Utah Bar Journal: Outsourcing - for Easy, Effective Data Protection

June 11, 2005

Outsourcing - for Easy, Effective Data Protection

by David Saperstein

Attorneys' Data - and Practices - Are Vulnerable
Attorneys, whether solo practitioners, members of a small or large firms, or in-house counsel for corporations, need to consider these statistics:

¥ 40% of data loss arises from hardware failure and 29% from human error.1

¥ About 7 million laptops are lost, badly damaged, or stolen each year.2

¥ 47% of organizations surveyed by the Computer Security Institute experienced between 1 and 5 computer security breaches in the last 12 months.3 56% of disaster recovery professionals identified such issues (e.g., unauthorized access, viruses) as an extreme threat to business continuity.4

¥ The amount of stored data is growing at 125% per year.5 This growth increases the data security, long-term recordkeeping, and/or auditing challenges of compliance with such laws as Gramm-Leach Bliley, the Health Insurance Portability and Accountability Act (HIPAA), Sec. Rule 17a-4, and Sarbanes-Oxley.

¥ Companies that cannot resume operations - including recovering key data - within 10 days of a disaster are not likely to survive.6

What do these statistics have to do with the practice of law? Answer these questions:

¥ Who performs data backup in the office (or branch offices) and how often? Is the backup reliable?

¥ Does the office maintain a copy of its data off-line - and off-site in a secure location - so that it is safe from natural disasters, technical malfunctions, and accidents at your site (as well as from a range of human risks such as deletion errors, viruses and hacking)?

¥ How fast can the office recover its data? How much of it can be recovered?

Depending on the answers, an attorney's entire practice may be vulnerable to a crippling, even lethal, data loss.

Since the adoption of imaging copiers in the workplace and the CM/ECF system (case management / electronic case filing) in the federal judiciary, as well as the developing state court imaging initiatives, more and more legal documents are electronic. That means the firm's critical documents and related emails need to be backed up - consistently and reliably - to protect its attorneys' practices and to provide ethical, leading-edge service to its clients.

What can attorneys do in the face of daunting limits?
Attorneys face limited budgets, limited time, and limited (or no) professional information technology (IT) staff. Many law firms and legal departments print electronic documents and store the paper. But with email, and electronic documents increasing, the time has come for effective, comprehensive records management programs that include electronic as well as printed documents.

Ensuring Data Protection, Disaster Recovery, and Business Continuity - with Electronic Vaulting Services
One of the most effective solutions to these data protection challenges is outsourcing data backup and recovery to an "electronic vaulting service." In fact, Enterprise Strategy Group, a leading storage industry research firm, recommends that small and medium organizations use electronic vaulting services to overcome hurdles like insufficient IT staff, IT costs, backup reliability issues, and technology complexity.7

This article describes what electronic vaulting services can do for law firms. It also describes how backup differs from "digital archiving," an important but different solution.

How Electronic Vaulting Services Work
Electronic vaulting services move data over the Internet from a law firm's servers and/or PCs to an off-site, secure electronic vault. Here, the information is stored on disks. Backups occur automatically and "transparently." In short, these services don't disrupt business or require your attention.

After an initial full system backup, only file changes and new files are transmitted. This allows the service to run in near real time if desired (for optimal data protection and recovery) and minimizes bandwidth needs.

As a result, data - up to the latest backup - are available to be easily and quickly restored. Recovery occurs over the Internet through any Web browser as soon as it is initiated. (For large server restores, a network attached storage device containing the recovered data is delivered within 24 hours.)

Backup transmission of server data is monitored and managed 24x7x365 by IT professionals who ensure its success. However, the law firm's authorized personnel have control of all of the firmÕs backup data.

The law firm can often contract for different backup schedules at different price points. Backup schedules should be based on how critical each type of data is to the firm. Key points to consider in making these decisions are:

¥ The necessary recovery point or how much of a type of data the firm needs to recover to resume business.

¥ The necessary recovery time or how long those data can be unavailable to the firm's practice without damaging it (minutes, hours, days.)

Advantages of Electronic Vaulting Services
The benefits to electronic vaulting services are easy to see.

No backup burden. There are no data backup time and costs for the firm or its internal staff. Nor is there hardware or software infrastructure for the firm to buy, update, and maintain.

Instant off-site protection. For data that are backed up, there is up-to-the minute protection and recovery. Within the electronic vault, a copy of the firm's data is safe from technologic malfunctions, human errors, disasters, and hostile employees at the firm's location. Depending on the vault site, it is also protected from local or regional problems like power outages and natural disasters. Some electronic vaulting services go one step further to protect the firm's data by copying the online backup data to tape for storage elsewhere. Being off-line and out-of-reach, that tape backup is safe from cyber threats.

