Making Sure Crime Doesn’t Pay

Gareth Bridges
Making Sure Crime Doesn’t Pay

“Slick Willie” Sutton was a prolific American bank robber who, during a forty-year criminal career, stole an estimated US$2 million – nearly US$30million today. But he is probably best known for his explanation of why he targeted banks in the first place.

“Because that’s where the money is,” he said.

Fast forward to the 21st century, and Sutton’s observation is still valid, although today’s cybercriminals are using the Internet, instead of guns to rob banks. It’s not easy money, so the smarter crooks are always on the look out for softer targets. As often as not, law firms are at the top of the list, and for good reason.

Soft targets

Legal offices frequently hold the same valuable data as banks – M&A information for example. What’s more, the material is often easier to get at.

According to a recent “BYOD in Law Firms” white paper produced jointly by IDG, Control Risks and Equinix, in the majority of firms surveyed (81%) case matter was available on employee owned devices.

Thankfully, most of these documents have some degree of protection. Among the 50 Asia Pacific law firms surveyed, 88% used passwords for security. However, that still leaves 12% without even the most basic security measures in place.

Unlike the “institutionally paranoid” financial services industry, there is not a definitive stance on how information security should be treated in the legal world. There’s a tug of war between convenience and security, as some partners view security as a hindrance while others put security at the top of their agenda, fearful of the risk involved by shifting to new computing models. It’s a major issue because these partners may have decades of legal expertise, however, such decision makers typically know little about how to evaluate security matters – good, bad or otherwise.

Take the idea of moving to a cloud-based IT infrastructure for example, which offers many security advantages over an on-premise solution. Yet, for many laymen – especially legal professionals steeped in tradition – handing over important data to another company can be a worrying concept. How safe can their firm’s information really be if it’s not under lock and key?

The answer is that it is probably much safer, and for a variety of reasons.

Safer to shift

Companies that offer cloud computing services live and die on their reputations, so they have as much incentive as say, a bank, to deploy the most advanced solutions to safeguard their customer’s data.

Moving IT to a cloud provider also makes excellent sense in purely practical terms. It removes the need to worry about whether every system has been updated with the latest security patches. Many law firms are often months or even years behind with their patching.

Another advantage of shifting to the cloud is that the firm is guaranteed to have access to the latest version of whichever software they are using. This is great from a value-for-money point of view, since they will likely be paying for it anyway. It is also critical from a safety perspective, because the most up-to-date version should also be the most secure.

In general, enterprises are more confident and are now moving more than just basic infrastructure software – such as antivirus – into the cloud. Practice management and document management technologies, which have traditionally been deployed on-premise by law firms, are now accessible in the cloud from providers such as Thompson Reuters (Elite) and NetDocuments.

The benefits of cloud computing are clear, however, as technology evolves, it is critical that the decisions made today position law firms to be flexible enough to leverage future paradigm shifts. This means taking into consideration how to adapt your technology services, while also ensuring security, scalability and optimal performance.

Coping with compliance

These days, security is not solely about where the data actually sits. It really depends on how much planning – and technology – goes into protecting the systems and information. Accordingly, firms that decide to embark on a cloud journey should kick off that planning process by carefully evaluating the contractual agreements that need to be put in place between themselves and their providers.

Corporate customers are becoming more prescriptive about the security standards adopted by their suppliers, looking for compliance with the standards set by their own industry regulators. This has an impact on how a firm shapes its cloud contracts. Ideally, this should be built into the RFP sent to potential providers so that critical cover is built in from day one.

See you in court

Equinix is proving to be a popular choice with the legal fraternity. This is because we provide an ecosystem with fast, direct and secure access to a host of essential points of contact. They include cloud service providers, enterprise customers, litigation support companies and other law firms.

We also help them tick all the boxes in tenders for data centre management, including redundancy and security. That, coupled with multilayer physical protection in the form of 24 hour security guards, CCTV, mantraps and biometric hand-readers, promises to keep would-be Suttons – actual or digital – at bay.

So the only place our legal customers encounter criminals will be in court!

To find out more about the transformation of the legal landscape, check out our new whitepaper on BYOD in law firms.

Gareth Bridges
Gareth Bridges Director, Digital Business at Equinix