Moving your practice into “the cloud,” whether that involves a single application or all of your firm’s data, is not for everybody. But if you’re one of the many practitioners who have decided that there’s a compelling business case for employing cloud computing, it’s important that you do the appropriate research—and ask the relevant questions—to make sure you’re using a service provider that will help you meet the highest standards for client service and confidentiality.
Who is my vendor?
Knowing where a business started and where it is today will give you an idea of where that business is likely to be a year or five years down the road. Given the ongoing nature of the relationship with a cloud vendor, that’s an important consideration. Who were its founders? What other products has the company developed? Where does it get its funding? How many customers use its product? Has the product been reviewed favorably? Chances are good that this information is available through a quick Google search or even on the vendor’s website.
How and where will my data be stored?
Most cloud tools hide the where and the how of data storage by their very nature, providing users with intuitive, effortless interfaces. Data are saved automatically; files are organized and accessed without cumbersome file structures; files are versioned without tedious re-saving and complicated naming conventions; and storage capacity is rarely an issue. But what’s convenient on an end-user level can be nerve-racking when it comes to ensuring that your firm’s data is in good hands.
Here’s one wake-up call: Chances are good that your cloud provider doesn’t actually host your data. Most cloud providers use vast third-party data centers from companies like Amazon or Rackspace. That isn’t necessarily a bad thing—dedicated data centers can be incredibly secure and stable—but it’s important for you to know in advance. Be particularly cautious if the vendor uses data centers located outside of the United States, as laws regarding privacy may vary. Also, find out how your data will be protected. Does the data center offer redundant backup, preferably with some geographic redundancy? Is the data center (and the vendor, for that matter) regularly audited by an independent third party to ensure a high level of security?
Who can access my data, and is the data still mine?
Unless your provider allows you, and you alone, to hold the encryption key, it’s possible that your data will be accessible to others, particularly the employees of the cloud provider and/or the data center. Find out what policies and procedures they have in place to protect their customers, like limiting access only to a very small number of preapproved persons and providing thorough audit trails of any employee access to data. You’ll also want to verify that you retain ownership of your data. Some free service providers have been known to claim that all data uploaded into their system are their property—an unacceptable scenario when it comes to client files.
What are my terms of service?
Terms of service, privacy policies, service-level agreements, ethics statements, disclaimers—what do they all mean? Take the time to read through these documents so you understand exactly what your provider will and won’t do with your data. If you shudder at the idea of reading a terms-of-service agreement, the good news is that the terms for cloud providers are usually much simpler than those for software providers. As discussed above, pay particular attention to data ownership and access. Also, look for language regarding production of data. If served with a subpoena, will your provider give you notice before turning over your data?
How do I move on?
Breakups happen, even in the technology world. Maybe a new platform has hit the market that better fits your needs, or you’re moving to a new firm that already has its own software in place. Whatever the reason, you need to able to get your critical client data out of the cloud provider’s system in a non-proprietary format. Most providers will give you your data in a comma-separated values file. Keep in mind that the CSV won’t necessarily be usable until you’ve re-imported it into a new system or otherwise processed it.
When you ask about the ability to remove data from the system (the provider may refer to this as data portability), also ask about the policy for eliminating data. That is, if you decide to leave the service, how and when will the company erase your firm’s data from its servers? You don’t want your data lingering on its servers after you’ve moved on.
Selecting new tools for your practice should be viewed as an investment, both in time and money. A smart investment can help your firm be more efficient and help you be a more effective practitioner. An unwise, careless investment can seriously undermine your hard work. Take the time upfront to carefully consider your potential cloud-computing partners so that your firm will enjoy the best possible result.