find the latest legal job
Corporate Counsel and Company Secretary
Category: Generalists - In House | Location: Newcastle, Maitland & Hunter NSW
· Highly-respected, innovative and entrepreneurial Not-for-Profit · Competency based Board
View details
Chief Counsel and Company Secretary
Category: Generalists - In House | Location: Newcastle, Maitland & Hunter NSW
· Dynamic, high growth organisation · ASX listed market leader
View details
In-house Projects Lawyer | Renewables / Solar | 2-5 Years PQE
Category: Generalists - In House | Location: All Australia
· Help design the future · NASDAQ Listed
View details
Property lawyer - Melbourne
Category: Property Law | Location: Melbourne CBD & Inner Suburbs Melbourne VIC
· Impressive client list, national firm · Well-led and high-performing team
View details
Senior family lawyer - Melbourne
Category: Family Law | Location: Melbourne CBD & Inner Suburbs Melbourne VIC
· Outstanding national firm · High-calibre family law team
View details
What law firms need to know about cloud cyber security

What law firms need to know about cloud cyber security

Alvin Tedjamulia

The cloud is a fundamental technology solution option that truly solves all kinds of law firm business and legal IT challenges including innovation, security, governance and global availability, writes Alvin Tedjamulia.

Modern law firms want the efficiency, the security and the global access of the cloud, while satisfying the security demands of their clients.

Recent high-profile data breaches of internal IT systems at major international firms are causing clients to increase the scrutiny of their outside counsels’ cybersecurity efforts.

Now, more than ever, it’s essential to ensure law firms are doing everything they can to safeguard their clients’ data against ever-evolving threats.

At times, this seems like it might require a PHD in security and data governance … a role even a law firm chief information security officer is not singularly equipped to take on.

Rather than trying to address today’s increasingly demanding security requirements all on their own using traditional systems and means, law firms and corporate legal departments are increasingly looking to trusted cloud-based solutions that have been purpose-built to safeguard client data. A 2015 Cloud Security Alliance (CSA) survey of 200 IT and security professionals revealed that “64.9 per cent of IT trusts the cloud as much or more than on-premises.”

The recent 2015 ILTA Technology Survey further underscores this trend, stating that only 4 per cent of law firm respondents cited “cloud apps/data security” as a major security challenge compared to the broader concern of “balancing security with usability.”

In 2017, modern cloud solutions provide world-class levels of security and data privacy, including encryption at rest with the strongest levels of cryptography, Hardware Security Modules (HSMs) for the protection of cypher keys, unique encryption keys per document, customer custody over encryption keys, best-in-class perimeter defense, and denial of service prevention, just to name a few.

Law firms large and small can leverage cloud-based security to protect themselves from future data breaches and safeguard their client data. Here’s a “short list” of essential cloud security realities and benefits every firm should take to heart:

Encryption at rest … Accounting for the essentials

Knowing where firm documents and especially firm client documents reside, and who can access them, are seemingly a basic security necessity.

When the data stored in a DMS is not encrypted, law firms are effectively commingling sensitive data from all their different clients in one big unencrypted library, and also exposing sensitive data in “clear text” to potential external and internal hackers, including system administrators.

Surprisingly, many law firms today still have not implemented basic encryption at rest with their traditional DMS due to cost, complexity, and lack of native support for encryption at rest in traditional systems. Thus, encryption at rest has become a baseline standard to protect against unauthorized access to sensitive information. M

odern cloud platforms can automatically encrypt all data at rest, with the encryption keys securely managed, processed, and stored inside hardened, tamper-resistant Hardware Security Modules (HSMs).

Unique file encryption … The next frontier

While ensuring that client data in the DMS is encrypted at rest is extremely important, equally important is how that data is encrypted.

If a single cryptographic key is used for all data stored in a DMS, a hack of that single key could expose the sensitive data for all of a firm’s clients. Cloud platforms can provide a separate and unique encryption key for each document.

Under this model, in the unlikely event of an encryption key being compromised, only a single document would be exposed, as opposed to all of a firm’s client data.

The latest cloud solutions also enable companies to maintain custody over matter or workspace encryption keys, giving law firms the ability to completely revoke the cloud service provider’s access to data at any time. Hardware Security Modules (HSMs) for the protection of cypher keys, unique encryption keys per document, customer custody over encryption keys, best-in-class perimeter defense, and denial of service prevention, just to name a few.

