The biggest story in the 2020 ABA Legal Technology Survey Report is not so much the 2020 results. It’s the not-yet-written story of the 2021 results as we see the impact of COVID-19 and “work from home” on the way the legal profession works.
The 2020 results are based on pre-COVID information. They promise to be very interesting as a historical document and a baseline.
Nonetheless, there’s much to learn from the 2020 results and what they tell us about how to move forward into an era that, in every part of the legal system, promises to be much more cloud-intensive in the near future than it is now. Were you thinking about Zoom meetings and online court hearings in January 2020?
The Cloud: Background
What is the cloud? The terms “cloud” and “cloud computing” have become much more familiar to lawyers in the last few years, but there can still be some confusion about definitions and acronyms. In the enterprise IT world, you will find public, private, and hybrid clouds, and many flavors of “as a service”: software (SaaS), infrastructure (IaaS), and platform (PaaS), to name the three most common.
To keep it simple, the 2020 Survey has focused on the basic concept of a “web-based software service or solution,” including Software as a Service (SaaS). In practical terms, you can understand cloud computing as software or services that can be accessed and used over the internet using a browser (or, commonly now, a mobile app), where the software itself is not installed locally on the computer being used by the lawyer accessing the service. Your data are also processed and stored on remote servers rather than on local computers and hard drives. Cloud applications might also be referred to as “web services” or “hosted services.”
Cloud services might be hosted by a third party (most commonly, Amazon Web Services or Microsoft Azure platforms) or, more commonly in the legal profession, by a provider running its services on Amazon, Microsoft, or another cloud platform. It’s also possible, though unlikely, that a law firm could host and provide its own private cloud services.
The cloud approach has become quite popular in the business world (e.g., Salesforce.com, BaseCamp, Microsoft 365, Zoom, Microsoft Teams, LinkedIn, Facebook, and Slack) and for individuals (e.g., Dropbox, Gmail, and Evernote). There are also a growing number of legal-specific cloud services, such as Clio, Rocket Matter, NetDocuments, Practice Panther, MyCase, TimeSolv, and many more.
Many people also use cloud applications daily in their personal lives, from Gmail to Dropbox to Netflix. According to a report by Skyhigh Networks, the average number of cloud applications used by each employee in large business enterprises has been estimated at 36 apps.
In the legal profession, it’s still a much different story. Legal is a lagging industry in cloud use. In 2020, the reported use stayed flat. However, that’s not the big story. In 2020, the poor, and worsening, cybersecurity approaches lawyers are taking to the use of cloud applications continued to be the key take-away from the 2020 Survey. It’s difficult to reconcile the ethical duty of technology competence with the reported behaviors.
The 2020 Survey results again show lawyers still using the cloud much less than the rest of the business world. The 2020 Survey reports that cloud usage (pre-COVID-19) stayed flat at 59%. Those saying they don’t use any cloud services dropped slightly–from 31% to 28%. The “don’t know” category increased slightly to 14%. In a surprising “flip” from last year, larger firms took the lead in cloud adoption, with the lowest reported adoption in solo firms (52%, down from 60%). Solos and small firms topped the list previously in the 2019 Survey.
The 2020 Survey highlights a major concern that, while lawyers talk the talk about security concerns in cloud computing, to a shocking degree they do not walk the walk. As I emphasized last year, the poor results in the cybersecurity category should be a major concern for the legal profession. If you take only one thing from this TechReport to add to your 2020 technology agenda, it should be to up your game on cloud security, for your sake and, even more so, for the sake of your clients.
The key cloud computing benefits have remained constant over the years. Lawyers and law firms see the cloud as a fast and scalable way to use advanced legal technology tools without the need for a substantial upfront capital investment in hardware, software, and support services. Cloud services are generally made available in the form of a “subscription,” with a periodic fee (typically monthly or annually) per user.
A popular example of a cloud service is Dropbox, a cloud service for file storage and sharing, that 67% of lawyers reported that they are already using. That makes Dropbox the most commonly-used cloud services for lawyers by a considerable margin. In fact, five times as many respondents used Dropbox as the most popular legal-specific cloud tool.
The standard Dropbox business account currently starts at $150 per year for three users. Microsoft 365 for business now starts at $5 per user per month or $12.50 per user per month for Business Premium. Many traditional software providers have moved to cloud models and offer hosted versions of their products, joining many companies that focus solely on the cloud. The EXPO Hall at ABA TECHSHOW 2020 again had a noticeable increase in the number of exhibitors with cloud products over prior years.
Despite the slow growth and wariness of lawyers, cloud computing appears to be moving toward becoming a standard approach in legal technology, with more than half now using cloud services, even before the changes brought on by COVID-19.
