Protecting data in the cloud – a guide for law firm

Thursday 7 November, 2019

To discuss your requirements for legal software, please click to book an online demo or contact us on 01252 518939 info@insightlegal.co.uk

Insight Legal Software

Data is a vital asset to every modern legal practice. It is the backbone of both case and business continuity and without it, almost any firm today would cease to operate. As data sets grow continuously, law firms are becoming ever more reliant on third party cloud-based systems to manage and store most, if not all of their business-critical data.

Despite all of its advantages by way of ease and efficiency in a digital world, storing data within the cloud does not come without risks. Firms have to ensure they are safeguarded from a potentially disastrous loss of all client, case and practice data.

The consequences of losing data could well be crippling for a practice of any size; without access to correspondence or case information, practitioners simply cannot function and significant financial implications will rapidly ensue. Furthermore, a loss of data would prove extremely damaging for firms when they have to report activity to the Solicitors Regulation Authority (SRA).

The question is, simply, that if you store all of your data in the cloud, how do you back it up successfully? Further still, how do you also protect yourself against the risk of your provider ever losing your data? Law firms must therefore cover off a host of possible scenarios in order to take the necessary steps to keeping full control over their company’s data.


Be proactive with data backup

The most obvious action for a practice to take is to carry out regular backups of your entire database. Every law firm should rightfully have round-the-clock access to their full set of data, with the freedom to backup or pull all data from their chosen system as and when required. Today, the responsibility should fall on the service provider to make it as easy as possible for firms to complete regular backups of all practice and client data both quickly and easily. There are a handful of providers which do offer built-in data backup services as standard and enable customers to download data from within the system at any time.

That said, there are still very few suppliers which will offer this level of support at no cost, Law firms must therefore do their own market research to ensure their chosen provider can give them the level of control needed to manage their legal data freely. Does their contract imply that they can hold your data to ransom? Maybe it says you can have a backup but there will be a “reasonable” charge. If this is the case, then what do they define as reasonable – £1,000, £10,000 or £50,000?

Checking the small print and raising questions in the early stages of provider selection will allow firms to filter out the market noise and invest in a reputable supplier that allows them to backup their own data whenever they wish – and does not charge you a premium for the privilege.


Prepare for the worst

Taking a proactive approach when assessing cloud providers will prove essential for sourcing a fair and supportive supplier to assist with your data protection efforts. Other scenarios, however, are often much more difficult to predict and therefore require more strategic contingency planning.

For example, if your chosen provider suddenly goes out of business, or runs into their own financial difficulty leaving them unable to pay for the infrastructure needed to keep their service running. What happens to your data then?

Typically, most cloud providers will not actually hold the data in their own data centre; they will rent equipment or space in someone else’s. Firms must therefore consider what might happen if this data centre is subject to a disaster? In a cloud environment the responsibility for protecting your data will fall on someone else but are they competent and trustworthy? The cloud provider should offer very clear guidelines as to where customer data will be stored and by whom, as well as what will happen to their data when such events occur.


To avoid any nasty surprises, firms must ensure they are aware of their current options and make any necessary changes to protect their data in the future. Establish whether you can take backups of your own data or will your supplier charge you if you want that? What if you can’t get a backup? Are you totally at the mercy of your cloud provider, not just if they go bust, but if their service level drops or they increase their prices; can you terminate your contract and get all of your data back? If so, will you be able to receive your data back in a useful and coherent format? If your contract says you can extract your data by running reports, then it is unlikely that any migration from that product will give you the level of detail you require. Even if you are prepared to painstakingly run dozens of reports, can you access your entire document and email library in a coherent form?

The obvious answer to mitigating these potential risks amongst law firms is to eliminate them by choosing the right technology partners. Starting research well ahead of change, as well as ensuring they have full sight of exactly where their data is stored gives firms the head start they need to protect their data against unforeseen challenges. Furthermore, they will be able to distinguish suppliers who conditionally hold legal data to ransom from the rest and find those offering the flexibility to back up data in full when it best suits their Firm’s needs.

By Tim Smith, Technical Director