2020 will go down in history for (among other things) as the year when cloud adoption truly came into its own. Metaphorically speaking, with a ‘flick of a switch’, longstanding cyber security, business risk and user-led concerns more or less disappeared, making cloud application adoption a necessity.
So, now in 2021, here we are – businesses have excellent security, 99.99% system availability, low cost of IT and application ownership, and a significantly increased ROI. Mission accomplished?
Almost certainly not. Firms can’t rest on their laurels. In this ‘next normal’ business and IT environment, continuity and contingency planning must retain the top spot in the list of priorities. Despite the 99.99% application availability in the cloud, cloud providers, including Microsoft Azure and Amazon Web Services do go down. Whilst it may only be for a few minutes or hours, the outage could well translate into an hour right in the middle of end of month pay roll activity or a time-critical compliance report production to an industry regulator. Similarly, there’s ever-increasing cybersecurity attacks with ever-increasing sophistication – and law firms continue to be a favoured target. Cyber criminals aren’t staying still, they are continuously improving their methods of attack and so, at the very least, firms need to keep level with their sophistication in maintaining and securing systems against threats.
Holistic approach demands multiple security strategies
A holistic approach to cloud adoption is required – and it involves layering on multiple strategies to protect and improve the availability of firms’ data.
For instance, many law firms now have their document management systems (DMS) securely in the cloud. If you are one of them, you should be thinking about adding the next layer of safeguards by adopting ‘need-to-know’ security so that only authorised individuals are able to access the information residing in the system. This will enable you to adopt a pessimistic approach to security, where the default is that no one is trusted in order to pre-empt and mitigate inadvertent errors that lead to security breaches.
When your data is well protected with need-to-know security, perhaps the following logical step would be to adopt a mechanism for threat monitoring and detection to add to your armoury. If, within 15 minutes of a user account behaving ‘against type’, you can take action to neutralise malicious activity and prevent a full-blown third-party attack, you could save your firm from considerable monetary, regulatory and reputational damage.
Business continuity needs revisiting
Often, firms are mistaken in their view that with critical applications in the cloud, business continuity strategies become less important. The truth of the matter is that it’s not just about your data centre being up and running, there are large runs of cables that go between the data centre and your office. Many IT directors of central London-based firms still cite the incident from a few years ago when a digger broke the network cables in an under-pass, taking out the whole area for a week.
It’s like saying a supermarket in a particular area is open 24/7, but if all the roads to the site are closed, never mind how powerful your car or how large your van, as a customer you simply won’t be able to get to the shop. However, there might be there might be a store in another location that you could get to – until your preferred vendor is once again accessible.
The same applies to your approach to business continuity. Therefore, with your firm’s critical applications now in the cloud, your business continuity plans need revisiting. Think about creating a real-time back up of data in your critical applications on an alternative cloud platform, so that in the event of a problem with your primary store, business isn’t forced to come to a grinding halt. Today, there are technologies that allow content to be quickly accessed from a back-up cloud platform. Your firm might not have the full functionality of systems or complete access to every single document for a period of time, but in all likelihood, potentially enough capability to continue essential business operation. It’s Sod’s Law and many will relate to it – when systems are down, there’s always that one business critical document that your firm’s lawyer needs to conclude a deal or send to the client. By creating a real-time back up of your data, you protect yourself against outages, security attacks and operational risk.
In conclusion, cloud adoption is a journey of continuous and incremental improvement. As the internal and external business and technological environments change, so must firms’ approach to support and maintenance of IT infrastructure and business continuity evolve. Regardless of where firms are on the technology maturity curve, the fundamentals of IT management and corresponding best practice cannot be forgotten or overlooked.
If you are looking for advice for any of the issues highlighted in this blog, we’d be happy to help. Please get in touch via contactus@ascertus.com.