Just like nearly every other knowledge worker, legal professionals are becoming more mobile than ever. Based on recent research commissioned by Workshare, 96 percent of legal professionals are accessing documents on the move, with as many as 84 percent requiring access to work documents outside of the office to get their jobs done. This requirement for mobile working is being sufficiently met with an abundance of cloud-based file sharing applications in the marketplace, but this is often at the expense of security.
More than half of employees are bypassing corporate policies and opting instead for unsanctioned file sharing applications – like Dropbox and Google Drive – and risk exposing sensitive and high-value legal documents. Not all law firms are equipped with their own security and risk management teams, which leaves essential data protection responsibilities unclaimed. And as consumer-grade apps continue to flood the workplace, it’s time for someone to regain control of corporate data and content.
Rise of the Data Guardian
While the IT department has traditionally been known to maintain systems and services within the four walls of the organization, this is quickly changing. In the next-generation workplace, IT must take the lead. With the vast majority of corporate data residing in Document Management Systems (DMS), Enterprise Content Management Systems (ECM) and cloud platforms, ensuring the data itself is protected – within the corporate firewall and beyond – means that the role of the ‘Data Guardian’ is one IT need to adopt.
The Battle for Control
The Bring-Your-Own-Device (BYOD) trend is widely recognized with most firms already having policies in place for using personal devices at work. But managing BYOD is only the first step. Firms must also recognize that BYOD and BYOA (Bring-Your-Own-Application) go hand in hand, which adds another layer of complexity to managing document security. BYOA (and BYO-file sharing apps, in particular) have created significant difficulties for the IT department, including:
- Version control – Content now resides in multiple repositories, some controlled by the IT group, with some controlled by users. This makes identifying the latest document versions increasingly difficult. With a handful of different versions existing alongside each other, employees could unknowingly update an outdated version, resulting in a huge drain on resources and even a hit to brand reputation if an incorrect version is shared externally.
- Data security – By their nature, given they derive from sharing non-business files, personal file sharing applications are unlikely to adhere to strict, corporate-defined, IT-enforced data security requirements and policies. These types of applications are at greater risk of letting hidden data (metadata) like track changes slip through the cracks, exposing highly sensitive information to unintended recipients.
- Lack of transparency – Because consumer-grade applications operate outside of IT’s governance, it is impossible to keep an audit trail that tracks how and with whom files are being shared is unlikely.
- Compliance adherence – For highly regulated industries like the legal sector, ensuring that the handling of documents complies with industry regulations is crucial. But with employees sharing files from personal accounts, without IT groups’ knowledge, compliance can prove extremely difficult.
The fight to enforce rigorous policies that address these issues and keep information secure is one that IT desperately wants – and needs – to win. As the protectors of company data, IT’s ability to maintain close visibility and control over intellectual property is its primary weapon.
Letting Go of “No”
With all of the challenges that come with personal file sharing applications, the immediate inclination for IT is to ban them outright. While this may seem like a knockout move in their battle for control, it doesn’t necessarily mean the war is won. For users, constantly hearing the word “No,” especially when it comes to the devices and applications that they enjoy using, can be extremely frustrating. Some users may voice their concerns, but it’s more than likely they’ll go behind IT’s back to find ways around usage restrictions.
At the heart of any peace treaty is compromise. IT needs to understand the way people work and enable them, but do so in a way that ensures data is protected. This means deploying a solution that features both users’ wants and IT’s requirements:
- Removing risk – IT should start with identifying the workflow processes that create the highest potential for risk and apply data control to those weakest links. Forrester found that the ability to set file access permissions was of primary importance, followed by other data control features such as authentication, encryption, file expiration, password protection and remote wipe.
- Mobilizing content – Collaborating outside of the firewall is a key driver for success for the majority of legal firms, yet for 60 percent of organizations, current DMS and ECM systems lack necessary cloud and mobile support. To prevent workers from using third party, cloud-file sync and share applications that might not meet IT’s security standards, legacy collaboration systems must extend secure collaboration syncing across devices and beyond the firewall to create a more agile workforce.
- Using appropriate cloud deployment – A crucial part of the decision-making process when considering a cloud-based application for file sharing and collaboration is whether to choose public, hybrid or private cloud infrastructures. Nearly half of organizations lean toward hybrid solutions, as they allow complete control over company data by permitting IT to choose exactly where their documents and data reside.
Provisioning an easy-to-use cloud collaboration application that users want is key to ensuring they aren’t drawn to using unsanctioned apps.
Finding a Balance
When BYOD and BYOA trends entered the workplace, they enhanced legal professionals’ productivity, but turned the tables on IT, who watched helplessly as sensitive documents became subject to risk. While there is no one-size-fits-all approach that will satisfying both stakeholders, there is a way to find a balance between security and productivity, and it’s with the advent of IT’s new role as the Data Guardian.
As the keeper of policy enforcement and procedure around the use of cloud file share and sync applications, Data Guardians transform how law firms approach collaboration and mobility. Gone are the days of banning devices completely – IT now understands how to empower users to work the way they want, while providing secure enterprise alternatives to consumer applications that enforce policy and keep sensitive information secure.