Let Lawyers Bring Devices to Work

Let Lawyers Bring Devices to Work

Let Lawyers Bring Devices to Work 150 150 Nextpoint
Law Technology News recently featured a great article by technology editor Sean Doherty called “Bring Your Own Device to the Law Firm,  identifying a set of principles Cardinal Health uses to allow lawyers to work on their own devices. These are guidelines every law firm, corporate legal department, and government office can use to devise a policy today that addresses the inevitable consumerization of IT, a development we’ve been talking about for almost four years.
Consumer Devices in Law Firms
First, why is this happening?
  • Users are demanding it as they stampede to smartphones and tablets.
  • The cost savings are enormous. Cardinal estimates $8 million in savings. Now we’re talking.
  • The gains in employee productivity are enormous.
  • The gains in security are also enormous as the signs are everywhere that existing security perimeters – especially in law firms – are porous at best.

Based on the Cardinal Health model, I’m going to layout how Nextpoint services meet the good design principles they used to custom build a solution.
If you’re an organization the size of Cardinal Health, this becomes a priority in your revenue generating businesses. But my sense from talking to our clients – both in-house counsel and also technology departments at law firms – is that it was going to be a difficult road to get funding for a custom built solution.
In other words, time to go to the cloud!
Downloading and saving data on the devices is prohibited
Laptops with privileged content on them probably represent the single greatest security threat.  And I have heard anecdotally from dozens of lawyers about a computer lost at an airport or lost by a shipper that was never recovered.
A substantial amount of development has gone into making our platform purely cloud-based. There is no controller, no need to save data locally to look at a document or spreadsheet. Does it require some additional storage – yes, we image every file on intake. But this means our clients have the security of knowing that the data is not brought local unless it absolutely has to be. This design also has the added bonus of working on any type of device your user brings into the organization.

Personal devices should not have direct access to the corporate network
By setting up Virtual Private Clouds (VPCs) for each matter and, in some instances, for each client, our users benefit from their legal-related data being segregated from their non-legal systems. After all, why would you want privileged documents co-mingled on a network with time and billing systems, human resource records, and document and contract management systems, not to mention email. Using Nextpoint allows our clients to know data is kept discrete from  other business process – in corporate or law firm settings. Our users can read depositions, code documents and search preservation archives from an iPad without exposing the organization’s other systems.
Security controls have to be reasonable, otherwise users would bypass them 
Most of our security controls are completely transparent to end users. Encryption at rest, encryption in transit, and daily penetration testing all guarantee our clients much higher levels of security than their on-premise solutions. Two-factor authentication via email ensures that each user session is validated and each device a user brings into the organization is validated – all programmatically. There is no ‘master admin’ user who must authorize each and every device – that would be too cumbersome and wouldn’t be used.
Combined with automated password recovery, users can forget their credentials and no matter what time of day or location, reset their password, verify their devices, and get back to being productive in a seamless manner. All with a much higher level of security than using a VPN into a corporate network.
Balance security controls with individual freedom
Ultimately, this is how all security must always be approached – no difference if you are securing data, airline travel, or your house. The key point here is that individual freedom is ultimately what makes us happy and productive. Committee-driven, highly centralized data systems are breaking rapidly because users are unhappy in them.
Enabling individuals to be mobile with their data ultimately makes all of your data more secure because it enforces the need for better technology. Air travel had to get safer because we travel, your home has to allow you to get in and get out because that is what a house does, and data in legal contexts has to move.  That is what data does in the law – it moves as a result of its very nature. Embrace this as an opportunity to get better technology to support these new devices.