Law firms often deal with privileged and highly sensitive information. Understandably, keeping this information secure is of utmost importance, and several law firms are moving to the cloud driven by this need for security. Having said that, there are still some law firms holding on to the more traditional, on-premise systems.
In this article, I take a brief look at what being on the cloud entails for a law firm, and why an on-premise setup might not necessarily be the best option for the law firms of tomorrow.
| On Premise | Private Cloud | Public Cloud |
| The IT infrastructure is hosted locally and managed in-house by the law firm. Typically, the firm would have large server rooms on its premises to host the technology. | The IT infrastructure is hosted on the cloud, but on a private cloud managed by the law firm. Here the cloud service provider (like AWS or Azure) provides the cloud (depending on the provider you could potentially also purchase additional services like security infrastructure, storage, databases, etc.) however the in-house IT continues to manage the deployment of the various tools on the cloud and manages all the services. | The IT infrastructure is hosted in the cloud managed by a technology vendor. |
| This is like building your own house from scratch. You need to purchase the raw materials (bricks, wood, cement, glass) and then put it together and do the interiors. You have complete control over the process and can customise the house the way you want. You also need to provide for maintenance and upkeep. | This is like buying a house where the main structure of the house is ready, but you need to do everything else. The housing developer who sold the house may also sell you interior services and maintenance services, though you could also do these on your own or through a third party. You still need to oversee and manage the services. | This is like renting a serviced apartment/ house. You don’t need to buy anything, you just rent out everything you need. You have less control over the look and feel of the house because it has been designed and is maintained by the developer. You typically pay for what you use and it is easy to expand (add 2 more houses for rent) or shrink capacity (or take 1 house out) as per your changing needs. The developer takes care of the security, maintenance and upkeep of the place. |
To understand the differences in granular detail, let’s take a look at the following 3 charts which highlight the responsibilities of an in-house IT team (in green) with that of the cloud provider (in blue) in each of the above 3 scenarios.
It is evident from the above that staying on-premise places a larger burden on the in-house IT team. If a law firm chooses to stay on-premise, it must be confident that it’s IT team is competent and has sufficient resources at its disposal to continually perform its functions at high levels of efficiency. This may be true for some select law firms, but not all law firms. Most law firms are in the business of providing legal advice and not in the business of maintaining high end IT systems. Accordingly, it may be more efficient to outsource this function to a professionally managed cloud vendor, whose core business is providing cloud services. The unit economics of maintaining a high end cloud system will typically be better for the vendor than the law firm, as the vendor benefits from economies of scale.
Remote working during the pandemic accelerated the adoption of several cloud technologies. According to Clio’s Legal Trends Report 79% of law firms surveyed were storing firm data in the cloud. Further, in Thomson Reuters 2021 Report on the State of the Legal Market, 84% of surveyed partners expected their firms to increase investments in technology. WFH has made accessibility to data from a remote location a necessity and cloud technology enables this seamlessly. IT teams too are able to easily work remotely when using the cloud.
Some law firms believe that on-premise is more secure as you are in control of the entire environment, including granting access. While that sounds convincing on the face of it, the truth is that unless you are professionally managing your on-premise tools (conducting regular maintenance, preparing for business continuity, disaster recovery, continuous upgrades, etc.), you could be more vulnerable to a security breach than you would have been had you been on a professionally managed cloud. So, before you dismiss moving to the cloud because of security concerns, you really need to ask yourself whether your firm is in fact adequately managing your on-premise solutions. Take a look at this article where the American Bar Association (ABA) explores how the cloud is a safer place for storing legal data. The below diagram draws a comparison between the security protocols between a law firm and a professionally managed cloud vendor.
Further the ABA article states most secure cloud operators support security certifications like ISO 27001, HIPPAA, SAS 70 Type II, NIST 800-53 and encryption, which most on-premise systems would struggle to achieve. The ABA conducted a Legal Technology Survey Report in 2021 which explores security threats and safeguards used to protect against them. When survey participants were asked whether they ever experienced an infection with viruses/ spyware/ malware, 29% reported infections, 39% reported no infections and 32% reported not knowing whether they had been infected. It is quite alarming to note that there may have been a data breach and it may have gone unnoticed altogether! All in all, the evidence indicates that in most cases it would make sense to move to a professionally managed cloud.