Zero Touch is the next logical step for the Zero Trust Cloud
Guessing the future is a tricky business. However, as multiple trends converge in the cloud, it becomes easier to look ahead and see where the cloud is going and what that direction means for law firms.
2021 increasingly seems to be the year in which “zero touch” becomes a non-negotiable requirement for every cloud provider active in the legal field. Given how fundamental the cloud has become in law firms and corporate legal departments over the past few years, and the fact that these clouds routinely process a lot of confidential and privileged data, this shift toward zero touch is the logical next step in regards to it on cloud architecture and cloud security.
Zero Trust is just the beginning, not the end
In order to understand why companies and the industry are moving towards a zero-touch future, it is helpful here to secure and consider developments such as “Zero Trust” that have occurred before and to consider the conditions for this current moment create. Zero Trust made increasing inroads into the legal industry in 2020, exposing the misconception that a vendor’s cloud environment is the same as any other cloud environment.
The fact is, not all clouds are created equal: a cloud based on the Zero Trust security framework is critical to providing the highest level of protection for critical assets.
The Zero Trust security framework challenges the idea of trust in any form, be it the trust of networks, the trust between host and applications, or even the trust of superusers or administrators. Zero trust means that the best way to secure a network is to assume absolutely no trust level.
However, here we come to another moment when not all clouds are created equal. A zero trust framework is only as good as the number of people who have practical access to sensitive data.
In other words, Zero Trust only works when Zero Touch is the focus.
Prevention of security gaps through automation
So what is zero touch? This approach is about ensuring that no one – not even the small number of trusted resources that most cloud providers typically allow – has access to customer data.
As long as a person has access to the servers that run services and store customer data, there is a potential for security problems. Any potential disclosure or exploitation of the data can be done in a number of ways when there is such human access: it can be knowingly via an insider threat or some other bad actor, or it can unknowingly through a completely innocent mistake (e.g. an administrator who does this) Accidentally leaves a setting unsecured or clicks something they shouldn’t).
Using AI, machine learning, and new forms of automation, humans are being removed from the equation so that confidential customer data cannot be accessed.
For example, if a customer of a typical cloud provider wants that provider to collect some information about their data, that cloud provider lets one of their trusted people access the servers and manually type on a keyboard to run queries on the customer data.
This is a low risk scenario but it needs to be repeated: as long as a human is physically involved, a risk is introduced.
With a zero-touch approach, on the other hand, the provider has no practical access to the data. When a customer requests information, the engineering team would have to write an app that would then be moved to the production environment to securely collect the information from the servers. There would be no human, practical involvement in the data.
A similar hands-off approach would apply to more common scenarios like server patching or routine server maintenance. No person or account should be able to make one change to the system that could compromise the security of the system. Automating human vulnerabilities and approaching zero touch is one way to make this a reality.
Look ahead to Zero Touch
The adoption of clouds in legal organizations continues to gain momentum for the many benefits that the cloud offers, which only makes the underlying security of the cloud even more important. Zero Touch is leading the way, and increasingly savvy legal customers will ensure by 2021 that all cloud providers they do business with have zero touch a fundamental aspect of their approach to securing the sensitive data that is entrusted to them.