This is the second in a short series of blogs looking at some of the main findings to emerge from the recent benchmarking study Hybrid Working & Law Firms’ Long-Term Cloud Journey undertaken by Legal IT Insider in association with Philips.
The study was primarily aimed at gaining an understanding of the progress that law firms are making in migrating to the cloud. However, much of the information generated by such firms contains personal information that is sensitive in nature. So, ensuring such information is safe from the prying eyes of online hackers is critical.
Consequently, an important element of the research was to evaluate how confident the respondents (and their clients) were in the ability of cloud providers to ensure that all types of data, including the audio files and file attachments associated with digital dictation and speech to text software, were safe and secure.
Most cloud providers follow best security practices and build robust data security into their solutions, underpinned by their extensive resources and decades of experience.
This is reflected in the comment by one respondent who said “It is impossible for on-premises to be as secure as the cloud. Security technology requires a level of scale and investment that cannot be achieved on premises.”
It’s unsurprising, therefore, that results from the study demonstrate a growing confidence in the levels of security now provided by cloud service providers. It found that 73% of respondents believe none of their clients are unhappy or uncomfortable with their data being stored in the cloud, whilst a further 21% expressed only minor reservations.
Reinforcing the above point, 74% of respondents believe that cloud solutions are now more secure than their on-premises counterparts.
Cloud security features
So, what are the key features that enable cloud service providers to deliver exceptionally high levels of security?
- Data loss prevention: To secure your data in the cloud, it is important to consider the security of the data in all states – at rest, in transit and in storage. Data loss prevention (DLP) services offer a set of tools and services designed to ensure the security of cloud data. This includes the use of encryption techniques to create a layered defence that makes it more difficult for an unauthorised person to gain access to sensitive data. For example, with the Philips SpeechLive product, all types of audio files are always created, sent and stored with industry standard AES 256-bit encryption.
- Securing the operating system: No matter what operating system the cloud provider supports, factors such as regular maintenance, proper configurations and patching methods can strengthen the security of that system. Scheduling maintenance windows and staying current with system configuration requirements are integral components of cloud security.
- Protecting the network layer: Network security is all about protecting resources from unauthorised access or attack by applying controls to network traffic. The goal is to ensure that only legitimate traffic is allowed. The tools used by cloud service providers to provide a robust networking infrastructure include network access controls, firewalls and perimeter network (DMZ) architectures.
- Security monitoring, detection and response: Security information and event management (SIEM) provides a comprehensive security solution that automates threat monitoring, detection, and response in cloud-based environments. The use of monitoring and logging features can enable notifications for things like unexpected configuration changes or authentication failures and ensure a speedy reaction to any potential threats.
- Business continuity and disaster recovery: Regardless of the preventative measures that are in place, data breaches and disruptive outages can still occur in the cloud. Disaster recovery solutions are a vital element of cloud security, providing the tools, services and protocols necessary to expedite the recovery of lost data and resume normal business operations as soon as possible.
Another important factor in the overall approach to protecting your data is the way in which the leading cloud service providers adhere to international standards for security and compliance. For example, the Microsoft Azure hosting service used by SpeechLive is certified for the ISO/IEC 27000 family of information security standards, in particular ISO 27001, which is an internationally recognised best-practice approach aimed at helping organisations to manage their information security by addressing people, processes and technology.
Whilst cloud providers are responsible for protecting their data centres and cloud infrastructure, as we have seen above, we should not lose sight of the fact that security in the cloud is a shared responsibility. Consequently, it falls on their customers to protect the data that flows to and from these systems and within their own organisation.
The security responsibilities from a user organisation’s perspective include managing users and their access privileges through the use of identity and access management (IAM) features. These incorporate password management, creating and disabling credentials, role-based access controls and privileged account activity.
More detailed results of the benchmarking study can be found at: Cloud Report 2023 by Belinda Hermans - Flipsnack