Cloud Desktop Security: For Law Firms, Details Matter

Author: Ranna Unthank

Publish on: Sep 7, 2017 5:00:00 AM

According to the American Bar Association's TECHREPORT 2016, cloud computing adoption in law firms is increasing:

“One of the more striking impressions in this year’s survey, and in keeping with the concept of reallocation of resources, is an unavoidable conclusion that resistance to cloud services is waning,” the report’s executive summary says.

The survey found that fifty-nine percent of respondents said a key benefit of moving to the cloud was the low cost of entry and predictable monthly expense of cloud services, and 40 percent said a benefit was that the cloud eliminates IT requirements. 

We say (emphatically), "yes!", but in the ABA report many IT Directors at law firms also shared their top concerns: Confidentiality and security. 

Cloud security for legal.jpgMuch has been made about cloud computing and security, but at the end of the day it seems that IT and line of business execs are realizing that the major cloud players can probably secure their data more effectively than they can themselves with their on-premises infrastructure. It's this realization, along with the need for "anywhere-anytime-any device" access, that is helping to accelerate cloud adoption across industries.

However, the very nature of law firms means that they have unique requirements. Not only does the IT exec making technology decisions need to have confidence in the cloud services provider, the firm's clients also need to understand, agree to, and have confidence in how their sensitive information is being handled. The fact that moving to the cloud will save money for the firm is meaningless if clients don't trust where their case information lives. 

So what are the primary pros and cons law firms should consider as they develop their cloud strategies? More specifically, what are the key considerations for delivering virtual apps and desktops from the cloud so attorneys and support staff have the freedom to work from anywhere and better serve clients? What about cloud desktop security? For firms evaluating VDI for the first time or considering a switch from their existing legacy VDI to a modern solution, the cloud enters the picture in two areas: The VDI control plane, and your datacenter infrastructure. Because of the top concerns legal IT execs have around security and confidentiality, adopting next-generation VDI requires a comfort-level with cloud computing, and that's what we want to discuss further here.

In the VDI market, the big picture suggests we are seeing classic disruption happening now. The traditional players can't adequately respond to embrace technology changes that mean everything to customer success with VDI, and this means you need to break through the marketing hype and drill into solution details to make sure you get what you need. Based on the VDI implementations we've done with legal customers, here's our take on the four main areas you need to focus on when evaluating VDI vendors (and they all have security and confidentiality implications):

Future-proof solution

If only you had a crystal ball! But since you don't, you need to be ready for anything. M&A in your firm's future?  Will your growth require the use of remote attorney contractors?  Do you need to have a presence in other countries?  What are that country's data sovereignty rules? The right VDI solution addresses all of these dynamics, but what exactly does the right solution look like?

1. Ability to spin up 10s, 100s, or 1,000s of desktops in hours, and place them as close as possible to the people using them - whether that's on-prem or in the cloud - so they get the best performance.  Some users might be at a main office, and some may be scattered across the globe, but they all need great performance to stay productive.

2. Provide secure access to contract attorneys to your DMS workflow and even restrict their access specifically to only what they need for their current case.

3. Put data where it needs to be, whether that's driven by client choice or regulatory compliance. Have the flexibility to keeps some apps and data on-premises, and other apps and data in the cloud.

4. Take advantage of technology advances as they develop. Your VDI solution should spare you from doing any updates or maintenance - that should all happen automatically. 

Rock solid security

There just aren't any compromises when it comes to securing your clients' case information and intellectual property. What if we told you that with other cloud VDI solutions, your firm's sensitive client data, virtual desktop login credentials and other personally identifiable information (PII) passes through that vendor's cloud?  Or that your Active Directory credentials are stored in the vendor's cloud? That's just poor VDI architecture design, but it leaves your firm more exposed to security breaches.  Ask the vendors on your short list: "Exactly what data passes through your cloud?" You are going to want to understand this deeply. For rock solid security, what does the right VDI solution look like?

WS Arch Diagram.png

1. The VDI control plane must be separate from the data plane. The firm's apps and data should never, ever, enter the control plane cloud. Never, ever, ever.

2. End users access apps and data via Workspot Client - an elegant, unified workspace. IT uses sophisticated, context-driven security capabilities to configure access policies that secure data in motion and at rest. 

3. Big data analytics provides a detailed view into work-related user activity to ensure organization assets are being used appropriately. 

Hybrid deployment flexibility

Most firms we talk with have a cloud strategy, but they want to take a hybrid approach, using both on-premises datacenter infrastructure as well as the public cloud. This makes perfect sense to us; you need to have that kind of flexibility, and you need to be able to easily manage your apps and data across both on-premises and cloud infrastructure.  Drill down with the vendors on your short list to see how easy it is to do that.  How does the right VDI solution handle hybrid deployments?

1. You should be able to move to the cloud in your own time. Start with just a few users, get comfy, and then move more over incrementally as it makes sense.

2. You should have a single pane of glass to manage the deployment across on-premises and cloud infrastructure.

3. You should be able to move your workloads back and forth from cloud to on-prem and back if needed.

Operating expense predictability

This has been one of the most cruel realities of legacy VDI deployments.  The OpEx usually goes up over time, because those first generation solutions are so complex mere mortals can't manage them.  You need expensive consultants to make it all work and then keep it working, because solutions with so many points of failure are not easy to troubleshoot, nor are they easy to scale. But wait, isn't that the whole point of VDI?  To simplify your world? When evaluating VDI vendors, understanding the way they actually deploy workloads in the cloud is crucial.  Understand the VDI architecture, because those details matter most when it comes to security and cost.

The Takeaway

At Workspot, our whole reason for being is to make customers successful with VDI - be it on-prem, cloud or hybrid deployment. How do we do that? We reinvented VDI as a cloud-native service that eliminates the cost and complexity of traditional VDI solutions. The way we architected the solution, using stateless microservices and containers, has vast implications for security, scalability and cost. The Workspot cloud-native VDI control plane is super secure; your data never enters the control plane. All of your apps and data stay exactly where you want them - secure in your on-premises datacenter, in your own Microsoft Azure cloud instance, or both, and it's all manageable via a single pain of glass. We're the only vendor that does that! 

Definitely compare and contrast Workspot with other traditional vendors to understand the differences and whether or not they adequately address your biggest cloud computing concerns. We're proud to be working with some of the largest law firms in the world; their confidence in our solutions means everything to us.

Learn more!  Our Customer Success stories represent a variety of industries and implementation scenarios; the challenges these organizations faced will likely resonate.  One law firm tells their story here.


Take the next step!  Read our solution brief for more details about cloud desktop security.

New Call-to-action

Subscribe To Our Blog

Recent Posts