- Security TWENTY
- Women in Security
GDPR is without a doubt placing pressure and emphasis on the way businesses handle and manage sensitive customer data, writes Stuart Sharp, Global Director of Solutions Engineering at OneLogin.
To make things even more complicated, we have consumers driving change and demanding businesses adopt technology that influences the customer experience. The legal sector has perhaps struggled more than most to address such demands.
While it is one of the most data conscious sectors, legal professionals hold an astronomical amount of sensitive and confidential data imperative to legal cases which is attractive to malicious criminals on the lookout for lucrative data. The big task for many is moving away from carrying around boxes upon boxes of files, to accessing data on the go via the cloud. A scary concept for many. For this reason, the legal sector is a prime candidate for digital transformation.
Like many sectors, legal firms are at different stages of digital evolution. For example, companies that were able to see the digital transformation storm coming and realised early on that they needed to change, implemented a private cloud-based strategy to create shared deal rooms for lawyers. Firms that are yet to consider digital transformation still rely heavily on on-premise solutions, only allow remote working via unreliable VPNs to access hosted desktops and see the most important solution as being the old-school devices they arm each legal professional to access to corporate email. Such companies are years behind the industry leaders in this respect. Senior partners and leadership teams don’t know where to start and end up trying to avoid addressing the subject by burying their heads in the sand. As a result, such firms are having their hands forced towards cloud-based applications by the likes of multinational software providers, which have made the decision to discontinue on-premise solutions and migrate users to new cloud-based solutions.
For those who are finding themselves being forced to embark on the digital transformation journey, it is important to ‘simplify the scary’ and break strategies down into discrete steps to identify short and long-term goals, as opposed to seeing it as one large project.
Often the first and least scary step is to identify different groups of users and what they need access to. Not all users are tech savvy, so by understanding the wider picture in terms of application usage, IT teams can get a handle on the scale of Shadow IT, which refers to applications accessed via the corporate network without the consent or knowledge of the IT department.
By using third-party Identity and Access Management (IAM) providers, firms will be able to manage identities across the network and provide suitable adaptive authentication tools to identify users based on their location, time zone, and device. Any anomalies in behaviour raise a red flag to IT teams and automatically request a second factor of authentication, be it a token sent via text message, a predetermined question or even biometrics, depending on the device used. This way, employees can access applications with ease and are only required to use Multi-Factor Authentication (MFA) when the login attempt is deemed to be a security red flag.
Without realising it, the migration journey from on-premise to the cloud has already begun. As a company’s digital evolution continues to become more reliant on cloud-based models, the use of UAM will be imperative to connect the two environments and link disparate, chaotic networks. As such, there is clear demand for a solution that supports every endpoint of the complex corporate network, regardless of whether it’s cloud-based or on-prem.
Legal firms need to tackle this issue head-on and unify the corporate network through one single solution. IT teams need the ability to manage access for traditional on-premise and cloud applications simultaneously through a “single pane” management console that is purpose-built for hybrid customer environments. A single UAM platform allows companies to modify access privileges across all applications in real time vs. days or weeks, and slash access management costs by 50pc or more — that’s the power of UAM. In turn, this unifies access management not only for applications on multi-platforms, but also networks and devices, using SaaS (Software-as-a-Service) infrastructure to synchronise all corporate users and user directories.
By unifying all corners of the corporate network through one platform, legal firms of any size can finally align their platforms and digital transformation strategies to enable their legal professionals to work from anywhere, at any time and from any device, with peace of mind. This can bring the end of having to haul boxes of legal files between the courtroom and the office and welcome a bright new world where users can access files remotely at the click of a button – and with less back pain.
While many IT managers in the legal sector may feel this is easier said than done, if senior partners and the end decision makers are involved in the early stages, and shown proof of concepts, implementation processes will run a lot smoother.
Ultimately, digital transformation is a huge opportunity for legal firms. Not only can it help them differentiate themselves from competitors, it can also attract fresh talent and prioritise secure data access and management for their client’s piece of mind.