The Guide to Cloud Technology and Cloud Services for Law Firms

by Ned Hallett
Published on November 2019

A Law Firm’s Guide to Cloud


A man sprays gas on a beach

What’s in this guide?

We probably don’t need to tell you that cloud computing is becoming incredibly popular. But you might not know that  80% of all organisations are forecast to move to cloud by 2025.

The fact remains though that not all organisations are law firms – and not all organisations face the unique issues that law firms face.

With this in mind, we’ve put together this law firm’s guide to all things cloud – so you can have all the information before deciding whether or not to migrate (or to partially migrate) to the cloud.

We cover:

  •     The  advantages of cloud services for law firms 
  •     The disadvantages of cloud services  for law firms 
  •     The security issues issues associated with cloud-based legal document storage and management 
  •     What else, as a law firm, you need to think about before migrating
  •     Which cloud services are commonly used by law firms 
  •    And, finally,  whether or not you need a managed cloud provider


But first, what are cloud computing, services, hosting and technology?


A definition…

Cloud technology is simply using the internet to connect to off-premises servers or services for IT needs; be that for computer storage, software or database .

There are lots of different ways cloud services can be structured and managed, but the above is a pretty good one-size-fits-all description. This is, of course,  a huge paradigm shift in computing, and it brings many, many opportunities.

The Pros and Cons of Cloud For Law Firms 


  • Cost Cloud computing works on an on-demand model. This means you’re charged on a per-minute, per-second or per-hour basis exclusively for the resources (storage, compute etc) you actually use, meaning you pay for your maximum usage only when you’re operating at that capacity. You’ll also save on physical overheads like the maintenance and security of a data centre.
  • Uptime This one depends on what kind of cloud service and SLA you choose, but most managed cloud companies provide much higher levels of uptime than can generally be managed by in-house teams. We regularly help companies – including leading global firm DLA Piper – reach 99.99%-100% uptime.
  • Disaster proofing Cloud technology gives the ability to be effectively disaster proof, with the capacity to automate back-ups across multiple servers in different regions. This reduces the risk from break-ins or physical damage to servers to almost zero.
  • Access from anywhere Cloud servers can be accessed from anywhere and through any device: from the courtroom, client premises or on the go. This is especially helpful to law firms who outsource work, as you’re able to grant remote and completely selective access.
  • Security With the lower visibility of cloud security – no tours around physical data centres – and the fierce competition, cloud service providers are heavily incentivised to provide excellent security, which is great news for law firms.  However, when you’re choosing your managed cloud and/or cloud service provider, make sure to research their security qualifications.
  • Efficiency Depending on the solution you settle on, cloud technology opens up a lot in terms of improving your development workflows and efficiency. You’ll be able to scale seamlessly, adding resources such as storage or processing power as demand requires.


  • Reliance on internet connections Although internet outages are relatively rare, a downside to cloud is that you’ll require an internet connection to access your files and resources.
  • May be locked into vendors The differences between different providers’ versions of the same services might make switching from one to another more difficult than you might think. However, if you choose carefully, and employ the help of an expert consultant, you’ll increase the chance of finding the provider and solution best suited to meet your needs.
  • Security risks There are some risks associated with storing resources online, as they may be more accessible to certain forms of cyber-attack. However, no system is perfect, and as the SRA (Solicitors Regulation Authority) notes, the use of pen drives and the email transmission of files present their own risks which are mitigated by the true mobile capabilities of cloud. In essence, every benefit is associated with a cost, although there are many ways to mitigate.  More on this below…

The risks…

If you’re anything like most law firms,the part about unique security risks really drew your attention. 

This is very understandable, since privacy and security are more important in the legal sector than they are in almost any other industry.


What are the risks of cloud-based storage and legal document management – and can they be mitigated?


The first thing to note is that there are unique security risks associated with cloud – just as there are with on-premises servers (your own physical servers). The second thing to note is that these can be mitigated. And the third thing to note is that, of course, this isn’t an all or nothing situation: a hybrid solution or partial migration – part on-premises , part cloud – can give you access to most of the benefits while keeping most of the cons at bay.

What are the risks of cloud?

The SRA have identified a number of risks around “failing to exercise due diligence in the risks of such [cloud-based] outsourcing systems.”

  • For instance, if a UK firm chooses to store important documents on a cloud server, those documents may end up on US servers, and under US law, those documents may be seized and read by the US government, thereby violating the client’s privacy under UK law.
  • Similarly, 2014 news coverage of the NSA revealed that the US Government could collect ‘meta data’ – information including things like email recipients and subject lines – more or less at will, presenting a clear security risk when, for instance, firms are acting in supposedly confidential merger acquisitions.
  • Furthermore, the back-up frequency, availability and portability of your cloud-stored data will often need to fall within certain parameters to avoid being in violation of SRA guidelines or similar guidelines of another regulatory authority.

