Law Firm Data Security: 4 Best Practices for Storing Data in the Cloud

If every law firm could lock all of its data behind an airtight firewall, securing data would rarely be an issue. But like all businesses, law firms can no longer maintain tight, on-premises control of their data. Lawyers and other employees need to be able to access client data from a wide array of mobile devices and cloud-based technology. Meanwhile, cloud apps are emerging as must-haves for managing a wide variety of enterprise services; implementing cloud technology is how firms stay innovative and responsive to modern client expectations. 

In this vast universe of mobile devices and cloud apps, it is imperative that law firms have a plan for securing data—both their own and their clients’—in the cloud. Fortunately, there are numerous solutions and strategies for securing this data optimally. Let’s explore four best practices that every firm should use to adequately and properly secure data in the cloud:

1. Comprehensively Track Mobile Devices in Real Time

No matter how much a firm may try to limit the use of mobile devices, the pressure from employees eventually becomes too overwhelming to overcome. Law firms must accept that employees will be using a lot of mobile devices—often. Rather than manage mobile devices in a piecemeal and haphazard manner, leading firms are developing a comprehensive strategy for keeping track of all mobile devices. This work is commonly known as Mobile Device Management (MDM). 

If you’re already using ServiceNow for IT Asset Management of all your firm’s mobile devices, you can integrate ServiceNow with Microsoft Intune. Intune pulls detailed information from each device and connect devices to specific users, essentially turbo-charging the IT Asset Management functions of ServiceNow. Intune not only tracks who is in possession of which devices, but also the specific configurations of access and permissions on a particular device. For example, Intune lets a firm restrict data access based on factors such as location or sensitivity of a given app. Intune also supports single sign-on to all web apps—but only when those apps are connected to the Azure Active Directory. Significantly, Intune is housed within the Microsoft Azure cloud environment, which means that like all Microsoft products, Intune invests heavily in data security.

Free Assessment: Take Our Free ITSM Maturity Assessment and Compare Your Company to 100 Other U.S. Law Firms

 

2. Have a Strategy for Managing Mobile Apps

Once a law firm starts tracking mobile devices, the firm also must manage all of the mobile apps that employees will be using on these devices. This work is known as Mobile Application Management (MAM). Through MAM, firms ensure that when employees access mobile apps, they do so securely. MAM encompasses strategies for granting access to apps without granting root-level access, and for drawing a sharp line of separation between professional and personal data. 

If you’re using Microsoft Intune, you can be assured you’re getting maximum options for managing mobile apps. For example, you can enable forced check-in so users receive important updates and policy changes. You can use biometric technology when accessing Outlook emails, and enable reading of encrypted emails. Over time, you can implement apps for employees to do their time, expenses, and other client management-related activities—all under a unified, integrated security umbrella. Even with all these security features, Intune does not compromise the user experience. In fact, Intune is known for its seamless integration with Office and other Microsoft productivity tools. For all of these reasons, Microsoft has been named an industry Leader in Gartner’s Magic Quadrant for Unified Endpoint Management.

Check out the video below and see how Crossfuze helped implement legal IT services for MacFarlanes, LLP

3. Integrate Device and App Management with HR Onboarding and Offboarding

One of the most laborious, riskiest stages of Asset Lifecycle Management is during HR onboarding and offboarding. At these critical times, firms are under enormous pressure to act quickly: New employees need immediate access, transitioning employees need modified access, and departing employees need to have their access removed. Consequently, firms cut corners. Changes don’t get recorded properly. Mistakes get made that compromise security. The solution is to integrate device and app management with HR onboarding and offboarding functions.

When using ServiceNow for HR onboarding and offboarding, it’s important to integrate your ServiceNow platform with Intune to bring all MDM and MAM functions under the ServiceNow umbrella. Not only will you save time and money, but you also will ensure key workflows don’t slip through the cracks. For example, during onboarding in ServiceNow, you can auto-enable a new employee’s migration to Intune, or trigger Terms of Use customized for the employee to auto-populate. ServiceNow puts so much trust in Microsoft’s security and privacy capabilities that ServiceNow uses Azure as a preferred cloud platform for highly regulated industries. 

Recommended Reading: 10 Pillars of ServiceNow Success for CIOs

4. Integrate IT Service Management with Device and App Management

When law firms respond to IT service requests, security is a major consideration. From device wipes to password resets to locate-my-device requests, most IT Service Management functions involve thinking through and giving deference to security concerns. To ensure these security considerations are given appropriate and consistent weight, firms would be wise to integrate their IT Service Management operations with their device and app management operations. When you integrate ServiceNow and Intune, you’re able to resolve asset- and app-related security issues in the same system where you’re managing the incident itself. For example, devices can be locked without leaving ServiceNow. This integration with Intune has major implications not only for efficiency and quality, but also for ensuring security considerations get the attention they need. 

Final Thoughts

Law firms, like any business, cannot stop employees from using mobile devices and from increasingly turning to cloud solutions. Fortunately, you can use best-practices strategies and tools to protect the confidentiality and security of data in the cloud. 

If you’re interested in harnessing the power of ServiceNow and Microsoft Intune to turbo-charge your law firm’s data security, please reach out to Crossfuze at LetsTalk@crossfuze.com. We can show you why there’s no reason to fear migrating your data to the cloud.