By: 5 September 2024
Cloud computing: The global IT meltdown gives the legal sector a lot to think about

Nigel Williams, Product Director, LexisNexis Enterprise Solutions:

The recent CrowdStrike glitch that took down 8.5 million Windows computers causing global mayhem is branded the worst cybersecurity event ever. Many critical industries including aviation, healthcare, and emergency services experienced the dreaded “blue screen of death”. Initially the blame was laid at the door of an update gone wrong, but now following CrowdStrike’s Root Cause Analysis, it is believed that the outage was caused by a single undetected sensor in the Falcon System that sits at the kernel level of the Windows operating system.

CrowdStrike event a wake-up call

While fortunately, the legal sector experienced minimal disruption, this event serves as a “wake-up” call for how firms must approach IT operations and security. The interconnectedness of global IT means that a single, innocuous software issue or defect can lead to a cybersecurity incident and IT collapse. Security and IT today depend on the collective strength of numerous components, techniques, tools, vendors, quality assurance, policies, and the list goes on.

No environment is 100% fail-safe. With the overwhelming move of IT infrastructure to the cloud in the last few years, firms need to recognise the potential challenges of placing “everything” in the cloud. One of the resounding rationales for cloud adoption has been that firms don’t have to worry about the “tin”; their hardware, software, and often data, is all managed by someone else. However, the CrowdStrike outage has shown us that firms do have to worry about all these, and perhaps consider a more balanced approach.

Full cloud, hybrid, or on-premise? It’s your choice!

Let’s take data storage. You must ensure that your firm’s data (and by association, your clients’ data) is safe and stored in a jurisdiction that complies with organisational and client policies. Does your cloud service provider guarantee robust data replication and backup plans so that, in the unlikely event when things go wrong, the problems can be quickly repaired? Aside from CrowdStrike, last year’s cyber incident at CTS, also highlighted the possible challenges of the cloud and a globally interconnected IT infrastructure.

Hybrid cloud model may be a better solution – where the software is deployed through the cloud, usually as a web application, but the firm retains control of the system’s core, including data, securely on-premise. Or if the core is deployed in the cloud such as via Microsoft Azure, perhaps the data is replicated across different time-zones so that in the event of an outage, business disruption is mitigated and minimised.

A hybrid model might take slightly more management but arguably, it gives greater control over some of the system and security elements, enabling a more personal solution to be delivered for a firm’s user community.

Henry Ford’s famous quote in relation to the world’s first mass produced car, the Model T, “you can have any colour as long as it’s black”, has similarities with today’s cloud conundrum.  The similarity lies in the sense that there is a lack of customisation, or high dependency on the ‘supplier’ for everything. The reality is that no matter what technology arrangement a firm chooses, the responsibility for ensuring its effectiveness, safety, scalability, reliability, performance, and more, will always remain with the IT function of the organisation – including all ‘outsourced’ elements. Today’s IT leadership must carefully consider the pros and cons of the IT models they choose. Rather than being swayed by industry claims or herd mentality, firms need to take stock of their business requirements, resources, and risk appetite, to arrive at a model that best fits the organisational need.

LLMs: build your own or buy? It’s your choice!

The same approach can be applied to the adoption of Generative AI. Today there are a handful of large language models that are owned by major players in the industry, who have made them available in the cloud and charge a lot of money to use. What is less known is that there are on-premise options whereby firms can build and implement LLMs/AI capabilities, giving complete control and ownership over the data, as well as reducing costs of participation.

It’s all about choice

Fundamentally, there are increasing technology choices for firms, which is of course, a good thing.  However, with multiple choices, come multiple risks, and with them different pros and cons. Yet, the role of the IT function will always be to deliver the best technology service at the optimum cost, and what might be right for one firm, isn’t necessarily right for another; indeed, what might be right for one department might not be right for another – at any level, architecturally, solution, or user experience. An IT leader’s role is to understand the fine detail of their business, the technology landscape and direction, and marry it to make the right recommendations for business success.

No technology or adoption model is foolproof and there is no right or wrong approach… except when it goes wrong!

This post is sponsored by LexisNexis Enterprise Solutions, headline sponsor of the Yorkshire Legal Awards 2024.

Guest Post
This post has been written by an expert guest contributor, just for Yorkshire Legal News.