Peer to Peer: ILTA's Quarterly Magazine
Issue link: https://epubs.iltanet.org/i/1439196
37 I L T A N E T . O R G processes in place to safely take ownership of that key. The critical point here, however, is that the fundamental architecture and the solidity of the encryption should be identical regardless of who holds the primary key. Put another way, from an architectural perspective, a modern cloud should offer exactly the same protections regardless of whether a CLD or law firm is using CMEK or not. Bulletproof Backups A modern cloud helps legal organizations mitigate data loss via comprehensive backups of all documents, emails, and other important data. Having robust backup of content means that – in the unlikely event that an organization's content is infected with ransomware or a natural disaster strikes – they have the ability to restore back to the point before the data loss or disaster. Sounds straightforward enough, but not all clouds are equal on this front. Older generation, outdated cloud designs rely on secondary data centers within region for disaster recovery if the primary data center experiences a catastrophic failure for any reason. Modern cloud architectures leverage a more advanced, effective approach that replicates customer data across multiple availability zones within a primary region. Availability zones ensure business continuity and resilience for business-critical workloads. They help client data stay synchronized and accessible if disaster strikes. They ensure data and resources are highly available, fault-tolerant, scalable, and resilient as compared to using a single data center with a regional fail-over option. A cloud that fully leverages Microsoft Azure infrastructure for storage, data networking, and hardware, for example, can take advantage of geo zone-redundant storage (GZRS) which provides very high resiliency on all content with the ability to restore any file or piece of content to any point in time within a vendor configurable period. Beyond simple cloud storage, GZRS replicates data synchronously across three Azure availability zones in the primary region and then synchronously replicates that data to an additional three available zones in a paired remote region. Each availability zone is a separate physical location with independent power, cooling, and networking, delivering the most modern approach to content resiliency, availability, and disaster recovery. Intelligent Threat Detection No discussion of data security is complete without a mention of threat detection, as threats can arise from both outside and within the organization – the dreaded "insider threat." A modern cloud will proactively and accurately detect suspicious behavior, spotting both internal and external threats to the system, with the ability to take action automatically. AI and machine learning are helpful here for identification of aberrant activities, which can be f lagged for review or immediate action. These behavior analytics rules are designed to be early indicators of potential risk by detecting behavioral differences using user behavioral modeling – in the process, helping to identify threats before they snowball into something larger and more damaging. Zero Trust and Zero Touch Strengthen the Protection A modern cloud built on zero trust principles further reinforces the levels of protection around sensitive work product. Zero trust assumes no implicit trust between any two services. Service-to-service communication must be explicitly granted via IP port and protocol. Consequently, it would be very difficult for an attacker to infect the services. If an attacker were able to access services, the hosts do not have internet access – so it would be extremely difficult for