X

Thank you for sharing!

Your article was successfully shared with the contacts you provided.
The process of investigating viable remote-access options for our small law firm was not an easy experience. As we quickly discovered, much has changed since the days of private dial-up networks and modem-based services. Broadband and wireless in the home, an increasingly hostile Internet, the mounting virus and spyware menaces — they all make one hanker for the old days when all you needed was a modem and an analog phone line. Chester, Willcox & Saxbe is a Columbus, Ohio-based, multi-practice firm, with 30 attorneys and another 30 support staff users. The goal of our IS department is to provide leading-edge, easy-to-use technology that adds value by providing a secure, strong, stable operating environment that requires minimal administrative overhead. We use a single-location client-server network with Microsoft Corp.’s Windows XP Professional and Windows 2000 and 2003 Server. We have Microsoft Office 2002, with content managed by Hummingbird Ltd.’s DocsOpen 3.9x platform. Accounting and time billing is handled by a SQL-powered version of Juris Inc.’s Juris and Juris Timesheets. Microsoft enterprise applications round out the mix, including IIS Server for intranet, Exchange 2000 Server for messaging, and ISA Server for Web proxy. On the equipment side, we are primarily a Hewlett-Packard (Compaq) shop, with Compaq Proliant servers, HP Compaq desktops and notebooks, and HP printers and scanners. We use 3Com Superstack LAN switches to keep everything connected and a Cisco Systems Inc. PIX 515R firewall appliance keeps the bad guys out. Our existing infrastructure dates back just more than three years, when we undertook an end-to-end system upgrade. THE CHALLENGE In a nutshell, the conundrum was this: Getting anytime, anywhere, any-device access to firm documents and applications. This didn’t include e-mail, as Microsoft Exchange-based data has been available via Outlook Web Access (Microsoft’s built-in extranet) and POP3. Essentially, what our attorneys were asking for was external access to internal firm information “like the big firms had.” The challenge, of course, is that we are not a big firm, with dedicated networking personnel and a sophisticated security infrastructure. We needed to offer remote data access in a size and shape that we could afford and effectively support. Opening the floodgates: The moment the prospect of “any device” connecting directly to our private network was raised, a legion of questions surfaced: � How would the firm ensure that computers used to connect to our private network were secure in terms of viruses, security patches and settings, spyware, key loggers, etc.? Assuming that we could not rely on users to keep their systems up-to-date, how could we practically handle patches and update-management? � If we did not supply the computer, to what degree would it support users’ home computers? Can we dictate and enforce software and security policies on remote computers that we do not own? Is this practical and even possible? Would we support remote printing on the user’s home printer? Would we supply and pay for Internet access at remote locations? � Would system support for remote users extend beyond office hours? Remote access can command support demands, how would we handle requests during business hours? � How can we ensure that client information (files saved to the user’s home computer) is confidential? Can we rely on users to routinely delete offsite data? � Could we determine whether remote access made good business sense (i.e., is it adding to billable hours, more efficient client service, etc.)? Would a mechanism be in place to capture hours billed through remote legal work? There were many more questions, but the point should be clear. The key issues were our risk tolerance related to security and client confidentiality, the added support overhead, the cost of installation and administration, and the level of usability and access for users. Other factors included the firm culture regarding laptops, and pending upgrades for our document management platform. We did not yet supply laptop computers for attorneys and many did not want to take them home every night anyway. EXPLORING OPTIONS As we set out to explore the options, it became increasingly clear how much had changed in the last three to five years in terms of the context of remote connectivity. A few years back, when the only option was dial-up services or virtual private networks, life was relatively easy. Dial-up connections to private networks were cost-effective, required no dedicated gear beyond analog modems, were easy to deploy and presented minimal security risks. Today, broadband is the assumed pipe for business, and many, if not most home computers are connected via “always on” cable or DSL. Although we danced around key issues for some time, we kept coming back to our core remote access needs. It had to be highly secure given the current state of the Internet and home networking trends. Ideally, the security infrastructure would be outsourced and managed, as we simply could not do it effectively ourselves. It had to be cost effective and supportable from a business perspective. Logging and report features that would tell us who