find the latest legal job
Senior Associate - Litigation & Dispute Resolution
Category: Litigation and Dispute Resolution | Location: Melbourne CBD & Inner Suburbs Melbourne VIC
· Come work for a firm ranked in Lawyers Weekly Top 25 Attraction Firms
View details
Associate - Workplace Relations & Safety
Category: Industrial Relations and Employment Law | Location: Brisbane CBD & Inner Suburbs Brisbane QLD
· Employer of choice · Strong team culture
View details
Freelance Lawyers
Category: Banking and Finance Law | Location: All Perth WA
· Freelance opportunities through Vario from Pinsent Masons
View details
Freelance Lawyers
Category: Other | Location: All Adelaide SA
· • Qualified lawyer with a strong academic background
View details
Freelance Lawyers
Category: Other | Location: All Melbourne VIC
· • Qualified lawyer with a strong academic background
View details
What law firms need to know about cloud cyber security

What law firms need to know about cloud cyber security

Alvin Tedjamulia

The cloud is a fundamental technology solution option that truly solves all kinds of law firm business and legal IT challenges including innovation, security, governance and global availability, writes Alvin Tedjamulia.

Modern law firms want the efficiency, the security and the global access of the cloud, while satisfying the security demands of their clients.

Recent high-profile data breaches of internal IT systems at major international firms are causing clients to increase the scrutiny of their outside counsels’ cybersecurity efforts.

Now, more than ever, it’s essential to ensure law firms are doing everything they can to safeguard their clients’ data against ever-evolving threats.

At times, this seems like it might require a PHD in security and data governance … a role even a law firm chief information security officer is not singularly equipped to take on.

Rather than trying to address today’s increasingly demanding security requirements all on their own using traditional systems and means, law firms and corporate legal departments are increasingly looking to trusted cloud-based solutions that have been purpose-built to safeguard client data. A 2015 Cloud Security Alliance (CSA) survey of 200 IT and security professionals revealed that “64.9 per cent of IT trusts the cloud as much or more than on-premises.”

The recent 2015 ILTA Technology Survey further underscores this trend, stating that only 4 per cent of law firm respondents cited “cloud apps/data security” as a major security challenge compared to the broader concern of “balancing security with usability.”

In 2017, modern cloud solutions provide world-class levels of security and data privacy, including encryption at rest with the strongest levels of cryptography, Hardware Security Modules (HSMs) for the protection of cypher keys, unique encryption keys per document, customer custody over encryption keys, best-in-class perimeter defense, and denial of service prevention, just to name a few.

Law firms large and small can leverage cloud-based security to protect themselves from future data breaches and safeguard their client data. Here’s a “short list” of essential cloud security realities and benefits every firm should take to heart:

Encryption at rest … Accounting for the essentials

Knowing where firm documents and especially firm client documents reside, and who can access them, are seemingly a basic security necessity.

When the data stored in a DMS is not encrypted, law firms are effectively commingling sensitive data from all their different clients in one big unencrypted library, and also exposing sensitive data in “clear text” to potential external and internal hackers, including system administrators.

Surprisingly, many law firms today still have not implemented basic encryption at rest with their traditional DMS due to cost, complexity, and lack of native support for encryption at rest in traditional systems. Thus, encryption at rest has become a baseline standard to protect against unauthorized access to sensitive information. M

odern cloud platforms can automatically encrypt all data at rest, with the encryption keys securely managed, processed, and stored inside hardened, tamper-resistant Hardware Security Modules (HSMs).

Unique file encryption … The next frontier

While ensuring that client data in the DMS is encrypted at rest is extremely important, equally important is how that data is encrypted.

If a single cryptographic key is used for all data stored in a DMS, a hack of that single key could expose the sensitive data for all of a firm’s clients. Cloud platforms can provide a separate and unique encryption key for each document.

Under this model, in the unlikely event of an encryption key being compromised, only a single document would be exposed, as opposed to all of a firm’s client data.

The latest cloud solutions also enable companies to maintain custody over matter or workspace encryption keys, giving law firms the ability to completely revoke the cloud service provider’s access to data at any time. Hardware Security Modules (HSMs) for the protection of cypher keys, unique encryption keys per document, customer custody over encryption keys, best-in-class perimeter defense, and denial of service prevention, just to name a few.

