Cloud Computing: The opportunities and risks for
law firms
Peter Groucutt Managing Director
Databarracks began life providing Managed Backup Services
Our journey through backup is similar to where we are today with
Infrastructure as a Service & cloud computing
People liked the concept and the business drivers
People were worried about Data Security and Privacy
They did not trust the technology nor the providers of it
About Databarracks
Our customers
What is cloud computing?
Companies want to use the cloud
They don’t want technology for technology’s sake
Hardware doesn’t add value to the business only
application
Companies want users to access the information they
need to perform the function of the business as quickly
as possible
Managing physical infrastructure does not add value.
Why cloud computing?
The simple cost benefit
White paper
Our white paper
Commercial and Cloud lawyer at DMH
Stallard LLP and Chair of Cloud Industry
Forum Code of Practice Board
+1
Conclusions
...the take up of cloud-based services
currently appears to be more relavent
among small to mid-tier firms.
...prior to adopting any cloud
service the firm needs to carefully
consider how their IT systems
integrate. Failure to do this is
likely to result in poor
performance regardless of
what service the firm adopts.
...the argument for utility
computing is powerful – firms
can reduce costs, turn a fixed
cost into a flexible one and grow
their IT requirements in a flexible
way.
Conclusions
…Simply put, the SRA will not tell
you how to get it right but they will
tell you when you get it wrong.
…leading service providers tend to have a firm grasp on security and arguably, offer levels of security far in excess of most internally hosted solutions.
One contributor noted that the firm’s slow
uptake of cloud computing was largely
attributable to a lack of knowledge among
the partners as to what cloud services are.
How does the SRA compare?
•Get a written contract
•Ask about data transfers
•Access control
•Identify your use of cloud
•Define the SLA
•Independent audit?
Outcomes focussed regulation
White paper conclusions
Legal sector is using the cloud
No definitive guidance from SRA
No wrong type of cloud
Firms can take steps to protect themselves
Data security, confidentiality & disaster recovery
are key
Regulation and accreditation
Regulation & Accreditation?
Mitigating risk
UK based data centres
Certifications (and what they mean to you)
Do your own audit(penetration testing, due
diligence)
Understand the supplier’s disaster recovery
procedures
Email: [email protected]
Twitter: @databarracks.com