By: Mark Richman, Principal Product Manager, Cloud Platform, iManage
Recently, the UK government unveiled plans to change data protection and privacy laws, with the aim of forging its own business relationships following Brexit. Now, a new series of “data adequacy partnerships” will allow Britain to drive international trade with several countries and bodies. These initial steps signal future changes to the way the UK and other countries approach data protection and privacy.
For professional services organisations of all stripes, including law firms, this shifting regulatory landscape informs what type of cloud platforms they utilise within the organisation. That’s because their choice of cloud platform – whether for their document management system (DMS) or some other business-critical system – has a bearing on their overall flexibility as an organisation and their ability to operate across geographies while remaining in compliance with applicable data protection and privacy regulations.
To deliver this operational flexibility to firms, cloud vendors must have a flexible cloud architecture themselves. What does this look like in practice, and what advantages does it deliver?
Compliance and Performance – Not Compliance or Performance
A cloud vendor utilising a flexible and distributed architecture can help firms more effectively address several thorny problems that they have to navigate in ways that SaaS platforms based on an outmoded cloud architecture simply cannot.
For starters, to stay in the good graces of various privacy laws, it’s not enough to store content in the home region and make sure it physically resides on servers in that region. Firms must also ensure that that all data processing happens exclusively within that region.
The distinction between the two is important. Keeping data domiciled in a specific location doesn’t do much good if various functions that process that data – for instance, indexing, or optical character recognition, or AI-enabled automatic classification – copy or move the data to an entirely different region during processing.
If a vendor cannot guarantee that the processing of that content is actually happening in the same region where the content is stored, that vendor does not have a true distributed architecture.
While firms are wrestling with these tricky data regulations, they also need to have their clouds operate from an end user’s perspective as if the content were not globally distributed. In other words, documents and important content need to be instantly accessible, with no excessive lag time, and without end users having to jump through any hoops to access regionally distributed content.
If a cloud vendor’s architecture is truly flexible and distributed, it will be able to respect privacy laws without any compromises from an end user perspective or from a performance perspective, putting a “global matter file” at users’ fingertips.
If a cloud vendor isn’t utilising a modern architecture that considers this use case, they might still be able to deliver the content on a regional basis, but they won’t be able to deliver on the performance front. Those inherent limitations will, in turn, limit the ability of the firm’s professionals to get work done on a daily basis as efficiently as they otherwise could.
A Modern, Nimble Approach
A flexible cloud also offers advantages for everything from disaster recovery (DR) to service provisioning.
Effective DR requires geographically distinct regions, and a cloud built on modern architecture can handle that intrinsically, taking advantage of the capabilities of public cloud vendors that utilise availability zones. In this type of setup, there might be three or more buildings in a single area with their own power, network, and cooling. Data is replicated simultaneously across these different buildings, creating a highly available virtual datacenter.
A cloud architecture that hasn’t been specifically architected to take advantage of those capabilities simply won’t be able to deliver that higher level of availability.
A modern cloud is also able to perform service provisioning in a much more nimble and efficient manner by deploying infrastructure as code. With the push of a button, a new instance of the cloud service can be created in a fully automated fashion to any location around the world – all the better to respond to fast-changing global data privacy regulations, while simultaneously providing the best performance to users in their region.
Similarly, a cloud architecture that utilises a containerised Kubernetes architecture enables that SaaS vendor to deploy on any PaaS platform that supports Kubernetes – which is fundamentally all of them. This provides an additional layer of flexibility in terms of the providers that the cloud vendor can use, rather than being locked into one provider. Needless to say, none of this flexibility is possible for a cloud built on outdated technology.
Clear Security Advantages
It’s worth noting here that the more that you spread your architecture across the world, the more you are increasing the surface area for attack by bad actors. If you don’t have a modern flexible architecture that has security designed into the architecture from the outset, it becomes increasingly difficult to ensure that you can provide adequate security over the valuable content managed by that cloud.
Fortunately, when you have a security-first architecture, it’s possible to build all of the encryption and security models into the platform both at the infrastructure level and at the software level. All points of the architecture are encrypted, content is encrypted at rest and in motion, and encryption keys can easily be managed by the customer if so desired.
This foundational encryption – coupled with Zero Trust security principles and Zero Touch operations that are difficult to retrofit onto an existing architecture – helps ensure that security is considered from day one by modern and flexible clouds, in ways that older cloud architecture can’t match.
Don’t Limit Yourself
Ultimately, the degree of flexibility that is baked into a cloud vendor’s offering – how modern the architecture is, how flexible it is, and how distributed it is – will determine how much operational flexibility firms have as they seek to adjust to a dynamic and rapidly changing business environment.
A firm’s choice of cloud vendor can serve as something that holds them back – or something that helps them reach new heights. For those firms hoping for the latter outcome, a modern, flexible cloud is the only choice.