Someone recently asked me if you can justify NOT being a cloud-first law firm in 2024. Here’s the brutally honest answer I gave them (and how I would answer this question as the CIO):
But first, some background information:
Law firm IT departments have to be incredibly cautious. The data we hold is beyond precious, and high-profile leakage incidents have only made us more wary. I get it.
But if security is our top concern, here's what I’d ask myself as a law firm CIO today:
Am I REALLY better off handling this in-house?
Or would it make more sense to outsource it to a major cloud provider?
To answer this question, I’d look at these two factors:
1) How many security professionals do I have on staff?
2) What's my security budget in the first place?
In most cases, we’re looking at 2-5 security professionals and a budget of £200K - £300K. So, for the majority of firms, the decision should be clear.
Now, I understand the concern of outsourcing security. When relying on major cloud providers, you’re suddenly at the mercy of Google, Amazon, or Microsoft.
Ultimately, all we care about is security. Like most of you, it keeps me up at night. It’s an area we must continuously invest in.
So, my number one recommendation, even more critical than going cloud-first, is to hire a strong, tech-focused CISO.
This person should look after not just accreditations (though those are important) and take care of the things that truly matter.
That means:
Better penetration testing
Vulnerability scanning
Time-based access controls
Identity management
In other words, all the nitty-gritty details that actually keep our data secure.
TAKEAWAY:
If you want to sleep better at night as a law firm CIO in 2024, the formula is simple:
1. Go cloud-first
2. Bring on a tech-focused CISO
3. Invest in the right security practices and processes
… the alternative is to hope that the Goliaths of the hacker world don't notice you. And that's a risk I’d not be willing to take.
ShareDo - legal case management platform
コメント