Hot Topics in Legal IT: Disaster, Security, and Compliance
ALA Philadelphia Chapter, November 5th 2015
Held at Flaster/Greenberg, Philadelphia, PA
- TODD Baratz – CTO, Adaptive Solutions
- CHUCK Davis – CEO, Adaptive Solutions
- CHRIS Brown – Director of Business Development, Adaptive Solutions
- AMY Gaffney – Director of Engineering, Adaptive Solutions
The session’s content was divided into 4 sub-sections
- How infrastructure is changing
- Disaster Recovery and High Availability
- Alternatives to keeping systems in-house
- Value of Cloud and Hybrid Models
How infrastructure is changing
The Age of the Cloud is changing EVERYTHING. Companies are looking to the cloud for server hosting, application delivery, data protection, mobility solutions and disaster recovery. When evaluating network infrastructure, law firms should be evaluating what cloud resources they can leverage to make their employees as productive as possible while securing their data and making it highly-available. The cloud applications most frequently utilized by law firms are email (usually Microsoft Office 365) and document management, as well as colocation services either for core production servers, or backup and disaster recovery.
Disaster Recovery and High Availability
Disaster recovery is NOT something that should be left to the IT team – it is something that impacts the entire organization and DR solutions should be evaluated using the following criteria:
- WHERE is our data?
- HOW do we access it?
- WHEN can we access it?
- WHO is going to make it happen?
If you haven’t already done so, CREATE A DR PLAN! The management of the firm need to know what the plan is, and should be involved in its creation. The DR plan has to meet the needs of the organization and the infrastructure – hardware, software, connectivity etc. – has to be in place to support it. There are two factors that drive this conversation:
Recovery Time Objective (RTO): How quickly can we get my systems and data back on-line?
RTO is governed largely by how prepared a firm is to respond to a major outage (think Superstorm Sandy) – knowing how to access and restore essential systems and data that have gone offline due to loss of power or connectivity.
Recovery Point Objective (RPO): How old will the data be when we restore it?
Ten years ago, many firms were still backing up once a day to tape media so in the event of data needing to be restored, the information was up to a day old. With the amount of content being produced by attorneys and their staff in modern work processes, losing a complete day’s work is costly, and unacceptable when there are so many solutions – such as Dell AppAssure – available to firms that allow frequent incremental backups throughout the day, and almost instantaneous access to backed-up files.
RTO/RPO are key in determining the technology infrastructure of the company – is it designed to meet the expectations of the stakeholders?
Alternatives to keeping systems in-house
Many companies today are using one or more of the following solutions to make their systems highly-available to an increasingly mobile workforce.
Hosted Applications – As previously noted, email and document management are the primary uses of the cloud for law firms. Using hosted applications, staff can access information from anywhere, using any device.
Public Cloud (Amazon Web, Microsoft Azure etc.) – this segment has been growing for the past few years. Historically, Amazon have been the market leader, but Microsoft is making huge inroads into the virtual server hosting market). There are also plenty of smaller providers that offer similar services. These services offer high-availability and reduce the need for investment in additional hardware or software licensing.
Private Cloud – We see more law firms moving an increasingly large percentage of their production environment to co-location facilities. These facilities offer a secure location for servers, with multiple layers of physical security, connectivity and power supply. The biggest facility in Philadelphia is located at the Sungard on North Broad Street.
Value of Cloud and Hybrid Models
The Hybrid Cloud model may well be the model of the immediate future for law firms. We see it as having the potential to displace the virtual, centralized desktop infrastructures such as Citrix, because it eliminates the need to access network resources where these systems were traditionally housed. Inevitably, some network resources will always be kept ‘in-house’ but they will focus more on security and management rather than housing applications and documents.
How do we keep our data secure and ensure that we are in compliance?
Law firms are being targeted more than ever before – they are easier targets than their customers and often hold as much confidential information. Rather than hackers targeting the largest companies that hold massive amounts of customer data, they are finding ‘back-doors’ through which to gain access to sensitive information. Be aware of what your compliance obligations are – whether you handle financial information, personal medical data or even just process credit card transactions you have a responsibility to make sure that you have taken the appropriate measures to secure this information.
We also encourage firms to engage in educating their staff on safe computing. One of the most costly phenomena of recent years has been the appearance of the Cryptolocker virus which can spread across the network simply by clicking on a link in a fairly innocuous-looking email but which can cause the loss of dozens or even hundreds of lost man-hours while data is recovered and recreated.
All the areas that we discussed are interrelated. The ability to house systems and documents outside the network, and be able to access them anytime, anywhere, on any device is providing massive opportunities for law firms to revisit the issue of how they make the most of their staff’s time and intellectual property. This highly-available model also expands what is possible when a true disaster strikes, from protecting data with more frequent backups to the near-real-time restoration of complete systems.
We see more companies moving what they can to the cloud and minimizing their on-premise footprint, which is a single point of failure.