Richard Elson, IS Director at law firm Trowers & Hamlins LLP, discusses the challenges of taking a security-first stance

Stuart Sumner

Elson discusses how Trowers & Hamlins balanced the needs for security and open communications

Law firm Trowers & Hamlins needed to enable cross-platform mobility on both Android and iOS without compromising security.

The solution needed to support a wide range of business-critical applications across multiple operating systems. The firm decided to roll out BlackBerry BES12 to manage corporate devices, with the BlackBerry Dynamics (formally Good Dynamics) container to secure and manage corporate data on personal devices.

Speaking to Computing recently, Richard Elson, director of IS at the firm, explained how they balance the need for security with the oftentimes conflicting need for open communication.

"We could probably spend millions and millions and millions on security," he said. "It's obviously central to what we do; we've tried to take a security-first approach to all of our technology projects, but particularly our mobile technology. Taking a security-first stance can sometimes be a little unfashionable - and there can be trade-offs with ease-of-use, productivity, people wanting to use the latest apps. But we think we've got the right balance. We fairly recently standardised around a BYOD strategy, which is centrally-managed applications delivered to personal devices."

Elson went on to talk about the ease of deploying this programme and the BlackBerry software they use to manage all devices, to get the security levels they require. He also talked about the steps they took to educate their end users and the challenge of their end clients:

"Managing the service that we apply to individuals who are maybe less security-conscious is a bit of a challenge at times. But that said, if you're engineering security from the start and you've got education programmes and ways of dealing with things from the technology side, you can be in quite a good place."

When asked about the impact of the GDPR on the firm, Elson explained that although the regulation is a fairly onerous set of responsibilities, good data governance has accelerated their preparations. "We did an awful lot of work around the ISO 27001 and we did a lot of work for the Cyber Essentials Plus [scheme] and got the accreditation for that last year; and also in preparation for looking at the cyber insurance, about two and a half years ago, we put together a systems map of our Personally Identifiable Information." He explains, "What we've tried to do is, for each system and for each set of Personally Identifiable Information, [identify] what the risk is, how we're treating it today and how the requirements of GDPR - particularly in respect of consent and control - what next steps we have to take for each set."

The firm's security-led stance means that from an IT perspective, they're well prepared for the GDPR. "End-to-end encryption, encryption of data at standing, security of the mobile devices and all the end points locked down: we did all of that a long time ago. So really, I suppose, it's maturing that model, working closely with compliance; and especially, a programme of education - not everybody knows what GDPR is yet. So, both in terms of the seminars we run for clients, and also our programme internally, we're going to be focusing on what people need to do practically to make GDPR work" he said.

This is a sponsored post

More on Management

Partner content: Emerging technology - why digital transformation is unsustainable without green goals

Partner content: Emerging technology - why digital transformation is unsustainable without green goals

clock 18 July 2022 • 2 min read
Partner Content: Keynote series - Smarter Technology for the Next Reality

Partner Content: Keynote series - Smarter Technology for the Next Reality

clock 18 July 2022 • 1 min read
Homeworking in UK more than doubles since 2019

Homeworking in UK more than doubles since 2019

In a roundup of the latest data and analysis on the UK economy, business and jobs, the ONS confirms that remote and hybrid working has increased everywhere, but regional differences remain in terms of the extent and type of the increase.

Penny Horwood
clock 13 July 2022 • 3 min read