- A modern cloud incorporates high performance and advanced security with the flexibility to meet unique client preferences like single-tenancy over multi-tenancy.
From document and email management, to collaboration and governance, the cloud offers the fastest and simplest way for law firms to deliver powerful capabilities to their professionals while dramatically reducing cost and complexity. In their eagerness to move to the cloud, how can firms ensure that they’re adopting a true modern cloud—one that fully embraces current best practices? As it turns out, there are several key things for firms to look for and questions to ask.
For decades, disaster recovery focused on the recovery point objective (RPO) and recovery time objective (RTO), and most clouds were built around the concept of having a datacenter in a single building in one location, and then another datacenter in a building several hundred miles away. The idea was to make the primary location as highly available as possible, and in the event of a catastrophic failure, to fail over to the secondary site, usually over the course of several hours.
A more modern approach is to utilise availability zones. This type of setup might involve three buildings in a single location —each with its own power, network, and cooling—that are virtualised and act like one virtual datacenter. This creates a highly available infrastructure, but the cloud architecture must support spreading both services and data across all availability zones to ensure service delivery with no interruptions, even if one of the buildings were to go down.
In an age of increasing weather-related disasters, determining whether or not your cloud vendor supports this modern approach is not a merely academic point—it’s the difference between having the highest levels of availability for your data or not.
Does it matter if the cloud vendor is building and maintaining their own datacenters?
Regardless of what kind of service a cloud vendor is offering, it really doesn’t make sense in this day and age for them to be trying to build out their own datacenters. Building datacenters to the highest specifications and performing the ongoing maintenance to keep them certified is simply too herculean a task.
For that reason, law firms should look to ensure that their cloud vendor has partnered with a leading web services provider—like Microsoft Azure, for instance—that can deliver the infrastructure portion of the offering as a service, while allowing the vendor to focus on their own unique value proposition. Trying to do both—trying to develop an innovative and industry-leading service while simultaneously trying to build out the same level of resiliency and availability zones that an established infrastructure-as-a-service provider can offer—is folly. The cost is so high that it’s not even a viable approach.
Choice of tenancy
When it comes to the cloud, it’s important to be clear about multitenancy. The ability to serve multiple customers (tenants) through a single, shared environment is good for the vendor, because it’s easier to maintain that single software stack, keep customers updated, and ensure that everyone’s running the same code. This, in turn, lowers the cost of delivering a cloud service, which is good for vendor and customer alike.
Here’s the thing, though: Not every customer wants to be in a multitenant environment. There might be financial services institutions, for example, that do not want their data in a multitenant situation where all customer data is stored in a common location—even if their data protected by encryption where they hold the key.
A modern cloud has the flexibility to meet these different customer preferences and offer a single tenant-type environment to customers who require it, either for regulatory reasons, client preferences, or other factors.
At the end of the day, customers have different requirements and the measure of a ‘modern cloud’ is not whether it’s multitenant or single tenant; it’s whether that cloud is flexible enough to meet the requirements of different industries and different jurisdictions.
Architecture as code
With a cloud that utilises architecture as code, humans are not directly involved in either the initial setup and configuration, or ongoing maintenance of the cloud architecture. If a customer needed to locate their data in—let’s say, Switzerland, or Korea—due to changing privacy laws around the world, the vendor can create a new instance at the push of a button, with no humans required. A vendor following a more traditional approach, by contrast, would need to find a datacenter in that country, rent the rack space for the servers, order the hardware, and then have actual humans configure and set it all up.
Zero-trust security
What becomes clear, then, is that architecture as code provides unmatched levels of agility, allowing the cloud vendor to react nearly in real time to the needs of firms. More than that, though, it provides a foundation for zero-trust security. A zero-trust security framework—one which challenges the idea of trust in any form, including trust of networks, trust between host and applications, and even trust of super users or administrators—is essential to security for a cloud offering. It’s difficult to achieve this zero-trust foundation unless there’s also a zero-touch environment in place where no humans are allowed access to the customer data—and that’s precisely what architecture as code helps to achieve.
Ask the questions
Only by asking the questions above and getting answers around the vendor’s approach to these foundational areas can law firms gain clarity on whether a cloud offering is modern or not.
A modern cloud platform allows legal professionals to be productive from anywhere while addressing needs around security, reliability, and performance; reducing cost and complexity; and increasing business agility.
Mark Richman, Principal Product Manager, iManage (https://imanage.com).