- Cybersecurity has passed the crisis point in lawyers’ use of cloud services in the COVID-19 world. The 2020 (pre-COVID-19) survey results showed further slippage in the already lax compliance of lawyers with even the most basic cybersecurity practices. Although lawyers say that confidentiality, security, data control and ownership, ethics, vendor reputation and longevity, and other concerns weigh heavily on their minds, the employment of precautionary security measures is quite low. No more than 31% (down from 35%) of respondents were taking any one of the specific standard cautionary cybersecurity measures listed in the 2020 Survey question on this topic. Eleven percent of respondents (up from 7% in 2019) reported taking none of the security precautions of the types listed. Only 45% of respondents report that the adoption of cloud computing resulted in changes to internal technology or security policies. These are disturbing numbers.
- Cloud usage stayed flat from 2019 to 2020 at 58%. In a bit of a surprise, solos and small firms, who traditionally have led the move to the cloud in legal, dropped to last place as larger firms moved forward.
- Despite some reservations, lawyers continued to use popular business cloud services like Dropbox (67%), Microsoft 365 (49%), iCloud (19%), Microsoft Teams (18%), Box (13%), and Evernote (12%) at higher rates than dedicated legal cloud services. Clio and NetDocuments ranked the highest among the legal-specific cloud services.
- Lawyers are becoming more familiar with cloud technologies and are attracted by anytime, anywhere access, low cost of entry, predictable monthly expenses, and robust data backup. Notably, only 27% indicate that cloud services provide the benefit of giving greater security than they can provide on their own. This confidence in light of their actual security practices reinforces the concerns around cybersecurity.
- Concerns about confidentiality/security (60%) and lack of control over data lead the “biggest concerns” list about cloud services by a wide margin. Almost 94% of lawyers rate the reputation of the vendor as important (very, 74%, and somewhat, 20%) in their decision-making process.
- The 2020 Survey results also suggest that client-focus is not a driving factor for lawyers using and considering the use of cloud computing. The consideration of client needs, expectations, and desires should be a key target area for innovative lawyers and firms.
- Only 13% of respondents indicated that they expected to replace an existing software tool with a cloud tool in 2019. 40% have no plan to do so and 48% don’t know. Again, these are pre-COVID-19 numbers
- More than a third of lawyers are at firms with extranets. Extranets are used primarily for firm lawyers (84%) and much less likely for clients (33%) or external collaboration (23%).
1. Cybersecurity: At a Crisis Point?
Although lawyers have a lot of concerns and wariness about cloud services, especially security, confidentiality, and control issues, their reported behavior about precautionary measures simply does not reflect what they express their level of concern to be. In fact, the results are shocking and reflect little, if any, positive movement in the past year or even in the past few years. The lack of effort on security has become a major cause for concern in the profession.
Of 13 standard precautionary security measures listed in the 2020 Survey, only 31% of the respondents, down from 35%, employed the measure most commonly used (using secure socket layers aka SSL). The next most widely-employed precaution was making local data backups (30%, up from 27% in 2018). Given the emphasis on data privacy in 2020 because of the European Union GDPR, California, and other data privacy legislation, the decrease from 28% to 27% of respondents reviewing vendor privacy policies is alarming. Only 27% reviewed ethical rules and opinions on cloud computing and just 24% reported that they reviewed terms of service. Would lawyers recommend that their clients take these approaches?
The numbers only get worse from there.
Twenty-five percent sought advice from peers and only 21% evaluated vendor company history, despite the stated importance of vendor reputation (94%) in selecting vendors.
At the very bottom of the results are things that lawyers should do quite well. A mere 9% (up from 4%) negotiated confidentiality agreements in connection with cloud services, and, in next to last place, only a shocking 5% negotiated service legal agreements (SLAs). If security and confidentiality are lawyers’ biggest concerns about cloud computing, does this behavior make any sense? What questions does this raise about meeting technology competence ethical requirements?
2. Usage Numbers
3. Consumer Cloud Services More Popular Than Dedicated Legal Services
The 2020 Survey asked respondents what cloud services they had used. Dropbox topped the list at 67%. Microsoft 365 (formerly known as Office 365) was in second place at 49%. Other consumer or small business cloud services also remained popular (notably, iCloud at 19%, Microsoft Teams at 18%, Box at 13%, and Evernote at 12%), despite a lot of discussion about encryption and other security concerns about consumer cloud services in the press and among lawyers. Zoom was not even on the radar.
Legal-specific cloud services have not reached the same levels of popularity as consumer services. Clio continues to be the most popular legal cloud service named by respondents (13%), followed by NetDocuments (11%), and MyCase (5%). These results might reflect both the difficulties lawyers and others have with determining what exactly is a cloud service and the increased number of legal cloud service providers, especially in the case management category. Note that services that many would consider “cloud”—WestLaw, LexisNexis, FastCase, to name a few—do not show up in the results, except possibly as small components of the “Other” category (14%).