Leverage ‘built-in’ security and compliance

It is increasingly not enough to simply host traditional systems in third-party datacentres that have obtained security certifications.

In a native cloud environment, the actual software platform itself, as well as the internal operations of the vendor delivering the infrastructure, is able to achieve the highest levels of built-in compliance and security. In this manner, law firms can “inherit” the levels of security and compliance that will give clients peace of mind and help fulfill the most stringent security audit requests.

Hybrid cloud solutions: A viable security and compliance option

While most experts agree that modern cloud platforms provide higher levels of security and compliance than individual law firms can offer, there are still certain client-driven requirements that will require locally stored data for data sovereignty and client information governance reasons.

In this case, applications such as a firm’s DMS can still be delivered via the cloud, but designated data storage may remain locally within a firm’s specified location(s). To ensure a seamless experience for end users, it’s essential that the storage location (cloud or on-premises) be configurable on individual clients/matters all within a single repository or library.

Built-in advanced security protections for end users and devices

Modern cloud platforms can not only improve the safeguarding of client data from a back-end standpoint, but also from the front-end/end user standpoint through enforcement of: 1) strong passwords through federated identity integration; 2) two-factor authentication at all times and on all devices; 3) restricted access based on devices and IP addresses; 4) validated audit trails and history logs; and 5) access control restrictions for externalising or e-mailing specific documents.

If built into cloud solutions, these end-user and device security controls ensure comprehensive but seamless security.


Law firms of all shapes and sizes are moving to the cloud at an unprecedented rate to improve security and compliance.

The pace of innovation in the cloud is many times faster than a hosted or an on-premises implementation.

Modern cloud platforms have been purpose-built to safeguard data and, coupled with proper internal training and controls, provide a robust “Security as a Service” solution for client data. This unique value proposition will increasingly be a key driver as law firms look to increase competitiveness and enhance their value to clients.

The inevitability of the cloud is here as on-premises and hosted on-premises systems simply can’t keep up with native cloud security innovation.

According to IDC, growth for cloud services and related IT spending is eight times greater than the overall IT services market. The cloud question becomes not “if ” but “when” and “what goes first".

The dramatic shift and speed of innovation requires IT groups to change the way they operate, moving from a one-time technology purchase/project mentality to a service-based mindset.

However, once they do, they will inherit a world class security platform that far exceeds internal capabilities and satisfies the toughest client requirements.

Alvin Tedjamulia is NetDocuments’ CIO and an original co-founder. He frequently writes and speaks on topics of DMS security and world-class software-as-a-service and security-as-a-service delivery.

Like this story? Read more:

QLS condemns actions of disgraced lawyer as ‘stain on the profession’

NSW proposes big justice reforms to target risk of reoffending

The legal budget breakdown 2017

What law firms need to know about cloud cyber security
lawyersweekly logo
Promoted content
Recommended by Spike Native Network
more from lawyers weekly
Oct 20 2017
Podcast: One of law’s most infamous alumni – in conversation with Julian Morrow
In this episode of The Lawyers Weekly Show, Melissa Coade is joined by The Chaser’s Julian Morrow....
Oct 20 2017
High Court overturns ‘excessive’ anti-protest legislation
Bob Brown’s recent victory in the High Court over the Tasmanian government was a win for fundament...
Oct 20 2017
Changes to Australian citizenship laws blocked
Attempts to beef up the requirements to obtain Australian citizenship were thwarted this week, after...
Allens managing partner Richard Spurio, image courtesy Allens' website
Jun 21 2017
Promo season at Allens
A group of lawyers at Allens have received promotions across its PNG and Australian offices. ...
May 11 2017
Partner exits for in-house role
A Victorian lawyer has left the partnership of a national firm to start a new gig with state governm...
Esteban Gomez
May 11 2017
National firm recruits ‘major asset’
A national law firm has announced it has appointed a new corporate partner who brings over 15 years'...
Nicole Rich
May 16 2017
Access to justice for young transgender Australians
Reform is looming for the process that young transgender Australians and their families must current...
Geoff Roberson
May 11 2017
The lighter side of the law: when law and comedy collide
On the face of it, there doesn’t seem to be much that is amusing about the law, writes Geoff Rober...
May 10 2017
Advocate’s immunity – without fear or without favour but not both
On 29 March 2017, the High Court handed down its decision in David Kendirjian v Eugene Lepore & ...