Legal Cloud: Have It Your Way
Legal Cloud today announced that several top, international law firms had signed up as early testers of its virtual data center services for the legal market. The Legal Cloud is operating a ‘closed beta’ with select law firms interested in reducing the costs of their existing collocation facilities, finding a way to implement a business continuity program without duplicating private infrastructure or simply planning for their future primary and secondary infrastructure facilities.
What Makes This Different?
From their blurb:
The founders of the Legal Cloud have been working in the legal technology industry for over a decade. We understand that the needs of international law firms are different to other industries. Our data centers are optimized to meet the needs of law firms. Our choice of technologies, performance, data storage, latency, service level agreements, security and features have all been specifically devised to support the needs of the legal industry (source).
Why This Is Important From a Cloud Security Perspective?
- This cloud is designed around the needs of a specific industry: with a well defined set of clients in mind it can cater to the groups specific operational and security needs
- These are not just “any customers”: international law firms that will have legal, compliance and security requirements over and above your “average” cloud customer today. This needs to be a cloud with ‘higher assurance’ features to gain the trust and buy-in of legal CIOs
- The security conversation suddenly becomes a lot more focused: we are not talking about a general “one size fits all” cloud anymore and facing the disharmony of varying customers security needs and provider capabilities. This may sound trivial but security conversations can get painful fast when customer and provider come from different worlds.
- In a view I’ve held for a longtime, its a taste of things to come: banking clouds, healthcare clouds, federal clouds (happening now). Yes, there are other industry specific clouds (e.g. Salesforce Service Cloud) and they have their own security requirements, but arguably less assurance will be demanded by customers.
- The customers become an important lobby group for future security feature requests: instead of X voices asking for completely different things, the community of Legal Cloud users will state requirements “loud and clear” and if nScaled doesn’t listen, provide an opportunity for “Another Legal Cloud” to steal customers.
- The success of this cloud will be judged by many: if nScaled delivers on their promise, they will benefit from first mover advantage and become the “standard” for legal cloud. From my UK experience, the legal community is cautious about new technologies and is a pretty tight-nit group, so if sufficient “established” legal firms move its not hard to imagine many more following (well, I’m sure that’s what nScaled hopes ;-).
What Is On Offer?
Legal Cloud is offering the following on a services basis:
- Fully virtualized data centers
- Business Continuity Service
- Active Cloud Servers
- Unlimited Storage
- Snapshot recovery points
And here’s how it looks from a 50,000ft:
What Do They Say About Security?
After a brave headline of “Security Guaranteed” (sure to rile anyone in information security), they go on to state:
The security of your data is of paramount importance. Here is how we guarantee it’s security.
Secure Data Centers
Our data centers are highly secure and redundant precision environments backed by the Fanatical Support of Rackspace. (SAS-70 Compliant)
Secure Virtual Private Networks
We extend your network into the Legal Cloud using VPN (Virtual Private Network) and VLAN (Virtual LAN) technologies. Your data is encrypted during transit with IPsec. Within the Legal Cloud, your data is segregated in logically separate areas from other clients data and attached only to your private networking. This gives each client their own private network and storage in the Cloud.
Client Data is encrypted from client source servers to target devices using strong encryption protocols.
Not on the public Internet
The legal Cloud is not exposed to the public Internet. It is actually an extention of each clients internal network, each seperated by strong security protocols.
Service Level Agreements
We are working on appropriate SLA’s for our legal customers during the beta period.
Psychologically, I suspect the most significant reassurance for many CISOs will be this one single sentence: “Not on the public Internet”. Beyond that, use of IPsec will make this feel very much like a standard 3rd party ‘partner’ connection. I don’t see any mention of storage encryption options as yet, nor any further detail on the logical separation - once I’ve had a briefing and can speak more to the security aspects, I’ll post more.
P.S nScaled have annouced a couple of webinars aimed at their target audience here.