When the cloud was first pitched to law firms, most deemed it unworkable. Storing client data on someone else’s servers in an unknown location was inconceivable. Now, legal organisations have gone from cautiously reconsidering the cloud to embracing its many possibilities.
This drastic evolution occurred within a span of five years. How did it happen? As suppliers better understood what was making potential customers hesitate, cloud platforms matured. And as some pioneering law firms began to successfully take their applications and storage to the cloud, others came around to the idea. Now, the legal industry is not asking so much whether it should make the move, but how best to do it.
Initially, the cloud suffered from the perception that it offers risky data security. For example, in the United States (U.S.), concerns about information governance were not helped by an international data privacy case with extraterritorial overtones, United States v. Microsoft (commonly referred to as ‘the Ireland Case’ to differentiate it from the famous 2001 antitrust lawsuit). In this situation, U.S. Federal Investigators obtained warrants, related to a criminal case, for data that was stored in a Microsoft facility in Ireland. The matter was resolved by passing new legislation, Clarifying Lawful Use of Overseas Data Act, to add clarification to procedures for U.S. data held in other countries.
To add to the concern for the security of cloud services are high-profile breaches such as Microsoft in 2010, which was traced back to a configuration issue. Microsoft responded and resolved the problem within hours and only a few users were affected. In 2016, the National Electoral Institute of Mexico experienced a breach in which 93 million voter registrations were compromised. It was later learned the data stored was not secured and held on an Amazon server outside of Mexico, which was illegal. In 2012, LinkedIn had over 6 million user passwords stolen by cyber criminals—which were then published on a Russian forum. Next, in 2016, LinkedIn experienced another theft of an estimated 167 million email addresses and passwords—which were posted for sale on the dark web. LinkedIn responded by implementing an optional two-way authentication to add an extra layer of data protection.
Initially, concerns such as ‘access’ versus ‘protection’ and breaches made the cloud seem like a no-go for law. However, times are changing and updates to legislation along with significant improvements in cloud security are mitigating risks. The benefits of using the cloud—which are considerable—are increasingly being enjoyed by firms. For example, since the cloud no longer requires you to store programs and data on-premises, you can save on expenses such as hardware, cooling, and real estate.
The cloud is also by nature highly scalable and flexible, meaning that its size can easily be adjusted, so that you only pay for what you use. Aside from these advantages, there are numerous others, including simplified management, smooth upgrades, and—perhaps somewhat ironically—security. Moreover, the trend of utilising machine learning with data stored on the cloud allows for much more rapid analysis of information by algorithms—which benefits law firms by finding more ways to streamline, improving process and procedure.
The cloud of today and tomorrow
The reality is that most cloud suppliers can provide better encryption, management, and monitoring than law firms can on their own. Indeed, security is declining as a concern as more organizations see that established cloud-vendor companies like AWS, NetDocuments, and iManage take security seriously. Likewise, it is now evident that cloud suppliers tend to be able to provide even better uptime than on-premises implementation. Though, adopting the cloud does require a reliable internet connection.
The reality is that most cloud suppliers can provide better encryption, management, and monitoring than law firms can on their own.
Global data governance and the cloud remains an ongoing debate. However, many countries are making legislative changes to accommodate the rapid advancements in technology—especially as related to privacy. For example, the U.S. legislative change, referenced above, now stipulates that the U.S. government may issue a warrant or subpoena for data stored in the cloud, regardless of which country the actual server is located. If a witness summons could also be issued to a cloud provider directly, the prospect of being left out of the process makes lawyers uncomfortable. In response, many cloud suppliers are allowing customers to take a hybrid approach and keep certain data on-premise. While it is still rare for a firm to be all-cloud, hybrid environments are increasingly prevalent.
Making the move to the cloud
How should law firms prepare for the continued expansion of the cloud into the legal industry? First, account for the change in budgeting. Moving to the cloud normally means switching to a subscription licensing model. Once large purchases of operating systems and document management programs turns into recurring monthly fees for Office 365 and NetDocuments. Though ongoing monthly costs may be higher, they will be more regular and predictable, and you will only pay for as many licenses as you need at a time.
The cloud entails continuous upgrades, which has pros and cons, and is definitely a large change to which law firms will have to adjust. With cloud programs, new features are rolled out to users continually and incrementally. Once can adjust to the changes at a slower pace rather than if they were all batched together (in the traditional way), but ongoing training may be necessary for some.
Ultimately, the new model of continuous updates will entail a bigger change for IT teams than for users. Maintaining cloud systems requires a different set of skills. For instance, application packaging—the practice of making sure that various programs are compatible with each other so that they can run smoothly—will become much more important now. The processes of designing, testing, and deploying major systems, which IT teams normally take months to do, will now have to be completed at a much quicker pace, as new iterations of systems are released more quickly, such as Microsoft’s decision to release major updates to Windows 10 every six months.
Timing is often a critical component of making any change. The reality is that the cloud will only continue to make headway into the legal sphere. The real question is where your firm wants to be positioned on the curve of technological advantage. With careful planning and a steady approach, you too can introduce the cloud into aspects of your firm’s technology—and reap the many benefits.