Fast, reliable recovery - any time, any place. The firm's data are available to be reliably recovered - up to the last backup. By comparison, backups and restores of traditional media can be unreliable and time-consuming when performed by non-technical people.

Recovery time is critical for resuming business. Many electronic vaulting services offer an easy-to-use Web browser interface through which non-technical users can quickly restore data themselves with minimal intervention - as well as "granular" restores (i.e., of a few files) from the backup disk. These features reduce or eliminate the costs of IT help.

Professional management. For servers, trained IT professionals monitor backups and proactively contact the firm if backup is disrupted at the firm's site - for example, from a power or system failure. Those professionals work with the firm to complete backups and to restore data as quickly as possible.

Assessing Electronic Vaulting Service Providers
To maximize benefits and fine-tune the electronic vaulting services it needs, a law firm should look for these additional features.

Off-site and off-line, as well as online, data protection. Optimal data protection is off-site (safe from destruction at the law firm's site), off-line (safe from computer viruses and worms), and out-of-reach (safe from a law firm's hostile employee).

Top-quality security. To ensure lawyer-client confidentiality and meet legal privacy requirements, data security is critical for law firms and clients, especially in particular sectors. Firms need to ask service providers about security measures for the network, for the electronic vault and (if data are also backed up to tape) for the media vault.

24x7x365 monitoring and management. With electronic filing, the courts are open for business around-the-clock. If attorneys work or backup data after normal business hours, they need data protection then as well.

Vendor reliability. Look for financial stability and a history of reliable customer service.

Special expertise. Find out if a service handles Microsoft Exchange, open-source databases such as Oracle and SQL, and open files.

Flexibility and breadth of offerings. See if a service offers storage and retention options (e.g., for compliance), customization of backup schedules, different pricing structures and Service Level Agreements, and a variety of solutions - server and PC backup, as well as digital archiving

This brings us to another critical point: digital archiving.

Electronic Vaulting Services Versus Digital Archiving: What's the Difference?
Electronic Vaulting Services back up critical data on a regular basis and electronically and physically vault it off-site so that if the law firm experiences a natural or man-made disaster, it can recover its data quickly and securely.

Digital Archiving Services consolidate the firm's electronic records - emails, images, CM/ECF files (pdfs), electronic statements, and more - into a unified, browser - accessible archive, for fast and easy search, retrieval, and management. Unlike backups, which store information in a format that is designed to reduce storage volumes and speed recovery, digital archiving ensures that when the law firm or client needs access to a specific record (e.g., for litigation or auditing) it can be found quickly and easily.

The Next Step
As more legal processes go online, an effective, comprehensive records management program that protects law firms' practices should cover electronic as well as paper documents. Many lawyers have established sound, ethical paper records programs. But issues of technical complexity - plus limits on time and budgets - mean that attorneys' electronic records are often at risk.

Fortunately, alternatives exist today that can relieve the backup burdens on attorneys, their administrative personnel, and even over-extended IT staff. These alternatives include outsourced services for electronic vaulting and, when appropriate, digital archiving. These two solutions can protect attorneys' data, their practices, and their clients from a range of risks and disruptions that will only grow as the practice of law and the legal system become increasingly electronic.

1. Allan Rocek, "How Secure Is Your Storage," BankInfoSecurity.com, June 9, 2004. See http://207.234.191.209/?q=node/view/1285.

2. Drew Robb, "Who Needs Mobile Backup," Enterprise Storage Forum, September 2, 2003. See http://www.enterprisestorageforum.com/management/features/article.php/2245011

3. "2004 Computer Security Institute/FBI Crime and Security Survey." Computer Security Institute, 2004. Page 8.

4. Top Business Continuity Priorities for 2004," Envoyworldwide, 2004. Page 1. This survey of the members of the New England Disaster Recovery Information X-Change is available at www.envoyworldwide.

5. Charlie Garry, senior program director, Meta Group Inc. cited in Neil Murvin, "ILM: Separating the Hype from the Reality," Computerworld, October 6, 2004.

