New challenges on the horizon in IT Law
Tue 3 Feb 2015

Jules Taplin, Director at Plan B Disaster Recovery, explains how the legal sector needs to prepare for increased cloud utilisation and to bolster risk strategy to ensure IT resilience…
There is one certainty around the cloud. Because it is enabling better functionality for businesses, and at a lower cost, its utilisation will increase. In 2015 we can therefore expect to see existing cloud providers grow in size and turnover, and new providers materialize, continuing to feed this growth market. This is great news for all business, enabling advancements in technology to promote more efficient, scalable and innovative businesses. Artisan cloud specialists will ultimately build a world where anything is possible.
The capabilities of the cloud are still being exploited and whilst this technology is evolving there is a strong need for collaboration. Only the largest cloud services providers such as Microsoft, Amazon, IBM and Google have the scope for global coverage, which leaves the smaller service providers needing to build a competitive ‘one stop shop’ solution from multiple vendors and subcontractors. Some buyers may not realise that the solution they are purchasing is unlikely to just involve one supplier, but instead a cascade of service providers that have been amalgamated together to produce the end result. This has its benefits in the solutions that become possible and the affordability, however the issues start to come with accountability and reliability which is where IT law faces new challenges.
Although the legal sector has now become fairly experienced at contracting for cloud service providers, as cloud uptake increases, the contracting process becomes more complex. IT law will need to be prepared for the following:
1. Negotiating service level and liability terms will become more complex as more business critical tasks are entrusted to the cloud. Purchasers are likely to want to tie down service level agreements, and suppliers are likely to be reluctant to take accountability for areas outside of their direct control.
2. If a number of different subcontractors are providing services to the primary cloud specialist to deliver the end solution, there is a greater risk, not only that one of them will fail, but also that that a failure of one subcontractor will take longer to rectify, and be more costly as third party negotiations and collaboration is required.
3. What happens if a subcontractor goes into administration or ceases trading? Is there a process of swap-out in place? How is the impact on the customer eliminated?
The landscape starts to get rather more complex for the legal sector as it needs to factor in all these interdependencies when contracting with a primary cloud services provider. Purchasers will therefore need to evaluate resilience and redundancy strategies, to ensure that there are adequate planning and processes demonstrated. It shouldn’t be a question of compensation, but more around ensuring that a level of resilience is built into the chain. More due diligence, such as financial checks on suppliers further down the chain, would be advantageous.
All of this means that businesses are under greater pressure to mitigate their risk against failure when working with cloud service providers. Both primary service providers and customers should highlight the risks and address them accordingly.
Having a high-performing disaster recovery service is one solution that can protect against all levels of failure in the chain and provides a single point of accountability for IT resilience. It converts a multiple-supplier risk strategy back into a single supplier situation, which will protect against the worst case scenario of loss of service. Resilience can be controlled to the level required by the customer, and risk can be managed. Legal companies are therefore expected to look for adequate disaster recovery provisions to complement cloud service providers in 2015 to address the challenge that will manifest itself with the increase in cloud utilisation.