3. Enterprise collaboration
  5. Overcoming fear of the cloud in legal IT

Overcoming fear of the cloud in legal IT

Posted on 21 November 2012 by Mark Reynolds in Legal tech, Cloud computing, HighQ Collaborate

When considering cloud services, as with any IT solution, it is important to ask the right questions.

When discussing solutions with law firms, it becomes apparent that there are considerations that are unique to their business.

Fear is a common reaction when something isn’t properly understood – for the purposes of this blog, “cloud services” means software and data on servers in a data centre remote to the user and, crucially, managed by a third party provider.

Now, there are lots of scary stories about the cloud out there but cloud services are not new – many law firms globally have used cloud services for well over a decade now, which we all know is at least two lifetimes in the technology world.

If you doubt this, think back, were you using a smartphone a decade ago or a tablet just a few years ago? Cloud services are here and they’re here to stay.

Most firms’ most sensitive data is in the cloud at some point already; the most popular uses being email spam filtering, email continuity and payroll, as well as virtual data rooms and client extranets.

Many firms are also architecting their infrastructure around a cloud-based reality, for example, nearly 8 out of 10 firms now have redundant internet connections.

Law firms have the same concerns as most organisations, which are normally one or more of the following:

  • Is it secure? Where is my data located?
  • Who has access?
  • How do they get access?
  • What guarantees are there for system uptime?
  • Will the system record all activity, some, or none?
  • Will the system perform well for users worldwide in an acceptable time?
  • How does Disaster Recovery and backup work?
  • How is the service supported and does it match my business hours?
  • What is the cost? Will it escalate? What does it include/exclude?
  • How does it scale, what happens if I need more data or more users?
  • Is the system independently tested and does the provider have the necessary certifications?

There are clearly people with the know-how to buy cloud services and some firms are even starting to audit existing cloud providers, although this is also at the behest of clients who are happy for firms to utilise the right cloud services.

That said, law firms are subject to professional regulation and many commercial firms represent clients at both ends of the business process; providing advice on how to manage future risks at the transactional end of the business and helping make good arrangements that have gone bad via dispute resolution.

So when it comes to assessing cloud services they have a unique outlook, meaning the above enquiries often carry a different meaning and require additional detail!

  • System availability/Support. A law firm’s working day is longer than 9 to 5, and more than 5 days a week. Many firms are working hard to deliver more flexible working arrangements (I know several lawyers with families who finish off their day after children have gone to bed). Any cloud solution must ensure it meets this demand.
  • Jurisdiction. Law firms often consider the legal system of the country where cloud services are hosted. As an example, the Patriot Act in the US is troubling for non-US firms (and even some US firms). Local data protection rules may also have a bearing – firms with many off shore clients may also be restricted in the services they can use. One consideration I have not heard is the duty of a provider to disclose data breaches – whilst the “5 eyes” that have run the global intelligence network for over 60 years concentrate on retaining users data, they haven’t addressed the obligations on providers to notify clients about data breaches. This is starting to happen at state level in the US and will become more important in time.
  • Law society regulation. Legal regulators have recently started to catch on to the adoption of cloud services by the industry and as a consequence are reviewing regulations for storing client data. In January the Law Society of British Columbia [2] recommended that “if a lawyer ensures through contractual safeguards that custody or control doesn’t pass to a third party” cloud services can be used.
  • Possession, custody and control of the data. This concept underpins the discovery process for most legal systems, so aside from regulation, there is an operational requirement. The use of free or consumer cloud services are likely to fall foul of this.
  • System Control. Ultimately cloud services mean ceding total control of the system itself. Any cloud-based or in-house system needs to be maintained and upgraded. A cloud provider that understands your business will understand how this can be done with minimal disruption.
  • Insolvency. What happens if the provider becomes insolvent? Strangely, the only people I know who ask this question are lawyers. But it is a concern and management of this starts with financial due diligence.
  • Ownership changes. What happens to my services and data in the case of ownership changes? Often firms want to be able to exercise a get out clause in the case of ownership changes, even if they rarely do.
  • Changes to contract terms. On what basis can contract terms be changed? This is of particular concern when using freemium / consumer grade cloud services, the relative bargaining position of the parties needs to be considered.

Shadow IT – the consumer-grade services and devices that users bring to the business themselves such as Dropbox, iCloud, Google Drive, iPads etc. – is predominantly cloud-based and firms are right to have concerns. It’s the consumerisation of the enterprise, so it’s important to understand the difference between what is often free software and a specialist cloud solution that is created for the legal enterprise. 

Don’t fear the cloud

There are real benefits to using cloud services from implementation, ongoing/development maintenance costs and the value that can be gained from delivering complex systems quickly and cheaply for the business and its clients. But all cloud services are not created equal and not all providers understand the legal business. Cloud services need to be managed using the contract, with proper due diligence, including a review appropriate certifications and technical infrastructure so you know what you are buying and how it will help your business. If you ask the right questions, there is no need to be afraid.

Download: The cloud: A buyer's guide
Mark Reynolds

Mark Reynolds

Senior Consultant at HighQ 
Mark is responsible for pre sales, consultancy and account management for legal, financial services, architecture and real estate clients.
 
Solutions
Use cases
Features
About us
HighQ
HighQ Solutions Ltd. © 2001-2019 | Privacy Policy | Terms of Service