Business Continuity for the Distributed Firm
For many law firms, the 2020 pandemic was their first time experiencing a large-scale disruption. With social distancing measures in place, firms have had to rely heavily on technology to maintain remote productivity and client service. It has become clear that the firms who have taken this opportunity to identify vulnerabilities and improve their virtual capabilities are in a significantly better position to weather the storm.
One significant change has been the emergence of the Distributed Firm, in which employees regularly work both in and outside of the office, using a variety of devices to access the system. This distributed way of working enables firm employees to maintain productivity from any location, however it requires expert IT planning and support to be successful.
In this article, we look at the key technology requirements for business continuity planning for the Distributed Firm, and present solutions firm managers will want to consider.
Remote Work Readiness
Before Covid-19, most firms had some remote work capability, usually designed to support lawyers working from home or other locations during evenings and weekends. The solutions were not intended for full firm operation on a continual basis, so adjustments were needed when firms abruptly changed to a distributed model.
There are several options for access to the firm’s applications and data from distributed locations: A point-to-point virtual private network (VPN) is a traditional solution that effectively extends the firms internal network to a PC running at a remote location. Software applications are installed on the remote PC, which accesses data using the local Internet connection.
While it is convenient for users to use familiar environments such as home computers to access firm resources, there are significant drawbacks to the approach. Most legal software is designed to operate at local area network speeds which are typically 5 to 10 times faster than Internet bandwidth. Further, data latency (delay) on the Internet is much greater. The result is that most traditional software will leave users frustrated with slow and unreliable performance when operating over a VPN.
Further, while the VPN connection itself is likely secure, the user’s local Windows environment using a shared computer may not be. For example documents opened on the remote computer become susceptible to malware that may exist on that computer. When the file is saved back to the firm’s network, the malware may propagate. Managing these risks is a significant IT task, and one that the firm’s team may be under resourced to handled.
Another option for remote access is to establish a connection from a remote computer to a “host” desktop in the office. In this “remote control” arrangement the remote computer controls the office host. The user sees the Windows desktop of the office host.
The benefit is that the environment is the familiar business environment and ideally no files are transferred to the local computer. All of the work takes place on the host and just the screen images are sent to the remote computer. In reverse, keyboard and mouse inputs are the only information sent to the host computer. This arrangement solves the key issues of VPN, as processing takes place on the fast internal firm network and Internet speeds are more than adequate to transfer screen images and input. Although some security risks remain, they are greatly reduced in this configuration, especially if it is combined with a secure VPN.
The significant downside is that if the host computer reboots or becomes unavailable, remote access is cut off. IT must support a separate connection and configuration for every remote computer, which significantly increases support requirements at a time when IT support may be limited. Managing a fleet of host computers for remote legal users is a large new IT management task that does not scale well beyond a small numbers of users. Costs and reliability can quickly get out of hand.
The third option, which meets the new requirements of full-scale distributed work, is to centralize the office host into a managed server dedicated to the function of sharing virtual desktops for multiple users. The server is administered by specialized IT resources and the solution is designed to scale. This is called Virtual Desktop Infrastructure. Users are able to access their files and software in a familiar environment, and there’s no need to copy or even save data to a remote PC. When outsourced to a Private Cloud, the solution meets user requirements, is highly secure and is cost-effective.
If there’s an interruption to office access, users resume work remotely with all their software, emails and files securely available. There’s no additional equipment needed other than a remote device and an Internet connection. Everyone is immediately ready to get back to work from distributed locations.
Essential Technologies for the Distributed Firm
Tools & best practices for distributed work
Uptime & Systems Availability
A key business continuity risk is availability of back-office IT systems. For operations to continue, your systems must be up and running and accessible. With traditional on-premises IT there are many vulnerabilities to manage.
Physical threats to your equipment include events at your office such as fire, overheating, water damage, disruption to your power supply or failure of connectivity. You also need to consider the possibility of vandalism or unintended physical damage to your systems. Each of these risks should be mitigated with appropriate measures such as fire detectors, cooling systems, power controls, and physical access controls.
Cyber threats to system availability include dangers such as hacking, bots, viruses and mal-ware, phishing, ransomware, denial of service and other electronic threats. These risks can be reduced with appropriate security software, advanced configuration of firewalls, and robust management of user access. As threats are constantly changing, it is an ongoing task to manage and update these systems.
With the right investments and management these risks can be managed, but in a 4-5-year server lifecycle, there is considerable risk of an extended service interruption. Also, the reality is that many firms don’t have the resources to implement and manage the required protective systems.
Outsourcing to an experienced data centre provider offers an alternative to onsite equipment by including built-in threat management and high availability of systems. A professional data centre offers protection from physical threats including power generators, fire suppression, controlled physical access and alternate network paths. IT infrastructure includes extensive hardware redundancy at the server, storage, power, networking and Internet levels.
Cyber protection includes software to protect servers and endpoints including anti-virus, anti- malware, anti-spam and others. Advanced configuration of firewalls provides threat detection and enhanced security for managed remote computers. Even if a threat materializes, extensive system virtualization allows redundant servers to assume workloads from affected systems.
Virtual Desktop for the Distributed Firm
Data Safety & Backup
An essential element of planning for the unexpected is to ensure your data is safe and can be reliably and quickly restored.
There are two scenarios where you are likely to recover data. Disaster recovery, such as from equipment failure or a ransomware attack, you need to recover all your data, possibly onto rebuilt systems. Alternatively, you may only need to recover individual work items such as documents or email that have been accidently deleted or corrupted. In either scenario, you need an accessible copy of your data on secondary media disconnected from your main system, ideally at a separate location.
For both scenarios, there are several features to consider: Restore Points, or the frequency of your backups, determines from when you’ll be able to restore - can you restore from every day in the past week, or just from month ends? Time to Recovery determines how long it will take to restore and how long you will be down. Data Retention Period indicates how far back your backup goes - can you restore for a full year, or just for 30 days?
Understanding these dimensions will help you evaluate whether a proposed solution meets your business and professional requirements.
An important consideration is whether the firm has confidence in its ability to manage and routinely test the restore functionality. Setting up and maintaining backup technologies over a long period of time is a significant investment and requires monitoring by firm management. An alternative is to outsource these functions to a Private Cloud provider, where these features are included as part of a standard IT package. Such providers have the scale and specialized resources to ensure backup systems are configured properly and your data is always available.
Private Cloud for the Distributed Law Firm
Learn why it's the smartest option for Canadian firms.
One of the most important considerations for business continuity isn’t the systems, but the people who are charged with “keeping it running”. In a business disruption, you can expect your IT support requirements will significantly increase. Does your team have the experience to do a full recovery under pressure?
When a firm has invested in the right equipment and configurations, they also require an IT team with the specialized skills and experience to handle new requirements under pressure. One of the great strengths of outsourcing to a Private Cloud provider is that the service team supports firms at scale and has the specialized skills to meet new requirements – they’ve done it before. Also, the team is “remote ready” and already supports users from offsite. Expert support will help in the battle to preserve the firm’s productivity in a challenging situation.
Technology has become the backbone of a firm’s business continuity plan. For the Distributed Firm, virtual capabilities are essential for maintaining continuity of practice, and the best way to achieve this is with a Private Cloud solution.
With the right Private Cloud provider in place, the Distributed Firm can maintain business continuity and enhanced employee productivity in just about any scenario.
Private Cloud for the Distributed Firm
Executive Summary for Firm Partners