Blog Viewer

Data Governance in the Cloud for Law Firms

By Reggie Pool posted 12-17-2021 17:58


Please enjoy this blog post co-authored by Dan Phelps, 3Cloud and Reggie Pool, HBR Consulting

With cloud adoption accelerating in the legal industry over the past two years, earlier in this year, 3Cloud and HBR set out to speak with IT leaders in the legal industry to understand their priorities for using cloud over the next 12 months. Through these conversations, we learned that CIOs are exploring how cloud platforms like Microsoft Azure can help them secure sensitive data, meet data privacy requirements, and enable better decision-making with 360-degree views of data and improved analytics tools.

While making the move to the cloud can be instrumental in solving those challenges, success won’t be possible without also implementing a strong data governance program. The benefits of data governance include:

  • Improved confidence in data-driven decision-making. Data governance provides a structured data inventory so that all users know what data assets exist and how to find them, giving stakeholders a higher level of confidence in the data they are using to make decisions.
  • Cost reduction. Generating standardized and high-quality information will translate into new operational efficiencies. And firms will also experience lower IT costs by mitigating duplicate work effort or re-work.
  • Risk minimization. Data governance not only reduces regulatory compliance risk, but also improves confidence in operational and management decisions.
  • Greater accountability. A robust data governance program creates a sense of accountability with all stakeholders, unifying IT and other functional areas behind a common goal of treating data as an asset.

Identifying Drivers for Data Governance

There are three key drivers for data governance: inactive, reactive, and proactive. Understanding your firm’s primary driver will help you map a plan for getting started with data governance.

Inactive status

Organizations in an inactive status would be characterized as those that are not currently doing anything with data governance but know that they need to be. This is not common because, in our current data-driven environment, most law firms at minimum are doing something that pertains to data governance. Even if isolated to one department of the organization or one person, it is unlikely to find a firm that doesn’t maintain some type of data dictionary or report.

Reactive status

A reactive status would be classified as an organization that is reacting to some type of regulatory compliance concern, such as CCPA and GDPR. Many firms will find themselves in this status.

Proactive status

Proactive organizations are those that not only know they need data governance, but understand that data is an asset and should be managed as such. These firms have started down the path of building out a data governance committee or enterprise-wide program.

The Three Pillars of Data Governance

An enterprise-wide data governance program encompasses three pillars:

  • People. While IT might initiate and lead the way on data governance, a complete program must be enabled through a committee or council composed of employees from across the organization.
  • Process. Data governance is an ongoing process, not a one-time project. This pillar includes the policies, procedures, and workflows that support the management of information across the organization.
  • Technology. Technologies like Azure Purview can play an important role in helping organizations manage and govern their data. But it’s important to recognize that technology alone is not the answer—process and people are also critical to data governance success.

Getting Started with Data Governance

We recommend that firms start with a data governance methodology and framework that will give them a guide to the areas they need to focus on. There is a temptation to immediately deep dive into one specific area of data governance but seeing the whole picture first through the lens of a framework is our recommended approach. There are a variety of data governance frameworks to choose from, including DAMA, CMMI or AHIMA. 3Cloud has developed its own framework and assessment tools to help firms get started with data governance. Through the 3Cloud and HBR partnership, we can provide both the cloud and legal industry expertise your organization needs to build a successful data governance program.



Dan Phelps is the Chief Strategy & Industry Solutions Officer of 3Cloud. Prior to joining 3Cloud, he co-founded and served as CEO of CCG Analytics, a leading data and analytics services firm.  Reggie Pool is a Senior Director at HBR Consulting and leads their M365 advisory practice helping organizations apply information governance best practices to Microsoft M365/Teams and Azure cloud storage.  3Cloud and HBR Consulting have partnered to bring clients guidance from trusted advisors who understand both cloud technology and the unique requirements of the legal industry. 3Cloud is the leading Microsoft Azure services firm with over 500 clients across multiple industries, including professional services, financial services and healthcare. HBR Consulting has been a strategic advisor to the legal industry for over 35 years, providing guidance to 97 of the AM LAW 100 law firms and 66 of the Fortune 100 legal departments.

#Security Professionals