Leverage ‘built-in’ security and compliance

It is increasingly not enough to simply host traditional systems in third-party datacentres that have obtained security certifications.

In a native cloud environment, the actual software platform itself, as well as the internal operations of the vendor delivering the infrastructure, is able to achieve the highest levels of built-in compliance and security. In this manner, law firms can “inherit” the levels of security and compliance that will give clients peace of mind and help fulfill the most stringent security audit requests.

Hybrid cloud solutions: A viable security and compliance option

While most experts agree that modern cloud platforms provide higher levels of security and compliance than individual law firms can offer, there are still certain client-driven requirements that will require locally stored data for data sovereignty and client information governance reasons.

In this case, applications such as a firm’s DMS can still be delivered via the cloud, but designated data storage may remain locally within a firm’s specified location(s). To ensure a seamless experience for end users, it’s essential that the storage location (cloud or on-premises) be configurable on individual clients/matters all within a single repository or library.

Built-in advanced security protections for end users and devices

Modern cloud platforms can not only improve the safeguarding of client data from a back-end standpoint, but also from the front-end/end user standpoint through enforcement of: 1) strong passwords through federated identity integration; 2) two-factor authentication at all times and on all devices; 3) restricted access based on devices and IP addresses; 4) validated audit trails and history logs; and 5) access control restrictions for externalising or e-mailing specific documents.

If built into cloud solutions, these end-user and device security controls ensure comprehensive but seamless security.


Law firms of all shapes and sizes are moving to the cloud at an unprecedented rate to improve security and compliance.

The pace of innovation in the cloud is many times faster than a hosted or an on-premises implementation.

Modern cloud platforms have been purpose-built to safeguard data and, coupled with proper internal training and controls, provide a robust “Security as a Service” solution for client data. This unique value proposition will increasingly be a key driver as law firms look to increase competitiveness and enhance their value to clients.

The inevitability of the cloud is here as on-premises and hosted on-premises systems simply can’t keep up with native cloud security innovation.

According to IDC, growth for cloud services and related IT spending is eight times greater than the overall IT services market. The cloud question becomes not “if ” but “when” and “what goes first".

The dramatic shift and speed of innovation requires IT groups to change the way they operate, moving from a one-time technology purchase/project mentality to a service-based mindset.

However, once they do, they will inherit a world class security platform that far exceeds internal capabilities and satisfies the toughest client requirements.

Alvin Tedjamulia is NetDocuments’ CIO and an original co-founder. He frequently writes and speaks on topics of DMS security and world-class software-as-a-service and security-as-a-service delivery.

Like this story? Read more:

QLS condemns actions of disgraced lawyer as ‘stain on the profession’

NSW proposes big justice reforms to target risk of reoffending

The legal budget breakdown 2017

What law firms need to know about cloud cyber security
lawyersweekly logo
Promoted content
Recommended by Spike Native Network
more from lawyers weekly
Aug 23 2017
NT Law Society sounds alarm on mandatory sentencing
The Law Society Northern Territory has issued a warning over mandatory sentencing, saying it hasn’...
Aug 22 2017
Professionals unite in support of marriage equality
The presidents of representative bodies for solicitors, barristers and doctors in NSW have come toge...
Aug 21 2017
Is your firm on the right track for gig economy gains?
Promoted by Crowd & Co. The way we do business, where we work, how we engage with workers, ev...
Allens managing partner Richard Spurio, image courtesy Allens' website
Jun 21 2017
Promo season at Allens
A group of lawyers at Allens have received promotions across its PNG and Australian offices. ...
May 11 2017
Partner exits for in-house role
A Victorian lawyer has left the partnership of a national firm to start a new gig with state governm...
Esteban Gomez
May 11 2017
National firm recruits ‘major asset’
A national law firm has announced it has appointed a new corporate partner who brings over 15 years'...
Nicole Rich
May 16 2017
Access to justice for young transgender Australians
Reform is looming for the process that young transgender Australians and their families must current...
Geoff Roberson
May 11 2017
The lighter side of the law: when law and comedy collide
On the face of it, there doesn’t seem to be much that is amusing about the law, writes Geoff Rober...
May 10 2017
Advocate’s immunity – without fear or without favour but not both
On 29 March 2017, the High Court handed down its decision in David Kendirjian v Eugene Lepore & ...