Dot the I’s and cross the T’s: data management requirements for the legal sector

Diego Devadas, Enterprise Sales Director and Steve Young, Sr Director Technical Services at Commvault, discuss the challenges associated with data management in the legal industry, along with how the industry could benefit from upgrading its data solutions.
Diego Devadas, Enterprise Sales Director and Steve Young, Sr Director Technical Services at Commvault, discuss the challenges associated with data management in the legal industry, along with how the industry could benefit from upgrading its data solutions.

COVID-19 has had an enormous impact on the legal sector and law firms. Unashamedly traditional, with most work carried out face-to-face, most lawyers would go into the office every day before the pandemic. But this conservatism served a practical purpose. With so much confidential information stored digitally on predominantly on-premises IT infrastructure, being in the office was the only safe and secure way to access highly sensitive data — data that was often safeguarded with super-strict security, encryption, and authentication, and locked behind in air-gapped IT infrastructure.

However, like every other sector, the pandemic and the accompanying work-from-home advice meant that law firms had to find a way to give their staff access to case information outside the four walls of their practice.

As such, they had to rapidly embrace cloud-based infrastructure and software. It was a situation that was repeated across the country in every part of the economy. But it was a particular challenge for the legal sector because technology adoption is typically extremely slow and cautious. However, with the pandemic and lockdown, there was no time to wait.

Law firms generally see the advantages of cloud adoption — just like other businesses — and even before COVID-19, it was on their IT roadmap. They understand that it can deliver lower overall cost of IT infrastructure, increased collaboration, scalability, and elasticity.

But law firms have rigorous contractual obligations to protect client data and ensure that it stays safe and confidential. This goes far beyond GDPR and must reflect global data protection and access legislation. To ensure data isn’t accidentally or maliciously compromised, almost every large law firm has an internal IT security team — which shows just how high the stakes are. So, it’s no surprise that cloud suppliers to law firms must go through a rigorous procedure — presenting to security teams and senior partners to win a contract.

The role of IT teams in legal practices

Despite making up a relatively small part of a law firm’s employee base, there’s an opportunity for IT teams to take an educational role and push for more cloud technology adoption. The lawyers themselves need to understand and be comfortable with any move to the cloud — and who better to offer assurances than their own IT team. IT teams are also in an excellent position to explain some initial cost-saving and efficiency figures that pave the way to start talks with cloud-first vendors.

Of course, this can be easier said than done when you’re trying to pin down a senior partner for a tech discussion. But even with only the briefest of meetings, IT teams within legal practices can be the agents for change and innovation. We talk a lot about IT vendors working as partners with their clients, but this is particularly true in the legal sector. Law firms genuinely want and need a cloud-first provider that can act as a technology partner and deliver critical ongoing support to their lean IT teams. They need a trusted partner that can keep them up to date on new product developments and ensure they can safely adopt new technology to enhance efficiency, evolve their practice and improve competitiveness.

Data discovery and management

Taking a step back for a moment, law firms need to understand the different kinds and volumes of data they store before moving to the cloud. Many cloud-based technology providers offer solutions that can help law firms with this task — often referred to as data discovery. Data discovery facilitates the location and identification of all the information held within a practice. By its nature, this process highlights sensitive content, and, from that point, cloud vendors can help law firms develop a strategy to manage it. It could be, for example, that some of the most sensitive data remains in an on-premises environment while less sensitive information moves to the cloud.

At the other end of the spectrum, data discovery lets practices identify information that hasn’t been touched or accessed for years — and might even be duplicated — and help them rationalise that before any move to the cloud. Once this data has been identified, it can be deduplicated and moved off primary storage to a cheaper but still secure form of storage. This helps drive down the cost of cloud adoption and IT overheads in general — making it easier to locate information when it is needed. It also makes it simpler to analyse and work with case data and keep unstructured data under control.


The legal sector is quite rightly subject to plenty of scrutiny due to the sensitive data that it handles. As a result, law firms can’t afford to take any chances or make any mistakes with cloud technology adoption. They need a planned approach to cloud migration that begins with data discovery. And they need a technology partner that can help them figure out the most appropriate way to manage, store and access each different type of data. Done correctly, this process can also deliver cost savings by deduping and archiving data and making sure that data isn’t left behind, deleted, or exposed when the time comes to migrate to a cloud-based or hybrid IT infrastructure. Once a law firm’s data has been organised in this way, the risks of moving to cloud-based applications are much reduced, and practices can transition to the cloud with confidence.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter


  • data, Security & Data, Dot the I’s and cross the T’s: data management requirements for the legal sector

    Steve Young is an EMEA Senior Director in Technical Services at Commvault, responsible for providing technical direction and enabling large enterprise organisations to adopt and leverage the Commvault technology for their Data transformation. Steve has over 25 years of experience protecting critical data for highly regulated global companies having previously worked at UBS and Credit Suisse in Global Data Protection roles.

  • data, Security & Data, Dot the I’s and cross the T’s: data management requirements for the legal sector

    Diego Devadas is the UK Enterprise Sales Director at Commvault, leading and motivating the team to perform to a high standard. Having worked with clients in various industries, including legal, retail, technology and critical national infrastructure, Diego can identify solutions to address customer key priorities and business challenges. With over 18 years of experience in the IT industry solving complex Data Management challenges, he helps companies unlock potential in their data.

How to defend against Active Directory attacks that leave no...

Amber Donovan-Stevens • 16th September 2021

Cybercriminals are using new tactics and techniques to gain access to Active Directory in novel ways, making their attacks even more dangerous—and more necessary to detect. This article will explore a few types of attacks have been seen in the wild that leave no discernable trail or, at least, any evidence of malicious activity, explains...

8th worst in Europe: Cybersecurity for UK business

Amber Donovan-Stevens • 10th September 2021

In the article, Hayley Kershaw, AdvanceFirst Technologies, analyses the data from recent research to identify successful cybersecurity practices from countries achieving the top-ranking and how, with the UK’s commitment to cybersecurity, businesses can improve.

Join our webinar on 28th September: How the digital nomad generation influences business behaviour