Back to top

A changing landscape

17 November 14

Cloud computing services are well established in the legal market, but data security issues in the news mean that providers have to keep abreast of customer queries

The very term “the cloud” has a certain mystique about it. But storing and retrieving data on the cloud is little different from using the likes of Google or Amazon – except that whereas these operations are open to anyone, cloud solutions for law firms are private business-to-business services set up on an individual contract basis. Now well established in the Scottish legal market, practices are nevertheless at all stages on the road to investing in or upgrading IT. And their queries as they do so reflect the digital information issues that are currently making headlines.

Providers themselves recognise that there is no “one size fits all” model. While a cloud-based system may offer increased flexibility for the user, the availability of support and maintenance, and the ability to respond more quickly to changing IT demands, there is a balance to be struck between the ongoing cost of what is essentially a rental or service agreement, as compared with the outlay for an in-house system. Which is more easily upgraded? How do they compare for ease of access, reliability, backup? Such questions are for each practice to answer for itself.

Cloud providers have long promoted their high levels of security. But in these days of revelations about government surveillance, and controversial legislative powers authorising monitoring of electronic communications, customer businesses are seeking reassurance.

Under surveillance?

“The surveillance issue has certainly caused more questions to be asked, and that is a good thing,” claims Warren Wander, managing director of LawWare, which markets LawCloud. “The real extent of surveillance is impossible to quantify. Whether you believe that all email is intercepted or none is, the reality will be somewhere in between.”

Similarly, Mike Walker, chief software architect of Thomson Reuters Elite, recognises that the “Snowden effect” – from the revelations by former National Security Agency worker Edward Snowden – means a “significant concern” for law firms when it comes to cloud services.

“Whenever data is stored outside the direct control of a law firm’s own IT department, there will be concerns over security,” he acknowledges. “However, vendors can do a great deal to mitigate these security concerns, for example, by adhering to established industry best practices and where necessary through addressing the data location concerns of customers.”

Walker indeed asserts that these days the big cloud providers are often more secure technically than an in-house corporate data centre, because of the challenges to fully implement ISO standards required by governmental and other industry bodies.

“The key is to understand the risk,” Wander maintains. That depends in part on the type of work you engage in, he adds. “Where the rewards to others are greatest – whether it be governments, cartels or individuals desiring insider information – care needs to be taken. And remember that information can be stored on any device – it’s what you connect that device to that needs to be risk assessed.”

Hybrid version

Is there room for any kind of halfway house, allowing you (hopefully) the best of both worlds? The answer appears to depend on your size of business. “Hybrid cloud is a sophisticated model,” Wander explains. “It’s the territory of the really large firms with large budgets. It’s not something that LawWare would get into, as our level of client prefers a more straightforward delivery model, therefore it’s about deciding what you want on the cloud and what you want installed for the small and medium-sized law firms in Scotland.”

Thomson Reuters, on the other hand, are in the market. “We enable law firms to deploy our solutions either on-premises (behind a firewall), completely in the cloud via a hosted solution, or a hybrid mix of the two,” Walker states.

One option he mentions is “elastic computing”, which enables law firms to meet temporary capacity needs, such as turning on computer power for a few days of the month and off for the rest of the month. The benefit of this type of flexibility, he says, is that it reduces costs for the firm but improves response, as the “elastic” infrastructure offers more power for less. And it avoids having all your eggs in one basket.

Further questions

How long will you be tied in to any deal? This is a big issue for clients, in Wander’s experience. “Many cloud providers want long terms included in their agreements – three year terms with another year’s notice of termination have been reported. If you are starting up your law firm you don’t want that kind of millstone, no matter how confident you are. Look for shorter-term agreements, as this indicates someone that understands that risks can be shared in this economic climate.”

Walker reports queries over the integration of multiple software systems. “The number of essential systems a law firm uses has tripled since 2001,” he points out, “and customers tell us they spend too much money and time on integration every time they purchase new software.”

Thomson Reuters’ “Workspace” product provides a common platform to enable Thomson’s business systems, and those of its partners, to be accessed “in one collaborative view on mobile devices and web-based clients”, in Walker’s words.

Both providers cite location of the data centre as an issue commonly raised. “If it is in the UK, it is likely to be Data Protection Act compliant,” Wander observes. “If it is within the European Economic Area, the European Data Protection Directive applies ( If it isn’t in the EEA, you almost certainly need to be looking for one that is.”

Walker points out that concerns may arise in relation to the Patriot Act, which gives the US authorities extensive rights of data access in relation to cloud services based there. Thomson Reuters maintains data centres round the world in order to address data residence worries.

Guidance on this and other questions has been issued by the Law Society of Scotland: see the panel for details.

One matter that should no longer be an issue these days is the reliability of internet access. Cloud service level agreements may offer as much as 99.9% availability (or you get some money back) – which is likely to compare favourably with possible server downtime for in-house systems.

How is your internet connection? “If your internet is unreliable or extremely slow, you will have to think long and hard, although you should be complaining to your provider as this is very rarely experienced nowadays,” Wander sums up.

Questions to ask

Guidance from the Law Society of Scotland on cloud computing systems can be found in Division B of the rules and guidance on the Society’s website, or through this shortcut:
For an article on the guidance, see Journal, January 2012, 30 

Have your say