We have spent time listening and seeking to understand unique challenges as it relates to cloud data privacy in the legal industry. We hear you!
Authors: Paul Edlund, Michelle Gilbert
At Microsoft, we understand the importance of data privacy. Law Firms have the additional burden of protecting Client Matter Data as a commitment to the customers that they serve. At Microsoft, our mission is “to empower every person and every organization on the planet to achieve more”. The goal of Microsoft 365 Solution for Legal is to address the concerns over blind subpoenas while helping Law Firms realize their full potential using the most secure cloud and leverage Microsoft Teams in a way that is curated and configurable to meet those requirements. For as long as Microsoft has had a cloud offering, it may have felt like we were ignoring these concerns that law firms have. In many ways, we lacked some of the controls that were needed. Indeed we are listening!
We recognize the value of Document Management Systems (DMS) providers and are working with many of the core software solution providers in this space to guide Client Matter Data to the DMS and keep it out of SharePoint and OneDrive when necessary. If data accidentally lands in SharePoint or OneDrive, we can leverage our file encryption technology to ensure that it is illegible to Microsoft (rendering it worthless to the blind subpoena) and only usable by you. The solution recognizes that each Law Firm is unique and have their own level of comfort with the cloud. So we also created an approach that can be modified to accommodate the needs and unique requirements that each Law Firm feels ready to adopt.
We have developed a 4-phased approach to 1) Enable, 2) Empower, 3) Differentiate, and 4) Transform your journey to Microsoft Teams leveraging Microsoft 365 security and compliance tools.
Firms want to enable better communication.
The first phase of “Enable” is what we will focus on first. Phase One illustrates a graceful way to enable Teams while turning off SharePoint and OneDrive. We want to drive collaboration while minimizing disruption for attorneys. So you will continue to leverage on-premise Exchange and Outlook for an email with plugins as the primary vehicle of communication. You will also continue leveraging existing DMS solutions for Client Matter Data creation and management.
The enablement phase enables Firms to use Microsoft Teams for instant messaging, chat and channel conversations with retention policies similar to what is already in place for any of Firms' other messaging tools. You gain the ability to experience a modern way of joining meetings across devices, understand someone’s presence/availability and even have peer-to-peer or group calling using voice over internet protocol (VOIP). You will be able to seamlessly extend communication using a Teams mobile app that works the same on IOS and Android. Teams is an amazing experience hands-free in your car. No more dial-in passcodes! Since we have disabled SharePoint and OneDrive in this phase, Law Firms can control client matter is located in the system that has been contractually agreed upon.
The second phase called “Empowerment” utilizes a combination of both communication and collaboration internally at Law Firms to leverage capabilities such as co-authoring, sharing, and cloud storage for appropriate audiences that don’t deal with Client Matter Data, but instead staff, committee, practice group, and non-client matter data that usually fills your on-premises file shares or even SharePoint document libraries. Utilizing Office 365 SharePoint and OneDrive policies with native DLP integration (blocking or alerting on client matter data being saved to Teams for example), ethical walls plus encryption and/or retention for information governance adds an added bonus that you may not be leveraging storing unstructured data in native on-prem locations. This opens Teams for threaded conversations and persistent chat, modern meeting recording with real-time transcription and translation, and the ability to access files anywhere.
Firms want to stop data from leaking.
The second phase is empowerment. In this phase, firms can start leveraging cloud storage capabilities. For those of you adopting Office Apps, OneDrive for Business, and SharePoint Online, this is your last migration! Law Firms use this phase to determine what can go into the cloud and where Client Matter Data should reside. Teams, powered by OneDrive and SharePoint enable co-authoring, sharing, and collaboration on documents. You also can choose to integrate with your Document Management System and store Client Matter Data in the location you prefer.
Data Loss Prevention is important to all companies. Law firms have the additional burden of protecting their client’s data as well. So we give you the tools to make sure that data can only be used in the ways you allow. This includes capabilities like:
Printing, copying & forwarding
Enforcing multifactor authentication rules
Restricting access from insecure locations or countries
Blocking access from insecure/unmanaged devices
Blocking access from accounts that have weak or exploited passwords
Blocking downloads/uploads to sites you don’t allow
Understanding insider risk that integrates with HR changes
For your most sensitive data, you can use Microsoft’s Double Key Encryption. This solution means that once we find and label the data, we encrypt it in a way that renders it illegible to the Microsoft Cloud. You still have access to the data, it’s encrypted with a key that is stored in your datacenter. This satisfies the concerns over a blind subpoena. Double Key Encryption (DKE) uses two keys together to access protected content. Microsoft stores one key in Microsoft Azure, and you hold the other key. You maintain full control of one of your keys using the Double Key Encryption service. However, certain cloud services are negatively impacted because the file can no longer be processed by certain services including:
Transport rules including anti-malware and spam that require visibility into the attachment
Content search and indexing
Office Web Apps including co-authoring functionality
Firms want easier sharing, integration, and automation.
The third and fourth phases include federation with select partners, clients for external chat capabilities, and/or external guest access for real-time file collaboration and storage with clients in Teams. You will have powerful data visualization tools that can be created by people without development skills. Your staff can quickly build rich dashboards, reports, and gain insights so long as they have the right permission to the data.
In addition, you can start to envision new ways of performing complex tasks through code-free automation, using bots to have a conversation with your data, information, and internal tools. Some examples include financial insights with time tracking; historical firm litigation matters; and knowledge management initiatives like using advanced artificial intelligence. You will be creating a knowledge network inside your firm consisting of data, people, and their skills so you can move faster than your competition.