CMS Reich-Rohrwig Hainz utilizes Veeam to secure client data and expand digital services in a hybrid cloud environment

The business challenge

CMS Reich-Rohrwig Hainz represents a 50-year success story. Today, CMS is a leading specialist in commercial law in Austria and Southeastern Europe. In addition to its headquarters in Vienna, the company has offices in 10 other countries.

With around 330 employees — including around 185 lawyers — CMS Reich-Rohrwig Hainz covers a wide range of areas and supports clients in segments such as start-ups and mergers & acquisitions, plus employment, compliance and tax law.

CMS Reich-Rohrwig Hainz operates as part of the globally active CMS network with 79 offices in 45 countries and more than 5,000 lawyers. In terms of the number of lawyers, CMS is one of the 10 leading international law firms and the largest in Europe.

The specialists at CMS think and work across industries and borders, enabling them to offer clients the best possible advice wherever they are. Following the onset of the COVID-19 pandemic however, working conditions have fundamentally changed.

“Until March 2020, our work environment was largely office-based and many applications and data were run on-premises at the individual offices,” explains Thomas Kroupa, Head of IT. “However, the pandemic necessitated a complete redesign of our IT environment.”

Within a very short time, the IT team created the conditions to enable employees to remotely access their entire workspace with all applications. CMS introduced cloud services such as Microsoft Office 365 to support virtual collaboration —primarily through the use of Microsoft Teams. At the same time, decentralized server environments were dismantled in the remote offices and services were moved to the central data center or the cloud.

This transformation process required a very careful approach from the IT department: “As a law firm, we cannot compromise on security, compliance and availability when switching from a pure on-premises to a hybrid cloud model,” says Thomas Kroupa. “Our clients have full confidence that we handle their data securely. Shaking this confidence would be a real worst-case scenario for us.”

This called for the IT department to take a variety of requirements into account when planning and implementing the redesign. These included the strict requirements of the CMS network in terms of cyber security, data protection and quality of service. Among other things, they had to ensure that all data is reliably backed up and stored in accordance with the applicable legal retention periods. In addition, the IT team had to develop an exit strategy in the event of a possible change of cloud providers.

“Before migrating to the cloud, we looked at all the legal aspects in detail and imposed very strict standards on ourselves, such as compliance with the EU’s General Data Protection Guidelines and protection against ransomware,” stresses Thomas Kroupa. “Now we needed a data protection solution that maps out all of these specifications.”

The Veeam solution

In the end CMS decided to back up all data in the hybrid cloud environment with Veeam. “In our search for a holistic solution, we quickly realized that Veeam is a good choice in terms of quality and cost-effectiveness. Their solutions address exactly what customers need in a changing IT world — maximum security, flexible deployment options and very easy operation.”

“We had previous experience with other backup solutions and were always frustrated by the complexity,” adds Systems Administrator Michael Bencza. “Veeam is really far ahead of those products in terms of functionality and usability. Whether it’s the servers in our data center or Microsoft Office 365 and Teams data in the cloud, we can intuitively backup and restore all resources from one central platform.”

Today the IT department uses the Veeam Availability Suite for backup and recovery of around 70 virtual machines of the central VMware infrastructure. This ensures that critical business applications such as the central document management system are available at all times. If a virtual machine fails, administrators can restart it from backup within minutes thanks to Veeam’s Instant VM Recovery technology. This is an important aspect in situations such as when access to digital files and documents is urgently needed during a trial.

With the Veeam Agent for Microsoft Windows, the remaining physical servers were also integrated into the backup concept. In the event of a hardware malfunction, these systems could also be restored to replacement equipment within a very short time. The entire backup infrastructure is monitored using the Veeam ONE monitoring solution. “We always have an overview of all processes and components and are alerted immediately if a backup fails,” explains Michael Bencza. “In addition, Veeam ONE notifies us when the available storage resources for data backup are running low. This allows us to plan and budget for expansion in a timely manner.”

When introducing Microsoft Office 365, CMS relied on Veeam Backup for Microsoft Office 365 from the very beginning. With this solution, the law firm retains full control over all data stored in Microsoft cloud services such as SharePoint Online, OneDrive for Business and Teams. All data is regularly backed up to separate cloud storage in Microsoft Azure — and protected with double encryption. In addition to a platform-managed key, a customer-managed key is also used. This ensures that the data is not only comprehensively protected against unintentional deletion, but also against possible cyber risks.

Changing communication needs

Microsoft Teams in particular has become an unquestionably key application for CMS during the COVID-19 pandemic. The firm’s employees use the service to work on projects with colleagues from any location or to communicate virtually with clients.

Thanks to Veeam, all Teams data — including configurations, permissions and tabs — can also be reliably backed up and retained for any period of time. If required, entire Teams channels can be flexibly restored down to the file and message level. Veeam Explorer for Microsoft Teams then simplifies targeted searches for files and content in the backed-up Teams data.

Protected even in the event of a crisis

CMS uses Veeam to ensure continuous IT operations and is also well prepared for exceptional situations. In the spring of 2020 for example, an earthquake shook the Croatian capital of Zagreb. The CMS office in the city was also affected by the disaster, as connections to certain services were temporarily unavailable. “With Veeam, we were able to respond very quickly and provide users with access to their applications after just a few hours,” says Michael Bencza. “Despite this highly exceptional situation, no data was lost.”

CMS uses Veeam Disaster Recovery Orchestrator to manage its disaster recovery strategy. The solution supports automated recovery orchestration with CDP replicas, regular replicas, backups and storage snapshots. This eliminates many time-consuming manual processes in disaster recovery planning. CMS can test, document and execute complete DR plans for individual applications or entire sites with just one click.

“These disaster recovery tests are extremely valuable to us, as our environment is constantly evolving and there are many interdependencies between systems,” Michael Bencza points out. “It’s not enough to know that we’ve backed up all the data and systems reliably. We also need to be assured that everything will work as it did before a restore.”

Orchestrator provides CMS with precisely this information in the form of automatically updated reports. This also allows the IT department to predict exactly how long it would take to recover critical business applications. Normal operations do not have to be interrupted for the regular DR tests.

“The example shows that Veeam understands what companies really need today — a reliable solution for data protection and disaster recovery from a single source,” sums up Thomas Kroupa. “With TECHSOFT, we also have a partner at our side who has provided expert support in the implementation of this holistic strategy.”

Results

• Maximum security for sensitive client data: Even in the new hybrid cloud environment, the confidential data that CMS works with is optimally protected. The comprehensive protection provided by Veeam also enables the law firm to provide convenient digital services such as encrypted document exchange for clients.
• Transparent regulatory compliance: Veeam has helped CMS make the move to the cloud in line with a wide range of legal requirements. Among other things, the solution ensures traceable compliance with legal retention periods and supports the implementation of GDPR regulations for the protection of personal data.
• Efficient disaster recovery planning: With the Veeam solution, CMS is also well prepared for exceptional situations. After an earthquake in Zagreb for example, employees at the local office were able to access their applications again very quickly. With Veeam Disaster Recovery Orchestrator, the law firm conducts regular DR tests and documents how quickly recovery would be possible in the event of a disaster.