure that there are adequate processes in place to contain client and confidential information securely, that the business has a documented and tested disaster recovery plan, in the case of a threat or emergency, and that strategies are considered and tested to ensure an effective, technological environment exists for the business to continue as usual and succeed.
Moving to a digitally enhanced o ce environment is easier than ever before. Law firms have many cost-effective options available for a more flexible technological environment, particularly when consideration is made to migrate data to the cloud.
Is IT safe?
Traditional technology is disappearing and the sceptics, or as David Linthicum called them, “folded arm gangs”, are losing numbers as cloud computing is now proving its value.
An analogy of statistics as outlined in the Alert Logic’s Autumn 2012 State of Cloud Security Report noted that variations in threat activity are not as important as where the infrastructure is located. Anything that can be accessed from ‘outside’, whether enterprise or cloud based, has an equal chance of being attacked due to the fact that attacks are opportunistic.
The report also outlined that attacks on web-based applications are able to hit both service provider environments and in-house environments. In-house environment users and customers apparently su er more incidents than those of service provider environments, and in addition to that, they are significantly more vulnerable to brute force attacks.
The ongoing idea that cloud computing is less secure than traditional methods is slowly dwindling, as more of these such reports are released for publication. There is a paranoia due largely to the fact that the approach itself feels insecure, with data stored on servers and systems out of one’s view and control. This may be true in the sense of how we think about cloud, but control does not equal security.
From the report of 2012, to the recently published Alert Logic Cloud Security Report: The Changing State of Cloud Security of 2015, the physical location of data is not as important as the means of accessing it and this is the case for both cloud-based systems and traditional enterprise computing.
As a matter of fact, those who build cloud-based platforms for enterprises focus more on security and governance than those who build systems that will exist inside firewalls. Systems built without the same rigor around security will not be as secure, whether they are cloud-based or not.
Maybe now is the time to consider and de ne a new strategy with the right type of enabling technology suitable for your business. Lets face it, the facts are in black and white, as stated in the HP Enterprise Innovation Guide on Cloud Security: ”By 2020 senior business and technology executives expect public and private cloud delivery models to increase by 50 percent.” That’s only four years away.
The environment of technology security is cranking up solutions to reflect this increase of migration of data to the cloud. As with traditional in-house systems management, and as outlined in these reports mentioned, incidents and incident frequency are on the rise for both in-house, or on-premises, and for the cloud environment. With the changing face of technology, below are a few tips to consider that can help your organisation incorporate security as a risk management segment of governance, risk and compliance that could make just that little bit more of a difference for your new strategy, especially as you get ready, get set, and go towards the cloud.
• Know your risks, know your issues: what kind of issues are you dealing with? Understand your security and governance requirements for the system you are considering.
• Access control: this is all about managing how information is accessed. When doing this, ensure there are no possibilities of data being breached.
• Data protection: any countries have data protection legislation in place so it’s important to know the rules of where your data will be stored, particularly which entity, the jurisdiction for storage, and the transfer of personal identifiable information (PII) and how this is managed.
• Disaster recovery: ensure you have a clearly defined, documented and regularly tested back-up plan as part of your strategy for all types of threats, from floods, outages and res to terrorism and cyber attacks.
• Vulnerability testing: it does not matter whether you are testing the security of cloud-based systems or traditional systems– untested systems are unsecured systems.
• Third-party information security assessments: assessing service providers and third parties is a really good way to get to know how risks are managed or mitigated as part of your vulnerability testing.