What law firms can learn from the National Cyber Security Centre (part of GCHQ)
The National Cyber Security Centre (NCSC), part of GCHQ, have determined that the safest place to keep their data is with Microsoft Azure and Amazon Web Service.
Time to debunk a myth then: private cloud (typically a local cloud service) or on-premise servers (your own servers) are safer than the public cloud.
In Layman’s terms, storing your data with Microsoft is much more secure than storing it in your building, or in your IT supplier’s cloud network, which most people currently do. As we’ve spoken about before, it’s also more cost-effective. Microsoft Azure is becoming a no-brainer for aspiring organisations.
So how should law firms react to this news? Firms should consider the security risk of their practices to their clients and audit their credentials. Cost-effective Cyber Essentials certification is available to provide insight into a firms robustness when it comes to their clients' information.
A spokesperson for the NCSC said: “This guidance has been developed through the shared expertise and successful collaboration between the NCSC, Microsoft and the Government Digital Service.
“The advice aims to help private and public sector colleagues check and improve the security stance of their Office 365 deployments.” Furthermore, in a blog post, the NCSC stated:
“We quickly realised that we’d need quite a lot of confidence in at least some of the cloud services we’re using. We reckoned that the most sensitive datasets would be in our emails and our document management system. To protect this data, we’d also need similar confidence in identity providers that make the decisions about who can access what data, and anything used to manage our devices. This meant that for the NCSC IT, we needed to focus on Office 365 and our two IaaS providers; Amazon Web Services and Microsoft Azure.”
So, what does this mean for partners and practice/IT managers? Well, the jury is out and it’s time for firms to begin considering best practices for 2019. Storing your firm’s data on-site or with your IT supplier’s data centre is costly and lacks the security credentials of modern systems. Public clouds, such as Microsoft Azure, offer a host of advantageous benefits to firms, including increased security.
Even the UK’s National Cyber Security Centre think so.