Should Law Firms Move Their Data to the Cloud?

For businesses ranging from mom-and-pop shops to major enterprises, the tech forecast is definitely cloudy. All the major cloud infrastructure vendors are seeing high double-digit growth each year, and public cloud service offerings as a whole are expected to net more than $200 billion in 2019, according to Gartner.

But while the rest of the world is moving rapidly to the cloud, the legal profession is lagging. According to the American Bar Association’s 2018 Legal Technology Survey Report, just under 55% of all firms surveyed use some form of cloud computing, including Software as a Service, Infrastructure as a Service, or Platform as a Service offerings.

Is it time for firms to join the cloud revolution? Before you move any of your own infrastructure or data, it’s important to answer some fundamental questions.

How Cloud-Based Are You Today?

Any major technological shift has to start with a thorough assessment of your organization’s infrastructure. What are your business-critical applications? Where are they running? Are they stored in an on-premises data center or a colocation site? How sensitive is the data you’re protecting?

When you do that assessment, you may well find that many parts of your organization are already operating in the cloud. If you use Gmail, social media for marketing, or a Software as a Service solution, you’re already at least partially cloud-based. You may also rely on disaster recovery or business continuity solutions in the cloud.

And that assessment may also reveal that firm employees are spinning up cloud-based solutions for themselves, such as those for collaboration technology or file storage. This so-called “shadow IT” accounts for 30-40% of the technology budget for large enterprises, according to Gartner.

How Much Tech Expertise Can You Call Upon?

Once you know what you have and where it is, the question then becomes what infrastructure and services you should migrate to the cloud and what needs to stay behind.

Small firms with little to no IT staff may find it’s easier and even more cost-effective to let cloud providers take care of maintaining, upgrading, and patching servers. Tech specialists at the leading cloud and SaaS providers have far more expertise in managing infrastructure than your typical law firm’s IT employees, and they can do it more cost-effectively at scale. For these firms, a full cloud transition may be appropriate.

Still, moving 100% to the cloud isn’t always possible. Cloud migration can be a complex and costly process, especially for larger firms. Organizations that have recently made large capital investments in on-prem technology will want to amortize them over a period of years before moving. Decisions to migrate to the cloud are typically made when legacy infrastructure is nearing its end of life.

In addition, some workloads that need to run 24/7 may be too expensive to run in the cloud.

Not surprisingly, the ABA survey revealed that solo practitioners and small firms lead the way in cloud use, approaching 60%. Practices with 500 attorneys or more reported cloud use of only around 36%.

What Are Your Practice Specialties?

Practice specialties and client concerns often drive decisions on whether to move to the cloud.

For example, firms specializing in intellectual property law are often forbidden by their clients from storing any proprietary information in the cloud, for fear it might be compromised or stolen. Medical malpractice and class-action firms, on the other hand, rely heavily on the cloud to alert and qualify potential litigants. They must also often scale up quickly to handle document processing for thousands of clients, then scale back down when a case has been settled. In these cases, it almost always makes more sense to “rent” as much tech infrastructure as possible rather than to purchase it outright.

Then there is the small but growing genre of virtual law firms whose partners share no centralized office and rely entirely on cloud services to manage cases and interact with clients. The lower overhead and greater flexibility of practicing law from virtually anywhere holds a strong appeal to firms of all sizes.

How Much Can You Afford to Invest in Infrastructure?

How your organization is structured and how it manages its finances should also play a role in your cloud migration decision.

When you move from an on-premises data center to the cloud, you’re also shifting a big chunk of your IT spend from capital expenditures to operating expenditures. The lower up-front investment for OPEX can prove an advantage for firms that may lack the resources or the desire to invest in infrastructure.

Instead of building out a new data center to serve the firm for another three to five years, a firm can simply pay for cloud services as it needs them. This also removes the need to anticipate future growth and avoids overprovisioning, as cloud infrastructure can be scaled up or down as needed.

But running in the cloud isn’t always cheaper. It’s very easy for users to spin up services they aren’t fully utilizing or forget to turn them off. While uploading data to the cloud is usually free, providers will charge you fees when you want to download it. Production systems that are running most or all of the time are typically costlier to operate when you’re paying per CPU cycle or per gigabyte.

If you fail to closely monitor your cloud OPEX costs, it could prove to be more expensive over the long run.

How Mature Is Your Security Strategy?

Perhaps the biggest reason some law firms are hesitant to move to the cloud is concern over privacy and security. Besides the need to protect client confidentiality, many firms deal with a wide range of sensitive and highly regulated data, such as medical, employment, immigration or financial records.

But this is where perception tends to blur reality. When you look at the history of major data breaches and successful attacks over the past five years, nearly all of them affected private firms maintaining their own data. They had failed to keep their systems up to date, or they had set up a cloud service with an inadequate security profile.

The truth is that your data is much more vulnerable when you’re managing it yourself. Security is inherently complex. If you have data in 20 locations, that means you may have 20 firewalls to manage, along with 20 intrusion detection and other security systems. Making a single companywide policy change requires touching each of those systems. Unpatched vulnerabilities account for 60% of data breaches, according to the Ponemon Institute.

The big cloud vendors have much greater security expertise than private entities, and all are certified compliant with federal data governance standards. There’s also a growing market of cloud access security brokers that can not only help secure cloud applications but also monitor use and enforce firmwide policies.

Long-held perceptions are slowly changing. In that ABA survey, just over 30% of firms said they adopted cloud solutions in part because they offer greater security than the firms could provide on their own.

The Wisdom of Clouds

For most firms, it’s no longer a question of whether or not to move to the cloud, but of how many systems will make the migration. Still, the larger the practice, the more complex the decision will be.

Many midsize or large firms may end up adopting a hybrid approach, using some public cloud services while maintaining sensitive data or mission-critical apps on-premises.

By moving all or some of their infrastructure to the cloud, law firms can avoid costly capital expenditures, gain faster access to technology resources and have greater flexibility to respond to changing technology needs. That’s a winning argument in any court.

Check Also

NFTs And The Law: What Do I Actually Own?

A quick look into NFTs, and how they fit into a legal landscape that isn’t ready for them.