There’s no denying that cloud-based services are becoming more prevalent in law firms around the country. Law technology experts say what’s key with cloud computing is how to use it the most effectively and efficiently, meeting your needs as a lawyer while at the same meeting needed privacy standards for your clients.
“It is a reality,” said Drew Simshaw, clinical teaching fellow at Georgetown University Law Center who earned his J.D. from Indiana University Maurer School of Law and has specialized in information security and cloud computing. “Anyone who’s asking should we get the cloud is asking a very antiquated question. All firms will be using the cloud. The question is how to use it more responsibly.”
For the uninitiated, cloud-based services are any resources provided over the Internet. The most common cloud services resources are software as a service, platform as a service and infrastructure as a service. More and more firms are moving to cloud-based services, as a recent survey indicates.
A survey of 420 law firms conducted in June 2015 by the International Legal Technology Association found 51 percent of law firms planned to increase their adoption of cloud-based solutions in the coming year. However, 48 percent don’t expect their cloud usage to change. One percent of firms thought their cloud usage would decrease.
Those numbers are due to the uncertainty of cloud services going forward. Many businesses don’t know about cloud-based services, don’t trust them or are still trying to figure out how they work. Still, there are inherent advantages to cloud-based services, such as cost, less required physical storage space and having another firm take care of security.
Marc Matheny, an Indianapolis solo practitioner who focuses on family law, estates and personal injury, said he uses cloud services for some things. He tried Clio and Rocket Matter, saying he “heavily invested” in Clio, but it did not turn out well.
“It did not sync well with the Microsoft exchange server,” Matheny said.
He also said he hasn’t “drunk the Office 365 Kool Aid,” because he doesn’t like paying the service fee of $40 a month. He said the 2010 version of Microsoft Office he has does everything he needs it to and doesn’t see the need to pay the fee.
Yet, that is one of the main benefits of cloud computing. Ray Biederman, a partner at Mattingly Burke Cohen and Biederman LLP in Indianapolis and founding member of Proteus Discovery Group, a company dedicated to data management and document review services, said he uses mostly cloud services, and one of the main attractors is the price.
“It’s cost effective,” Biederman said. “You only pay for the services you need on a monthly basis, and the subscription fees are small.”
With the subscription you get the most up-to-date software, Biederman said. When looking at Microsoft, an attractive aspect is the company is responsible for infrastructure maintenance and data security concerns.
“There are a lot of hackers and evildoers and it’s a lot easier to break into a secondary source than Microsoft,” Biederman said. “They have tight, high security. We even vet the vendors we use to make sure they are offering the same high level.”
The top three concerns among lawyers when switching to cloud-based services are security, cost and reliability, according to the International Legal Association survey. Seth Wilson, an attorney with Adler Tesnar & Whalin in Noblesville who also helps manage the firm’s day-to-day IT services, said there are security risks no matter how information is stored.
“There’s no way to have a 100 percent safe system,” Wilson said. “So what do you do with that? If you have a server in your office and host data on that, there’s risk with that as well.”
He said the best way for firms to adopt the cloud is to figure out what’s right for them and use common sense to keep data secure when moving to the cloud.
“How are you protecting your data? Is your software updated? Do you have virus protection?” he said. “I wouldn’t get on Starbucks Wi-Fi to get your work done, that’s just inviting hackers your way.”
Matheny said one of the first things he looked at was where servers were located for cloud-based services. If they were located out of the country, he did not think about going with them.
“You need to have a secure host,” Matheny said. “Most companies are pretty open about where they are located.”
Wilson, Simshaw and Biederman said hiring someone, or at least consulting with someone who has IT experience and understands networks, is a good idea when setting up cloud services and keeping them going.
“A lawyer is not a networking security specialist,” Biederman said. “To hire someone like that is pretty expensive, but your entire business model is based on being secure. You need to have certain compliance with data security protocols.”
Biederman said lawyers have to understand what they are getting into and minimize the risk as much as possible.
“You need to be prepared to deal with a breach if it happens in a responsible way,” Biederman said. “Having Microsoft help with your security or having someone (help with IT issues) is the best of both worlds.”
Simshaw said security is not just a matter of good business practice, but could also harm a lawyer’s career if data gets out. Lawyers are under an ethical obligation to keep their clients’ data safe under the American Bar Association’s updated Model Rule 1.6, which was enacted after a commission on ethics in 2012.
“That includes talking to their clients in the open about the use of technology to meet the language in the ethics rules,” Simshaw said. “Lawyers need to affirmatively take positive steps.”
He said many lawyers use cloud-based services now, even if they really don’t consider it.
“Anyone who uses Web-based email is essentially using a cloud-based service,” he said. “But this is expanding that.”
He also had some advice, especially for firms who may be divided about using cloud services.
“You need to talk about the benefits and risks of the use of technology,” he said. “New technology can be more secure than old technology, but there’s often a generational split. Older employees in the firm may be averse to adopting something that could be more secure, but younger people may be less critical of the risks involved. There’s not a right single (way to) approach to it, and with both generations working right now, everyone needs to be heard.”•