With the advent of cloud computing and software as a service (SaaS) models of business and information storage, management and retention, the safety and integrity of our information is at a critical juncture. As old practices give way to new methods, vulnerabilities can still exist. In October, T-Mobile users who operate one of the popular Sidekick handsets, awoke one morning to find their contacts and data missing from their handheld. Danger, a Microsoft subsidiary corporation responsible for maintaining the information, had suffered a series of setbacks and glitches which resulted in a significant data loss for the users. If it could happen to Microsoft, with infrastructure and some very talented folks, it could happen to anyone. While Danger was ultimately able to recover large sectors of the information, the situation presents an interesting crossroad – how safe is our data on the cloud and how can we prepare for a rainy day?
Unfortunately, the answer is not as easy and direct as most would prefer. “Clouds,” or platforms, software, services or access that enables a user to operate or access data from a virtual/managed environment, occur in a variety of shapes and sizes. Cloud computing is a popular choice for many law firms and assist in offering remote desktop software, file access or gateways to specific services.
As experienced IT, CIO/CTO/CKO professionals of large multi-office firms can attest, the solutions for managing the integrity of cloud based data and products are not inexpensive, nor are there a series of fool-proof solutions. As unified messaging platforms, which combine our email, conversations, voicemail, faxes and data become common, our reliance on cloud based solutions are often as wide as they are deep. How well we secure the viability and sustainability of these solutions, ideally without interference or notice on the part of the user, are what separate a good cloud from a great one.
Depending on your work environment, you may already be operating in a cloud based environment. With Citrix and other remote desktop or virtualization options becoming “virtually mandatory,” firms and government agencies are increasing their options for their users to maximize productivity while at home or otherwise away from the physical office. “I will be out of the office but working remotely from home,” has become a norm – many of the tasks we can do at the office in a shirt and tie, we can more or less accomplish at home in our robe and fuzzy slippers.
Cloud computing and storage can be a blessing if properly managed, and established policies, procedures, decisions, talent and hardware are in place. A law firm already enjoying the benefits, or one on the cusp weighing their options, may want to consider the following six steps to maximize their success with the initiative.
1. Decide whether an internal or external cloud solution is best and evaluate the integrity of the selection.
The selection of one cloud solution over another is a personal choice for each institution. What would work for one might not necessarily work for another, no matter what a provider’s marketing materials might say. For example, not every firm uses the same billing software or document review platform – almost every shop has their own unique blend, and because of this it is difficult for anyone to say that there is a “one size fits all” type solution. Trust me, while there are solutions that can probably meet many of your needs, few will actually meet all of them. Smaller firms with a dedicated practice group are usually better off in a more managed, turn key external environment, such as remote desktop services with off-site file/service access or hosted data solutions through 3rd party providers such as DropBox, JungleDisk or another virtual storage company. Larger firms with multiple offices typically tailor a centralized internal solution to their own needs, such as managing Citrix servers with WAN/SAN integration and offering full desktop solutions to virtual participants.
2. Never rely on one source – one ring should rarely rule them all.
Any organization is always considerably better off implementing more than just one “cloud” type solution. Rain always happens when you least expect it, thus offering users multiple levels of protection and choice in the event of catastrophe can lessen the inherent risks when using a cloud solution. Think about it: we place all of our data in a cloud environment, ask users to avoid storing information locally on their hard disk because of potential data loss, limited security, virus/spyware, updates, etc. and fundamentally turn over the keys to their information without ever (probably) showing them the car. Earning and keeping their trust, creating solutions that protect their information, and avoiding the “single point of failure” concept in cloud computing are each paramount.
For example, isolating data within specific practice areas and maintaining the many steps necessary for a healthy and stable network (i.e. controllers, temperature monitored facilities, RAID striping, off-site backup, data mirroring, user caching, etc.) are all vital in avoiding a reliance on the prayers of a successful solitary source. If you operate your own cloud environment this will not be inexpensive, and if you utilize an external solution, be certain that these (and countless other) factors are in place to adequately provide what I would call “cloud cover.”
3. Select solutions that complement a cloud environment and scale those choices accordingly.
Avoid the hodge-podge of solutions. Not all software applications can subsist on a cloud, nor should they. If deciding to turn to a cloud based solution this can be an excellent opportunity to evaluate which choices are currently in place (i.e. billing software, knowledge management, litigation and practice support, document management, enterprise search, etc.) and how well they could blend, operate and be utilized within a cloud. For example, if your firm or office routinely utilize video depositions or other high bandwidth items, remote desktop virtualization solutions typically stumble along and video will usually either not play or be too choppy. Ask the users in advance which type(s) of information are most important to them and review which existing solutions will be complementary or not.
4. Evaluate and implement more than one disaster recovery plan – one of which must be off-off site.
With life on the cloud, and to be honest data storage in general, authoring and implementing a comprehensive disaster recovery plan is important. I am personally aware of many firms that have multiple offices, and utilize at least one of those offices as their “disaster recovery site,” which usually receives backups of data stored on the primary network in the middle of the night. While this is a great first step, it is unfortunately not the entire walk. There should always be one off-off site disaster recovery solution that allows you to wind the clock back in the event of, a) an entire network outage, b) multiple network failures, c) backup error or d) security breach. While this will cost more per year to maintain, the prices for totally off site disaster recovery solutions are a fraction of the cost of what an attempted recovery or actual loss would be. Mirror your cloud with off-site virtual machines or actual hardware and maintain its presence in the everyday workflow of your network engineers. Although it’s purpose is passive, this should be treated as an active solution at all times and given the care, diligence and resources that would be required to make it successful.
5. Maintain very tight security protocols and parameters – it’s very easy for data on the cloud to drift.
Information security should be closely monitored within any cloud solution. After all, the keys are usually turned over with just a “secure” web login, user name and password, all of which can be easy targets for a potential data breach if certain measures are not taken. Security protocols should exist on a variety of levels, ranging from randomized user passwords and non-email centric user names to managing the IP addresses of servers, frequently rotating the digital location of data and adequately securing the cloud’s physical location. While server logs, card swipe facilities and other traditional security measures are great primary steps, it is important to keep in mind that there will never be one “stock” solution to adequately secure every location.
6. Foster project management, both on the part of those who implement the solution and the users of it.
Believe it or not, there is an incredible amount of project management that goes into operating a cloud and creating the most successful environment. Multiple aspects of an IT or litigation support department will need to be involved, and resources, initiatives, tasks and progress will need to be coordinated. While it may seem far fetched, there is also a certain degree of project management on the part of the user(s). Working around network maintenance, insuring that replicated data is correct (i.e. Concordance databases, LiveNote transcript collections, etc.) or organizing the information in a document management system, each require users to be aware of their environment and work both actively and passively with members of the team involved in the cloud initiative. The users are the “customer” in the equation, and their participation, education and involvement should be active considerations at all times. Maintaining adequate records, constant email communication, surveys and quarterly reviews of what is working and what could be improved, will each enhance the cloud experience within any firm.
Overall, cloud computing and operating within virtual environments are the inevitable future of both general computing and law firm IT. As solutions such as the Google Chrome OS, Citrix desktop and Windows 7 continue to evolve, the notion of the “local” PC will diminish over time. To meet this growing end, firms that seek to or currently implement a cloud based solution should evaluate their existing or possible practices for compliance in many areas of information management, strategy and the quality of the end-user experience. With solid project management, end-user involvement, teamwork, an eye on security and a healthy dose of caution, cloud computing can yield sunshine for any firm.
Related posts:
