A Law Firm’s Guide to Cloud Services
What’s in this guide?
We probably don’t need to tell you that cloud computing is becoming incredibly popular. But you might not know that 80% of all organisations are forecast to move to cloud by 2025.
The fact remains though that not all organisations are law firms – and not all organisations face the unique issues that law firms do.
With this in mind, we’ve put together this law firm’s guide to all things cloud – so you can have all the information before deciding whether or not to migrate (or to partially migrate) to the cloud.
- The advantages of adopting cloud services for law firms
- The disadvantages of adopting cloud services for law firms
- The security issues associated with cloud-based legal document storage and management
- What else, as a law firm, you need to think about before migrating
- Which cloud services are commonly used by law firms
- And, finally, whether or not you need a managed cloud provider
But first, what are cloud services
A quick definition…
Cloud technology simply means using the internet to connect to off-premises servers for IT needs; be that for compute, software or database. This is what’s meant by acronyms like SaaS (software as a service), IaaS (infrastructure as a service), etc.
There are lots of different ways cloud services can be structured and managed, but the above is a pretty good one-size-fits-all (if quite simplified) description. This is, of course, a huge paradigm shift in computing, and it brings many, many opportunities.
The Pros and Cons of Cloud Adoption For Law Firms
- Cost Cloud services offer on-demand computing, which means you only pay for the resources you consume. In the case of bare-metal servers, you’ll be renting, or will have bought outright, a considerable amount of resource that go unused. Further, most cloud providers off additional ways of saving money on your IT needs: if you have predictable needs, you can reserve compute or database, etc, at a lower rate than on on-demand – in some cases, you can even bid on spare compute for a huge discount.
- Uptime This one depends on what kind of cloud service and SLA you choose, but most managed cloud companies provide much higher levels of uptime than can generally be managed by in-house teams. We regularly help companies – including leading global firm DLA Piper – reach 99.99%-100% uptime.
- Disaster proofing Cloud technology gives the ability to be effectively disaster proof, with the capacity to automate back-ups across multiple servers in different regions. This reduces the risk from break-ins or physical damage to servers to almost zero.
- Access from anywhere Cloud servers can be accessed from anywhere and through any device: from the courtroom, client premises or on the go. This is especially helpful to law firms who outsource work, as you’re able to grant remote and completely selective access.
- Security With the lower visibility of cloud security – no tours around physical data centres – and the fierce competition, cloud service providers are heavily incentivised to provide excellent security, which is great news for law firms. In addition, there’s always the option of keeping your most sensitive files in on-premises or private cloud servers and migrating only those resources with a strong case for migration to cloud.
- Efficiency A lot of the trends shaping the IT industry as a whole are taking place mostly in the cloud. From CI/CD to containerisation, there are a growing number of revolutionary technologies and approaches which you need to have some cloud presence to reap the benefits of.
- Reliance on internet connections Although internet outages are relatively rare, a downside to cloud is that you’ll require an internet connection to access your files and resources.
- May be locked into vendors Once you choose a cloud provider – AWS, Azure, GCP, etc – it may be difficult to move from one to the other. However, if you choose carefully, and employ the help of an expert consultant, you’ll of find the provider and solution best suited to meet your needs.
- Security risks There are some risks associated with storing resources online, as they may be more accessible to certain forms of cyber-attack. However, no system is perfect, and as the SRA (Solicitors Regulation Authority) notes, the use of pen drives and the email transmission of files present their own risks which are mitigated by the true mobile capabilities of cloud. In essence, every benefit is associated with a cost, although there are many ways to mitigate. More on this below…
If you’re anything like most law firms,the part about unique security risks really drew your attention.
This is very understandable, since privacy and security are more important in the legal sector than they are in almost any other industry.
What are the risks of cloud-based storage and legal document management – and can they be mitigated?
The first thing to note is that there are unique security risks associated with cloud – just as there are with on-premises servers (your own physical servers). The second thing to note is that these can be mitigated. And the third is that, of course, this isn’t an all or nothing situation: a hybrid solution or partial migration – part on-premises , part cloud – can give you access to most of the benefits while keeping most of the cons at bay.
What are the risks of cloud adoption?
The SRA have identified a number of risks around “failing to exercise due diligence in the risks of such [cloud-based] outsourcing systems.”
- For instance, if a UK firm chooses to store important documents on a cloud server, those documents may end up on US servers, and under US law, those documents may be seized and read by the US government, thereby violating the client’s privacy under UK law.
- Similarly, 2014 news coverage of the NSA revealed that the US Government could collect ‘meta data’ – information including things like email recipients and subject lines – more or less at will, presenting a clear security risk when, for instance, firms are acting in supposedly confidential merger acquisitions.
- Furthermore, the back-up frequency, availability and portability of your cloud-stored data will often need to fall within certain parameters to avoid being in violation of SRA guidelines or similar guidelines of another regulatory authority.
However – these risks can be dealt with
An experienced managed cloud provider will work with you to identify regions with weaker data privacy laws (like the US), or regions whose laws present a unique risk to your client’s privacy for whatever reason.
They will then ensure your documents are never stored within these regions either primarily or as back-ups. They can also walk you through the options as regards your needs for availability and other specifications as defined by your regulatory authority.