In the last few years, the collaboration tool Slack has become extremely popular in small businesses and technology companies. As of now, there is still no indication of its uptake in the legal world, although Microsoft Teams, a competitive product, came in at the 18% level.
4. Where is the Client-Focus?
Largely missing in action in the results were clients and client concerns. Here are a few numbers to consider. Extranets are probably the classic example of a secure cloud tool that can help clients and help collaborate on projects with external parties; 38% of firms have extranets, 41% do not, 21% don’t know. The results show that 84% of firms allow access to their lawyers and 62% to their staff. Access to clients, who potentially benefit the most from extranets, was only provided by 33%. Collaboration for “friendly” outsiders was permitted by 23%.
5. Cloud Benefits
There was not a lot of change in the perceived benefits of cloud computing shown in the 2020 Survey. Anywhere, anytime access is the biggest perceived benefit of cloud computing for lawyers. Low cost of entry and predictable monthly expenses are also highly rated benefits. Other economic benefits, such as eliminating IT and software management requirements and quick start-up times are also seen as important benefits by almost half of the respondents. Only 27% of lawyers see “better security than I can provide in-office” as a benefit of cloud computing—a striking number, especially to anyone familiar with data center security procedures as compared to standard security practices in law firms.
6. Biggest Lawyer Concerns
Lawyers continued to express reservations and concerns about the cloud. When current cloud users were asked to identify their biggest concerns, they cited “confidentiality/security concerns” (60%, down from 65%) and concerns about a lack of control over data (46%). Concerns about losing control over updates (28%) and vendor longevity (24%) were other significant concerns. Only 12% listed client concerns about lawyers using the cloud. The changes from 2019 were not significant.
There were similar concerns among those lawyers who have yet to try the cloud. When asked a question about the concerns that had prevented them from adopting the cloud, 47% cited confidentiality/security concerns, 41% cited the loss of control over data, and 28% cited the cost of switching. “Unfamiliarity with the technology,” was listed by 34%. Again, the changes from 2019 were not significant.
7. Name and Reputation of Cloud Vendor
Ninety-four percent of respondents using cloud services considered the name and reputation of the cloud vendor as either very important (74%) or somewhat important (20%) to their decision. However, only 21% of respondents reported that they evaluated the vendor’s history and only 25% sought out peer advice/experiences in connection with the vendor. This area is definitely one in which lawyers can improve their due diligence efforts.
8. Replacing Existing Tools with Cloud Services
Even though interest in cloud services is high, the interest does not seem to translate into substantial action at this point, at least in terms of replacing existing software tools. Only 13% of respondents indicated that they expected to replace an existing software tool with a cloud tool in 2020. Lawyers might be looking to the cloud only for new tools or to supplement existing tools. They also might not be thinking of mobile apps as cloud tools. Again, the results reflect pre-COVID-19 answers. Presumably, the use of Zoom for online meetings has dramatically changed this number already in 2020.
9. Internally-focused Extranets
Extranets are the premier example of a client-facing tool. Lawyers, perhaps ironically, have focused on extranets as internal tools. Extranets are private websites for which a user—internal or external—must have authorization to use. A law firm extranet could be used to allow a client to access files or gain other information on matters. Firms primarily either use a custom solution (38%) or Microsoft SharePoint (38%).
More than a third of lawyers are at firms with extranets. Extranets are used primarily for firm lawyers (84%) and staff (62%), but much less for clients (33%) and outside collaborators (23%). These numbers suggest opportunities for lawyers to open up these tools for clients and outside collaborators.
The 2020 Legal Technology Survey shows that, for a small, but slowly growing, majority of lawyers and firms, cloud services are now part of the IT equation. Overall, reported growth in cloud use stayed relatively flat. However, the continuing lack of actual attention to confidentiality, security, and due diligence issues remains a serious and disturbing concern, especially with the growth in mobile apps running on cloud services. The results on security procedures will continue to fuel client concerns about their outside law firms making adequate efforts on cybersecurity, and the numbers indicate that they should be worried.
There is much that law firm IT departments and technology committees, legal technology vendors and consultants, corporate law departments, clients, and all legal professionals interested in the adoption of technology by lawyers can learn from these results. They give us much to think about and some indications where firms might want to move their technology strategies in the coming year and beyond. Applying basic common sense, diligence, and increased attention to cybersecurity efforts might be the biggest lesson to learn for the upcoming year. In short, cloud cybersecurity must be at the top of the list of questions for clients to ask their law firms. The current state of cloud security among law firms is a train wreck waiting to happen, especially given the changes brought by responses to COVID-19 and the move to working from home.