6. Rocek, op.cit. See http://207.234.191.209/?q=node/view/1285

7. John McKnight, "The Changing Dynamics of Backup and Recovery in the Small land Medium Business (SMB) Market: New Requirements and Systemic Challenges Open the Door for Online Backup Service Providers," The Enterprise Strategy Group (formerly, the Enterprise Storage Group). 2004

Posted by BarJournal at June 11, 2005 03:08 PM


	Utah Bar Journal Articles of the Utah Bar Journal « Some Thoughts Concerning Trustee Selection \| Main \| Standards for Standards' Sake: » June 11, 2005 Outsourcing - for Easy, Effective Data Protection by David Saperstein Attorneys' Data - and Practices - Are Vulnerable Attorneys, whether solo practitioners, members of a small or large firms, or in-house counsel for corporations, need to consider these statistics: ¥ 40% of data loss arises from hardware failure and 29% from human error.1 ¥ About 7 million laptops are lost, badly damaged, or stolen each year.2 ¥ 47% of organizations surveyed by the Computer Security Institute experienced between 1 and 5 computer security breaches in the last 12 months.3 56% of disaster recovery professionals identified such issues (e.g., unauthorized access, viruses) as an extreme threat to business continuity.4 . ¥ The amount of stored data is growing at 125% per year.5 This growth increases the data security, long-term recordkeeping, and/or auditing challenges of compliance with such laws as Gramm-Leach Bliley, the Health Insurance Portability and Accountability Act (HIPAA), Sec. Rule 17a-4, and Sarbanes-Oxley. ¥ Companies that cannot resume operations - including recovering key data - within 10 days of a disaster are not likely to survive.6 What do these statistics have to do with the practice of law? Answer these questions: ¥ Who performs data backup in the office (or branch offices) and how often? Is the backup reliable? ¥ Does the office maintain a copy of its data off-line - and off-site in a secure location - so that it is safe from natural disasters, technical malfunctions, and accidents at your site (as well as from a range of human risks such as deletion errors, viruses and hacking)? ¥ How fast can the office recover its data? How much of it can be recovered? Depending on the answers, an attorney's entire practice may be vulnerable to a crippling, even lethal, data loss. Since the adoption of imaging copiers in the workplace and the CM/ECF system (case management / electronic case filing) in the federal judiciary, as well as the developing state court imaging initiatives, more and more legal documents are electronic. That means the firm's critical documents and related emails need to be backed up - consistently and reliably - to protect its attorneys' practices and to provide ethical, leading-edge service to its clients. What can attorneys do in the face of daunting limits? Attorneys face limited budgets, limited time, and limited (or no) professional information technology (IT) staff. Many law firms and legal departments print electronic documents and store the paper. But with email, and electronic documents increasing, the time has come for effective, comprehensive records management programs that include electronic as well as printed documents. Ensuring Data Protection, Disaster Recovery, and Business Continuity - with Electronic Vaulting Services One of the most effective solutions to these data protection challenges is outsourcing data backup and recovery to an "electronic vaulting service." In fact, Enterprise Strategy Group, a leading storage industry research firm, recommends that small and medium organizations use electronic vaulting services to overcome hurdles like insufficient IT staff, IT costs, backup reliability issues, and technology complexity.7 This article describes what electronic vaulting services can do for law firms. It also describes how backup differs from "digital archiving," an important but different solution. How Electronic Vaulting Services Work Electronic vaulting services move data over the Internet from a law firm's servers and/or PCs to an off-site, secure electronic vault. Here, the information is stored on disks. Backups occur automatically and "transparently." In short, these services don't disrupt business or require your attention. After an initial full system backup, only file changes and new files are transmitted. This allows the service to run in near real time if desired (for optimal data protection and recovery) and minimizes bandwidth needs. As a result, data - up to the latest backup - are available to be easily and quickly restored. Recovery occurs over the Internet through any Web browser as soon as it is initiated. (For large server restores, a network attached storage device containing the recovered data is delivered within 24 hours.) Backup transmission of server data is monitored and managed 24x7x365 by IT professionals who ensure its success. However, the law firm's authorized personnel have control of all of the firmÕs backup data. The law firm can often contract for different backup schedules at different price points. Backup schedules should be based on how critical each type of data is to the firm. Key points to consider in making these decisions are: ¥ The necessary recovery point or how much of a type of data the firm needs to recover to resume business. ¥ The necessary recovery time or how long those data can be unavailable to the firm's practice without damaging it (minutes, hours, days.) Advantages of Electronic Vaulting Services The benefits to electronic vaulting services are easy to see. No backup burden. There are no data backup time and costs for the firm or its internal staff. Nor is there hardware or software infrastructure for the firm to buy, update, and maintain. Instant off-site protection. For data that are backed up, there is up-to-the minute protection and recovery. Within the electronic vault, a copy of the firm's data is safe from technologic malfunctions, human errors, disasters, and hostile