You are here:
  1. Home
  2. News
  3. Blog
  4. Fine or cloudy weather ahead? Cloud computing for law firms

Fine or cloudy weather ahead? Cloud computing for law firms

30 August 2017

Cloud computing is increasingly ubiquitous, even in law firms, despite the view that the legal profession has a reputation for being slow to adapt. It is particularly popular among small firms and sole practitioners.


Nonetheless, confusion remains as to what cloud computing is – more lawyers will answer 'yes' when asked if they use online storage or mobile working solutions than when asked if they use software as a service (aka SaaS) or cloud computing (ABA TechReport 2016), even though all of these are in the cloud.

So if you're interested in moving to the cloud – or you're already there – how can you make sure you pick the right provider and fulfil data security and privacy requirements?

What is cloud computing?

Keep in mind that the cloud is just connected computers that aren't in your work place and are run by someone else. Cloud computing is the provision of services such as Google Docs, Microsoft OneDrive and Dropbox. These are remote services operated by a separate provider. They may be public, private or hybrid, and it is important to understand the differences between these when considering cloud services – for instance, in terms of the data security.

How can it help my business?

It can facilitate mobile working. Cloud computing allows lawyers to work anytime, anywhere, so it supports flexible working.

It can also save you money. Cloud computing expenses can be lower and more predictable than traditional IT provision, with up-front savings of up to 40 to 50 per cent (Silver Linings: cloud computing, law firms and risk). This is because IT delivered through the cloud offers economies of scale, includes maintenance and upgrades, and offers the option for bring-your-own-device policies.

Cloud computing costs are also captured as operating expenditure, rather than new capital expenditure. This flexibility, inexpensiveness, and reduced IT support burden all mean cloud computing may be particularly beneficial for smaller firms.

What are the risks?

A key risk is security. A public cloud may be cheaper but less secure. ACS Law was fined by the Information Commissioner's Office for using a public cloud service for consumers for business purposes.  As it was a law firm, which should have understood its obligations as a data controller, it was held to a higher standard and the fine was commensurately higher (BBC, Law Society). In contrast, a private cloud may be more secure but also more expensive.

To minimise the risk, you need to conduct appropriate due diligence on any providers you're considering using, in order to both understand the type of cloud services available, and ensure you select  reputable, well-established cloud providers. Ask potential providers, if the data they store is encrypted both while in storage and in use. This is particularly important for mobile working.

It also is prudent to ensure that there are secondary security measures, like two-factor authentication, for employees to access data off-site. While this is a concern, cloud computing can reduce the risk of lost or stolen USB drives or laptops.

Several major cloud providers now offer packages tailored to regulated professions, which are likely to be a safer choice and are more likely to provide adequate security measures.

You must also ensure that any outsourcing to a cloud provider does not adversely affect your obligations to the Solicitors Regulation Authority, including the SRA's ability to monitor compliance.

Should you tell your clients their data is in the cloud?

Another obvious risk is to client care standards and confidentiality. Law firms should consider if they need to disclose to clients that their data may be stored in the cloud. Firms must ensure that any cloud provider has adequate controls in place to meet any data protection requirements, and should check whether data will only be stored on servers within the EEA (or countries whose data protection regimes have been deemed adequate). Cloud providers should be able to offer audited information security that is compliant with ISO27001 or other relevant security standards.

Is the cloud always available?

Cloud computing does carry the risk of server downtime; it is advisable to check a cloud provider's outages record, and to check that any service level agreement with a cloud provider includes minimum uptime and adequate protections for outages. Data availability will also be vital in the event of any physical damage, such as flooding or fire, or if the cloud provider becomes insolvent or is bought or sold by another company.

One potential risk factor is a cloud service provider closing down, and then being unable to access data at all or without any further payment. Firms should ensure data is backed up frequently to a second location, and is easily accessible in a useful format. It is also important that any subcontractors are required to adhere to the same standards as the primary cloud provider.

Eyes open

Cloud computing can provide flexibility, enhanced security, better quality services at a lower cost, and improved mobile and collaborative working, but is not without risks. Law firms should feel confident using cloud services, so long as they do so with 'eyes open' to these risks. From a contractual perspective, the "devil is in the detail", so cloud computing contracts need to be reviewed carefully.

