As someone who advises others on legal matter for a living, the last thing you want to do is find yourself enmeshed in a legal scandal of your own.
And when your role involves taking responsibility for the highly confidential data of your clients, you need to be 100% confident that you’re fulfilling all of your compliance obligations when it comes to keeping your IT processes secure, and the information in your care totally safe.
Backing up and transferring information in the cloud is a top way to fortify your business behind a wall of encryption – but when you’re entrusting those fortifications to an outsider, you need to know that they’re as strong as they say they are.
In particular, they’ll need to have a real grasp of the legalities that govern your profession – especially when it comes to confidentiality. And they’ll need to be able to demonstrate to you that their technology is able to meet these standards.
In other words, you need to be asking your cloud services partner the right kinds of questions.
Let’s take cloud-supported remote working.
If you’re worried about whose eyes are able to get to your key documents, this is a superb options. Solutions like Citrix’s Sharefile allow you to sync files across devices so that they can be accessed securely outside the office, on all your devices, from anywhere – even while you’re in court.
Not having to lug paperwork around with you dramatically reduces the risk of these sensitive documents being physically lost or stolen, while rock-solid security keeps cyber criminals at bay.
But what happens if a device is stolen?
Not every cloud company has an answer to this, but they should. Because to keep your intellectual property assets seriously safe, it’s important that your provider is able to remotely wipe any enterprise data that the device contained.
To do this, they’ll need to make sure that all apps and associated data are stored in the central data centre itself – not locally, on the device.
They need to be providing access via granular, policy-based user authentication, with strict access control, auditing and reporting in place to help IT departments keep tabs on data protection and compliance.
And where exactly is this data kept?
Storage on multiple servers in different locations is definitely a good thing in terms of peace of mind. After all, the whole point of a remote cloud backup is that you won’t lose everything in the event of a natural disaster, fire or theft, so simply putting all your eggs in a different proverbial basket is not a great alternative.
But if your cloud provider is indeed backing up your data in a number of locations, you’ll need to know the details.
For example, is this data going to be stored within the UK or overseas?
If they’re in the UK, are they certified to ISO27001 and PCI DSS Security Standards?
If they’re elsewhere, what are the rules – and do they meet the requirements of your sector?
And what exactly is their plan for backup and disaster recovery, should something go seriously wrong?
These can be tricky questions to navigate, but they’re vital if you’re going keep your clients’ data, and your business, fully secure. If in doubt, don’t take the risk of working with a company that doesn’t “get” your industry. There are providers out here with extensive experience of meeting the needs of the legal profession: don’t settle for anything less.