However – these risks can be dealt with

An experienced managed cloud provider will work with you to identify regions with weaker data privacy laws (like the US), or regions whose laws present a unique risk to your client’s privacy for whatever reason.

They will then ensure your documents are never stored within these regions either primarily or as back-ups. They can also walk you through the options as regards your needs for availability and other specifications as defined by your regulatory authority. It’s also possible to encrypt files stored on the cloud and to lock their access to a specified set of IPs. Though if you do pursue protections like these, you may lose some flexibility – e.g universal access to resources. 

The takeaway, however, is that there will likely be a way to reap most of the benefits of cloud storage while keeping most of the cons at bay.

Further, it’s worth noting that on-premises servers have their own, in some cases unavoidable, risks:

  • Lacking an offsite back-up, even the most secure, fire-proofed server room is hostage to power outages.
  • The majority of security breaches occur as a result of out-of-date software, so unless you have a system for updates which includes updating in out-of-office hours, you’ll face these inevitable windows of vulnerability (here 24/7 support and the continuous updates managed cloud service providers offer can effectively close these windows of risk).

Then, there’s always the option of going hybrid

Hybrid solutions make a lot of sense to legal firms because of the highly sensitive nature of a lot of the documents you’ll be working with. Hybrid simply means a partial migration to the cloud, or part-cloud, part on-premises server.

Hybrid allows you, for example, to serve your website from the cloud, enabling you to seamlessly scale in the event of massive amounts of traffic, but keep your clients’ protected documents entirely off the internet.  

What else  should law firms think about when deciding whether to move to cloud?


Are you using cloud already?

Before making the move, an assessment of your organisation’s existing infrastructure is essential (as managed cloud providers, this is something we’d be able to help with). The point of this assessment is to develop a strategic plan for the upcoming migration so that everything runs smoothly, but it may also reveal that you’re more on-cloud than you thought.

If you use Gmail or Google Drive, any legal SaaS (software as a service) like BusyLamp, or, as is relatively common amongst legal firms, a cloud-based back-up system, then you’re already using cloud technology in your infrastructure.

Does your client base and practice focus suggest a move to cloud?

For some legal firms, migrating certain resources just doesn’t make that much sense. If you have clients with intellectual property to protect, then you may be forbidden by contract from storing information pertaining to sensitive aspects of that IP on servers off of your own premises.On the other hand, for firms specialising in some types of malpractice, the ability to easily scale storage is essential due to the very high volume of not-so-sensitive documents that needs to be processed as part of this work.

How is physical infrastructure built into your financial plan?

The move, or partial move to cloud, represents a large redirect of IT spend. It’s important to review your plans and current spending so you can gain a clearer picture of how migrating to cloud will affect your business.

So, what are the cloud service options? And do law firms need a managed cloud provider?

What is a managed cloud provider?

There are cloud service providers and then there are managed cloud service providers. A cloud service provider, like AWS, is the company from whom you’ll be renting the cloud server. A managed cloud provider –  like Just After Midnight (that’s us) – is the company who’ll consult, design and implement your use of these servers, and who, depending on SLA, provide on-going 24/7 support of your cloud infrastructure.

We recently worked with leading law firm DLA Piper, for example,  to achieve 99.99% uptime for their marketing hubs in the UK and US. In this instance, AWS was the cloud service provider, but there are other options out there.


A leading cloud provider who recently worked with LexisNexis to improve the longevity of their business-critical News Archive system – replacing aging hardware to enable on-going access to over two billion searchable documents.


Microsoft Azure

A similarly market-leading provider owing to its broad range of features and tools, Azure was recently chosen by international firm TaylorWessing in place of building a new data centre with a price tag of £200k.

Azure logo

Google Cloud Platform

A relative newcomer, Google Cloud Platform is nonetheless a major provider of cloud services. Their AI and machine learning features are some of the most powerful on the market and open the door to industry-leading innovation.



Alibaba Cloud

The solution for anyone looking to connect quicker with users in China, Alibaba Cloud is a powerful service in it’s own right, but especially popular due to its global reach. They recently partnered with big-four accounting firm KPMG to deliver enterprise solutions across the world.

The Alibaba Cloud Service Logo


The takeaways

  • There are many benefits to adopting cloud technology, but law firms do have a bit more to think about than most.
  • An experienced managed cloud provider will be able to work with you to identify and manage these risks, and help you determine which resources it makes sense to migrate to cloud. 
  • It often makes most sense to migrate certain resources but not others. Often customer-facing applications like your website are a open-and-shut case for migration 
  • A hybrid solution is often the best option and can be the easiest sell, since you can retain all sensitive information in on-premise or private cloud servers. 
  • When you’re choosing a cloud or managed cloud service provider, make sure they have the relevant security credentials (ISO 27001, Cyber Essentials, etc.). A managed cloud provider will be able to talk you through what to look for and match you with a service provider who meets your needs.

To discuss any of the above, please get in touch, or keep reading below.