It’s also possible to encrypt files stored on the cloud and to lock their access to a specified set of IPs. Though if you do pursue protections like these, you may lose some flexibility – e.g universal access to resources. A managed cloud provider should have security credentials proving they’re up to task such as ISO 27001 or Cyber Essentials accreditation.
The takeaway, however, is that there will likely be a way to reap most of the benefits of cloud services while keeping most of the cons at bay. If you want to know more about storage options, you can check out our piece comparing AWS’s storage services, EBS vs EFS vs S3.
Further, it’s worth noting that on-premises servers have their own, in some cases unavoidable, risks:
- Lacking an offsite back-up, even the most secure, fire-proofed server room is hostage to power outages.
- The majority of security breaches occur as a result of out-of-date software, so unless you have a system for updates which includes updating in out-of-office hours, you’ll face these inevitable windows of vulnerability (here 24/7 support and the continuous updates managed cloud service providers offer can effectively close these windows of risk).
Then, there’s always the option of going hybrid
Hybrid solutions make a lot of sense to legal firms because of the highly sensitive nature of a lot of the documents you’ll be working with. Hybrid simply means a partial migration to the cloud, or part-cloud, part on-premises server.
For example, you might house your website and other customer-facing applications on AWS, meaning potential clients encounter less outages, you bring new features to market quicker, and much more cheaply, while keeping certain sensitive files in an on-premises server.
A managed cloud provider will be able draw up a migration plan, analysing the costs and benefits of migrating each resource to the cloud.
What else should law firms think about when deciding whether to move to cloud?
Are you using cloud already?
Before making the move, an assessment of your organisation’s existing infrastructure is essential. The point of this assessment is to develop a strategic plan for the upcoming migration so that everything runs smoothly, but it may also reveal that you’re more on-cloud than you thought.
If you use Gmail or Google Drive, any legal SaaS like BusyLamp, or, as is relatively common amongst legal firms, a cloud-based back-up system, then you’re already using cloud technology in your infrastructure.
This is good to know before you make a decision, as you may find out you’ve been weathering potential costs and accessing benefits already.
Does your client base and practice focus suggest a move to cloud?
For some legal firms, migrating certain resources just doesn’t make that much sense. If you have clients with intellectual property to protect, then you may be forbidden by contract from storing information pertaining to sensitive aspects of that IP on servers off of your own premises.
On the other hand, for firms specialising in some types of malpractice, the ability to easily scale storage is essential due to the very high volume of not-so-sensitive documents that needs to be processed as part of this work.
When drawing up a migration plan, someone with an in-depth knowledge of your practice needs to be at the table.
How is physical infrastructure built into your financial plan?
The move, or partial move to cloud, represents a large redirect of IT spend. It’s important to review your plans and current spending so you can gain a clearer picture of how migrating to cloud will affect your business. It’s also important to factor in the cost-saving potential of the migration here.
So, what are the cloud service options? And do law firms need a managed cloud provider?
What is a managed cloud provider?
There are cloud service providers and then there are managed cloud service providers. A cloud service provider, like AWS, is the company whose cloud-based services you’ll be using. A managed cloud provider – like Just After Midnight (that’s us) – is the company who’ll consult, design and implement your use of these services, and who, depending on SLA, can provide on-going 24/7 support of your cloud-based resources.
For example, we recently worked with leading law firm DLA Piper to achieve 99.99% uptime for their marketing hubs in the UK and US. In this instance, we migrated much of their infrastructure to AWS, including a number of legacy applications, and in some cases went server-less (meaning neither cloud nor on-premises server but accessing a server per function), but every case is different.
And there are other major cloud providers out there:
A leading cloud provider who recently worked with LexisNexis to improve the longevity of their business-critical News Archive system – replacing ageing hardware to enable on-going access to over two billion searchable documents.
A similarly market-leading provider owing to its broad range of features and tools, Azure was recently chosen by international firm TaylorWessing in place of building a new data centre with a price tag of £200k.
A relative newcomer, Google Cloud Platform is nonetheless a major provider of cloud services. Their AI and machine learning features are some of the most powerful on the market and open the door to industry-leading innovation.
The solution for anyone looking to connect quicker with users in China, Alibaba Cloud is a powerful service in it’s own right, but especially popular due to its global reach. They recently partnered with big-four accounting firm KPMG to deliver enterprise solutions across the world.
- There are many benefits to adopting cloud technology, but law firms do have a bit more to think about than most.
- An experienced managed cloud provider will be able to work with you to identify and manage these risks, and help you determine which resources it makes sense to migrate to cloud.
- It often makes most sense to migrate certain resources but not others. Often customer-facing applications like your website are a open-and-shut case for migration
- A hybrid solution is often the best option and can be the easiest sell, since you can retain all sensitive information in on-premise or private cloud servers.
- When you’re choosing a cloud or managed cloud service provider, make sure they have the relevant security credentials (ISO 27001, Cyber Essentials, etc.). A managed cloud provider will be able to talk you through what to look for and match you with a service provider who meets your needs.
To discuss any of the above, please get in touch, or keep reading below.