was using it and how off-site work was impacting our bottom line was key. It had to be highly usable from the user’s point of view, in terms of allowing access from home computers, firm laptops, even handhelds. And it had to provide strong, scalable administrative features so that we could manage access and feature availability on a granular level. Existing options in remote access included: � Setting up and managing a secure virtual private network. � Hosting our own Web-based, virtual computing environment via Microsoft Terminal Server. � Signing up for a managed remote computing service, such as Citrix Online’s GoToMyPC or Pro Softnet Corp.’s RemotePC. Dial-up based remote access service was not considered a viable option due to restricted bandwidth, and the requirement to administer the client PC. THE DECISION After much consideration and testing, we decided it was impractical, from a cost and staffing perspective, to support home computers much beyond giving them a Web-based tool to access firm information. A VPN was abandoned again, because it would require us to support and maintain the client computers. Setting up our own virtual computing infrastructure in-house using Citrix Metaframe and/or Microsoft Terminal Server met many of our usability requirements but would have required a significant investment in equipment and overhead. Most significantly, deploying such a multi-level security environment would have required an expertise that we simply did not possess. In the end, we decided to test Citrix Online’s GoToMyPC Corporate remote access service. It had many of the features and benefits we deemed essential for a firm our size. It provided a secure and ready-to-go architecture requiring minimal up-front investment, and allowed users to use any device to connect, including PocketPC-based handhelds. It was surprisingly fast on a broadband Web connection, and functional at dial-up speeds. Most importantly, the Citrix Online service offered industry-leading security, including SSL, end-to-end 128-bit Advanced Encryption Standard (AES) encryption, multiple nested passwords, two-factor authentication with RSA SecurID Integration, optional One-Time Passwords, TruSecure-certified infrastructure, HIPAA and GLB compliance, host-based employee access codes, and digitally signed applications (VeriSign). The GoToMyPC Corporate service was relatively easy to use for end-users, with features such as automatic setup, and a universal, downloadable viewer. Once a logged-on user got to one of our remote hosts, they were greeted by a familiar desktop and applications, just like they were sitting in front of a computer at the office. As all activity took place on the host computer, minimal training would be required. The Citrix Online service also accommodated our installation needs. Rather than expose each attorney’s office computer to the outside (the typical model for such a service), we chose to set up a pool of “always on” remote hosts in our DMZ, and allow users to connect to them from the outside. One feature, in particular, made this possible — “In Session” status information. Strangely enough, this feature was not available until long into our testing, and it was considered by us to be a “stopper,” as a pool of hosts would not work if users did not know which remote desktops were in use or offline. Another key turn of events that occurred during our testing was that GoToMyPC, originally owned by Expertcity, was purchased by Citrix, which we felt had a very strong reputation and history. This went a long way in enforcing the credibility of the service. Indeed, with each new version, we have seen significant improvements in security, usability, administration and reporting. In the end, getting remote access exactly right in today’s hostile, shifting Internet environment is not easy, maybe not even possible. Selling security to firm decision makers is never as easy as selling the idea of “user-friendly.” Yet, we believe we have struck that delicate balance between the two. Wayne Smith, a member of the Law Technology News Editorial Advisory Board, is manager of information systems at Chester, Willcox & Saxbe, in Columbus, Ohio.

This content has been archived. It is available exclusively through our partner LexisNexis®.

To view this content, please continue to Lexis Advance®.

Not a Lexis Advance® Subscriber? Subscribe Now

Why am I seeing this?

LexisNexis® is now the exclusive third party online distributor of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® customers will be able to access and use ALM's content by subscribing to the LexisNexis® services via Lexis Advance®. This includes content from the National Law Journal®, The American Lawyer®, Law Technology News®, The New York Law Journal® and Corporate Counsel®, as well as ALM's other newspapers, directories, legal treatises, published and unpublished court opinions, and other sources of legal information.

ALM's content plays a significant role in your work and research, and now through this alliance LexisNexis® will bring you access to an even more comprehensive collection of legal content.

For questions call 1-877-256-2472 or contact us at [email protected]

 
 

ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2020 ALM Media Properties, LLC. All Rights Reserved.