Legal Firms and the Struggle
to Protect Sensitive Data
2016 IT Disaster Recovery Planning and Preparedness Survey
1
Table of Contents
Survey Objectives................................................................................................................................. 3
Survey Results................................................................................................................................... 4-10
Conclusion: Making Sense of the Data......................................................................................... 11
Key Insights................................................................................................................................... 12
Leverage IT Security and DR to Minimize Your Firm’s Risk........................................... 13
Why Firms are Turning to DRaaS........................................................................................... 14
Survey Overview
The demands of modernization in law firms have driven intense competition for innovation and service
to customers. But adopting innovations while also remaining secure from internal and external threats
have become a genuine concern.
As a leader in Disaster Recovery-as-a-Service (DRaaS), with expertise in serving law firms, Bluelock
commissioned an online reader survey with ALM (parent company of Legaltech News, Law.com,
The American Lawyer, etc.) to assess the current state of the legal industry’s IT disaster recovery (DR)
preparedness, pressures and confidence. We conducted the survey by asking legal IT professionals
(66 total respondents) in October 2016, to explore the following:
Top three challenges to firms’ operations
Respondents named “data security” (69%),
“budget” (59%) and “overburdened IT teams”
(40%) as their biggest challenges
Confidence in current DR plan
Respondents were very or somewhat confident (68%)
DR testing methods
Respondents were unsure of their
testing methods or had no tests (62%)
Increasing pressure from constituents
Respondents claimed increasing pressures
from auditors (51%) and clients (42%)
Survey Results
Despite Top Challenges to IT Operations...
Choose the top 3 challenges your firm faces when it comes to successfully managing IT operations.
★
★
Data Security
★
69%
Budget
59%
Overburdened IT Teams
40%
Client Demands for Audits & Systems Availability
22%
24%
Regulatory Compliance
16%
Datacenter Transformation
26%
Big Data
31%
BYOD & Personal Devices
9%
Getting Buy-In from Managing Partners
Other
5%
0%
5
10%
20%
30%
40%
50%
60%
70%
The Majority of IT Pros Have Some Level
of Confidence in Disaster Recovery...
68%
Percentage of respondents
that expressed confidence
in their DR plan
How confident are you that your disaster recovery (DR) plan is effective?
23% “very confident” | 45% “somewhat confident” | 20% “not sure” | 5% “somewhat confident” | 3% “not confident at all” | rest did not respond
6
But Most Aren’t Testing Their DR Plans
62%
Percentage of respondents
who claimed they didn’t test or
didn’t know what tests they did
This means the 68% who claimed
confidence in their DR plans may
be overconfident.
Given their concerns for data security,
this doesn’t bode well. If no DR tests
are being done, then firms are not
proactively identifying their
vulnerabilities. This increases the
potential risk and impact of security
incidents or an IT service disruption.
Please indicate what type(s) of DR testing you are currently using.
32% “not sure” | 16% “we don’t have a DR plan test” | 14% “we don’t have a DR plan”
7
Test to Minimize Your Risk
Please indicate what type(s) of DR testing you are currently using.
30%
28%
25%
20%
15%
16%
10%
11%
5%
0%
Tabletop Tests
Sandbox Simulation
Full-Scale Testing
(Teams Review the DR Plan)
(Technology is Testing in Isolation,
with No Impact to Production)
(Full Failover and Failback Testing
of Production Environment)
For those law firms conducting IT DR testing, sandbox simulations are most prevalent.
To thoroughly test disaster recovery plans and minimize risk, law firms should be initiating
sandbox simulation tests at least twice a year. When possible, full-scale testing is the most
true-to-life testing method and should be considered.
8
IT Departments are Facing Increased
Pressure from Auditors and Regulators
51%
Percentage of respondents
that claimed to face audits
and regulations regarding IT
data protection
How strongly do you agree with the following statement: “My organization is facing increasing pressure from IT audits and regulations”?
23% “strongly agree” | 28% “somewhat agree” | 27% “neither agree nor disagree” | 14% “somewhat disagree” | 8% “strongly disagree”
9
Clients are Putting More Pressure
on IT Departments
42%
Percentage of respondents who claimed
clients are requesting information
Because law firms house large
quantities of sensitive client data,
IT departments are facing increased
scrutiny — especially those whose
law firms provide service to clients
in the banking industry.
about their firms’ IT operations and
data protection policies
How strongly do you agree with the following statement:
“More of my clients are requesting information about my firm’s IT operations and data protection policies”?
11% “strongly agree” | 31% “somewhat agree” | 25% “neither agree nor disagree” | 13% “somewhat disagree” | 20% “strongly disagree”
10
Conclusion
Making Sense of the Data
Key Insights
Data Security is a Top Priority
In Cisco’s 2015 Annual Security Report, law firms ranked as the seventh most vulnerable business
sector to cyber attacks. Because legal proceedings often rely on sensitive client information,
hackers see an opportunity for profit and target firms for this data. No wonder 69% of respondents have ranked “data security” as the biggest challenge to their firms’ IT operations.
Success is Strained When IT Teams Lack Resources
IT professionals at legal firms are expected to be reactive to the needs of their partners.
However, stretched budgets (59%) and overburdened IT staff (40%) make it difficult to
embrace change in an era where it’s critical to mitigate risks. Because downtime can
be hugely detrimental to a firm’s reputation and livelihood, a proactive approach to DR
is essential.
Confidence Must Be Based On Evidence
Since data is has become a cornerstone of the modern legal practice, it’s no surprise that
regulators are taking more steps to ensure continuity and clients are requesting proof of
resiliency. Yet when 68% percent of respondents express confidence in their DR plans and
simultaneously fail to articulate their testing methods, constituents may see this disconnect as
an inability to survive in the face of crisis. 62% of firms don’t know what DR tests they perform
or have no DR tests at all, which poses a major security risk since vulnerabilities aren’t being
identified. Furthermore, it implies that their confidence in resiliency may be unfounded.
Leverage IT Security and DR
to Minimize Your Firm’s Risk
Information Security practices need to have direct ties to IT incident response procedures. Law firms
are increasingly turning to more modern and secure IT disaster recovery solutions to improve their
security and resiliency posture. By leveraging Disaster-Recovery-as-a-Service (DRaaS), firms are
making huge strides from existing backup-based or depreciated infrastructure to overcoming tight
budget and personnel constraints with robust data protection.
Taking steps to improve a DR strategy protects
your law firm’s reputation, client trust and –
ultimately – revenue.
“The reality is if your information
system is taken down for whatever
reason: a flood, malware, hack
attack, etc., you still have a business
continuity and disaster recovery
issue on your hands.”
- Ken Beaver, TechTarget
13
Why Law Firms are Turning to Bluelock
Legal firms are turning to Bluelock because we are dedicated to their security and empowerment.
Our Disaster Recovery-as-a-Service (DRaaS) isn’t just data protection. It’s the seamless delivery of
a digital experience, no matter the technology, so that your firm can tackle your future with certainty.
Serving as an expert extension of your IT team in handling the end-to-end responsibilities of DR
planning, testing and maintenance, Bluelock gives your IT talent the freedom to focus on other,
more pressing objectives that drive direct value to your law firm.
Worried about proof to constituents? Our client portal, Bluelock Portfolio™, offers complete visibility
with recovery metrics for even the most skeptical stakeholders, auditors or clients. Our unique
service program, Recovery Assurance™, offers verifiable evidence of recoverability and security.
For more information about Bluelock, visit bluelock.com/law.
14
Jumpstart your strategy by visiting our
Practical Guide to DRaaS.
www.bluelock.com | 888.402.2583 | Indianapolis · Las Vegas