Data Security On The Web

When first confronted with the possibility of using an web-based application most attorneys that I talk with invariably ask the question “What about security?”. This is a very broad and deep topic which has many facets many of which are beyond the scope of a simple discussion here. Let me try to put it into perspective by describing the two basic approaches that can be taken to answer this question.

One it to have the comprehensive discussion of all the technologies, software, procedures, and physical attributes of a “secure” data center environment. This is very time consuming and involves talking about some deep technology related topics. A second approach is to simply look at what is happening now inside a typical attorney’s office in regard to their IT environment. Then have them reflect on whether or not they are moving in the right direction by choosing a web-based application.

In most small firms that I have visited (10 or fewer employees which comprise the vast majority of attorneys work environments), it would be very easy to simply pick up their main network server (or any other PC) and walk out of the office. In some cases the server might be behind a locked cabinet or modified closet door with a simple lock. This is an example of poor physical security which exists in most law firms today and can result in loss of vital and confidential firm information.

Now you might argue that there would be a backup of the information that was lost when the PC was physically removed from the law firm. Regular backups are not consistently made in most small firms but more importantly most backups are never tested to see if recovery is actually possible. Many backup mechanisms are not adequate to restore applications and this is usually not discovered until recovery is actually practiced on real applications. Remember also that backups must be taken offsite in case of loss of the office location due to fire, flood, or some other catastrophe. Offsite backups are rarely done on a regular basis and no backup, even if it works, solves the problem that your client’s confidential data that just left the building!

Your new web-based application is running in a hurricane proof data center where physical access is highly controlled (by key cards and armed guards). In addition, backups are made frequently along with a transaction logs which facilitates recover to the current point in time in most cases if something goes wrong. Recovery is well understood and practiced regularly. Encryption technologies via Secure Sockets Layer(commonly known as SSL) protect your information as it flows across the Internet and with today’s high speed cable modems and DSL lines you can connect to the hosted servers where you web-based application run as fast as any server inside your office walls. This is the same technology used to secure most web based transactions from investment and consumer banking transactions to government and military data security.

Another key concern I hear is “I am going to lose control of my data”. Actually the opposite is true. Many of our customers actually gain greater control and greater value out of their data when moved to a new application environment. Why is this? Many firms today are using old antiquated systems that don’t allow for new functions and easy access to information. The process of moving to a new application can cleanse and restructure your information which frees you to gain new insights into your practice which were not possible with the old rigid applications.