employees at the firm's location. Depending on the vault site, it is also protected from local or regional problems like power outages and natural disasters. Some electronic vaulting services go one step further to protect the firm's data by copying the online backup data to tape for storage elsewhere. Being off-line and out-of-reach, that tape backup is safe from cyber threats. Fast, reliable recovery - any time, any place. The firm's data are available to be reliably recovered - up to the last backup. By comparison, backups and restores of traditional media can be unreliable and time-consuming when performed by non-technical people. Recovery time is critical for resuming business. Many electronic vaulting services offer an easy-to-use Web browser interface through which non-technical users can quickly restore data themselves with minimal intervention - as well as "granular" restores (i.e., of a few files) from the backup disk. These features reduce or eliminate the costs of IT help. Professional management. For servers, trained IT professionals monitor backups and proactively contact the firm if backup is disrupted at the firm's site - for example, from a power or system failure. Those professionals work with the firm to complete backups and to restore data as quickly as possible. Assessing Electronic Vaulting Service Providers To maximize benefits and fine-tune the electronic vaulting services it needs, a law firm should look for these additional features. Off-site and off-line, as well as online, data protection. Optimal data protection is off-site (safe from destruction at the law firm's site), off-line (safe from computer viruses and worms), and out-of-reach (safe from a law firm's hostile employee). Top-quality security. To ensure lawyer-client confidentiality and meet legal privacy requirements, data security is critical for law firms and clients, especially in particular sectors. Firms need to ask service providers about security measures for the network, for the electronic vault and (if data are also backed up to tape) for the media vault. 24x7x365 monitoring and management. With electronic filing, the courts are open for business around-the-clock. If attorneys work or backup data after normal business hours, they need data protection then as well. Vendor reliability. Look for financial stability and a history of reliable customer service. Special expertise. Find out if a service handles Microsoft Exchange, open-source databases such as Oracle and SQL, and open files. Flexibility and breadth of offerings. See if a service offers storage and retention options (e.g., for compliance), customization of backup schedules, different pricing structures and Service Level Agreements, and a variety of solutions - server and PC backup, as well as digital archiving This brings us to another critical point: digital archiving. Electronic Vaulting Services Versus Digital Archiving: What's the Difference? Electronic Vaulting Services back up critical data on a regular basis and electronically and physically vault it off-site so that if the law firm experiences a natural or man-made disaster, it can recover its data quickly and securely. Digital Archiving Services consolidate the firm's electronic records - emails, images, CM/ECF files (pdfs), electronic statements, and more - into a unified, browser - accessible archive, for fast and easy search, retrieval, and management. Unlike backups, which store information in a format that is designed to reduce storage volumes and speed recovery, digital archiving ensures that when the law firm or client needs access to a specific record (e.g., for litigation or auditing) it can be found quickly and easily. The Next Step As more legal processes go online, an effective, comprehensive records management program that protects law firms' practices should cover electronic as well as paper documents. Many lawyers have established sound, ethical paper records programs. But issues of technical complexity - plus limits on time and budgets - mean that attorneys' electronic records are often at risk. Fortunately, alternatives exist today that can relieve the backup burdens on attorneys, their administrative personnel, and even over-extended IT staff. These alternatives include outsourced services for electronic vaulting and, when appropriate, digital archiving. These two solutions can protect attorneys' data, their practices, and their clients from a range of risks and disruptions that will only grow as the practice of law and the legal system become increasingly electronic. 1. Allan Rocek, "How Secure Is Your Storage," BankInfoSecurity.com, June 9, 2004. See http://207.234.191.209/?q=node/view/1285. 2. Drew Robb, "Who Needs Mobile Backup," Enterprise Storage Forum, September 2, 2003. See http://www.enterprisestorageforum.com/management/features/article.php/2245011 3. "2004 Computer Security Institute/FBI Crime and Security Survey." Computer Security Institute, 2004. Page 8. 4. Top Business Continuity Priorities for 2004," Envoyworldwide, 2004. Page 1. This survey of the members of the New England Disaster Recovery Information X-Change is available at www.envoyworldwide. 5. Charlie Garry, senior program director, Meta Group Inc. cited in Neil Murvin, "ILM: Separating the Hype from the Reality," Computerworld, October 6, 2004. 6. Rocek, op.cit. See http://207.234.191.209/?q=node/view/1285 7. John McKnight, "The Changing Dynamics of Backup and Recovery in the Small land Medium Business (SMB) Market: New Requirements and Systemic Challenges Open the Door for Online Backup Service Providers," The Enterprise Strategy Group (formerly, the Enterprise Storage Group). 2004 Posted by BarJournal at June 11, 2005 03:08 PM

The Utah State Bar presents this web site as a service to our members and to the public. Information presented in this site is NOT legal advice. Please review the Terms of Use for more policy, disclaimer & liability information - ©Utah State Bar email:webmaster@utahbar.org