News

Due Diligence Key When Adopting Cloud, says Databarracks

Cloud
The Solicitors Regulation Authority's (SRA) apparent reluctance to provide guidance on new technologies means law firms currently searching for a cloud service provider (CSP) need to take it upon themselves to carry out comprehensive due diligence and in-depth reviews says Peter Groucutt, Managing Director of Databarracks.

A recent report from Databarracks, in collaboration with Frank Jennings, Commercial and Cloud lawyer at DMH Stallard LLP and Chair of the Cloud Industry Forum Code of Practice Board, identified the key challenges and benefits to law firms embracing cloud services. The report highlighted legitimate concerns regarding the SRA’s lack of proactivity in this area, especially in comparison with their counterparts.

Groucutt states that such an approach will only serve to hinder the legal sector during a time when guidance is most needed: “As more and more firms look to embrace cloud services, they will look to the SRA for direction.

"Naturally, as with any new technology, firms will have questions regarding the services available and there may be a lack of understanding as to which path to take when migrating to the cloud, especially in terms of data security. If the SRA continues to remain inactive in this area, confusion, questions and the potential for mistakes will only increase.

Groucutt continues: "While these steps might seem basic, they are certainly effective. A small amount of guidance has a big impact in a field like cloud computing. The SRA should look to follow suit, working with CSPs in order to provide guidance to those considering migration.

"In the meantime, firms actively looking to move to cloud services should carry out full due diligence checks when identifying a potential CSP. Comprehensive SLA’s should be agreed and specific data security and compliance concerns should be addressed at the outset.

Groucutt concluded: "As a starting point, firms should look to the accreditations of the CSP to determine their credibility. Ensuring that providers are compliant to standards such as ISO 27001 for information security, should give some reassurance. Also looking at general cloud industry standards such as the Cloud Industry Forum’s (CIF) Code of Practice, which seeks to assure end-users receive high quality services by providing certification to credible suppliers, will serve as a useful guide to law firms until the SRA decides to act.”