For further guidance, please refer to the Law Society's practice note on cloud computing.

Stay up to date with all those buzzwords and what they mean for law firms:join Sam and other speakers to explore and understand the cloud, big data, GDPR, client data security and regulation and risks in our digital world on Wednesday 27 September 9-17:00

Tags: knowledge management | cyber security

About the author

Dr Sam De Silva is partner at CMS Cameron McKenna Nabarro Olswang LLP, former Chair of the Technology & Law Reference Group at the Law Society, and UK solicitor representative on the EU Commission Expert Group on Cloud Computing 

 
  • Share this page:
Authors

Adam Johnson | Adele Edwin-Lamerton | Alex Barr | Alex Heshmaty | Alexandra Cardenas | Amanda Jardine Viner | Amy Heading | Andrew Kidd | Andy Harris | Anna Drozd | Annaliese Fiehn | Anne Waldron | Asif Afridi and Roseanne Russell | Bansi Desai | Barbara Whitehorne | Barry Wilkinson | Ben Hollom | Bob Nightingale | Caroline Roddis | Caroline Sorbier | Catherine Dixon | Ciaran Fenton | David Gilroy | David Yeoward | Douglas McPherson | Dr Sylvie Delacroix | Duncan Wood | Elizabeth Rimmer | Emily Miller | Emma Maule | Gary Richards | Gary Rycroft | Graham Murphy | Hayley Stewart | Ignasi Guardans | James Castro Edwards | Jayne Willetts | Jeremy Miles | Jerry Garvey | Jessie Barwick | Joe Egan | Jonathan Andrews | Jonathan Smithers | Julian Hall | Julie Ashdown | Julie Nicholds | Karen Jackson | Kate Adam | Kayleigh Leonie | Keiley Ann Broadhead | Kerrie Fuller | Kevin Poulter | Larry Cattle | Laura Devine | Leah Glover and Julie Ashdown | LHS Solicitors | Lucy Parker | Mark Carver | Mark Leiser | Markus Coleman | Martin Barnes | Matthew Still | Meena Toor | Melissa Hardee | Neil Ford | Nick Denys | Nick Podd | Pearl Moses | Penny Owston | Peter Wright | Philippa Southwell | Preetha Gopalan | Rachel Brushfield | Ranjit Uppal | Richard Coulthard | Richard Heinrich | Richard Messingham | Richard Miller | Richard Roberts | Rita Oscar | Rob Cope | Robert Bourns | Robin Charrot | Rosy Rourke | Saida Bello | Sam De Silva | Sara Chandler | Sarah Austin | Sarah Crowe | Sarah Henchoz | Sarah Smith | Shereen Semnani | Sophia Adams Bhatti | Steve Deutsch | Steve Deutsche | Stuart Poole-Robb | Susan Kench | Suzanne Gallagher | Tom Ellen | Tony Roe Solicitors | Vanessa Friend

Tags

access to justice | anti-money laundering | apprenticeships | archive | artificial intelligence | Autumn Statement | bid process | brand | Brexit | British Bill of Rights | Budget | business | careers | centenary | charity | city | communication | Conservatives | conveyancing | court closures | court fees | courts | CPD | criminal legal aid | cyber security | David Cameron | development | Diversity Access Scheme | diversity and inclusion | education and training | elderly people | emotional resilience | employment law | equality | European Union | Excellence Awards | finance | George Osborne | human rights | human trafficking | immigration | in-house | International Womens Day | Investigatory Powers Bill | IT | Jeremy Corbyn | justice | knowledge management | Labour | law management | Law Society | leadership | legal aid | legal professional privilege | LGBT | Liberal Democrats | library | Liz Truss | Magna Carta | mass data retention | mediation | members | mention | mentoring | merger | modern slavery | morale | National Pro Bono Week | Parliament | party conferences | personal injury | Pii | politics | president | pro bono | productivity | professional indemnity insurance | represent | retweet | risk | rule of law | security | social media | social mobility | SRA | staff | strategy | stress | talent | tax | tax credits | team | technology | Theresa May | Time capture | training | Twitter | UKIP | value proposition | website | wellbeing | Westminster weekly update | wills