Is the Cloud Safe for Law Firms?

Reprinted with permission from: New York State Bar Association Journal, May 2018, published by the New York State Bar Association, One Elk Street, Albany, NY 12207. Authored by Nina Lukina of Kraft Kennedy.

Addressing common concerns about privacy, compliance, and connectivity

Cloud computing has been gaining momentum for about a decade. Today many law firms are moving their documents, applications, and infrastructure to the cloud, but concerns still abound about its safety, compliance, and connectivity.

What is the cloud, anyway? The concept can seem nebulous, foggy, and unstructured. The government agency NIST defines it as a “Paradigm for enabling network access to a scalable and elastic pool of shareable physical or virtual resources (examples of resources include servers, operating systems, networks, software, applications, and storage equipment) with self-service provisioning and administration on-demand.”

Basically, when you transfer your data or application to the cloud, you are moving it from a resource that you possess and manage to that of another company. You already rely on the cloud for some aspect of your work or personal life if you use programs like Office 365, Gmail, Dropbox, or Google Drive.

The benefits of offloading data storage and application management, such as increased flexibility and reduced complexity, are swaying an increasing number of law firms. Still, because sensitive data is leaving the premises, the cloud computing model is far from universally trusted.

The first concern lawyers have about the cloud is, understandably, security. In the age of hacking, this is a foremost concern for an industry that traffics in highly sensitive information. The data is leaving your firm, and that seems worrisome. In fact, however, large cloud vendors like Microsoft, Amazon, and Google provide a level of security that is out of reach for your firm unless you were willing to invest a large amount of capital into it. These companies base their protections on their work for a huge number of companies and thus have a wider, more comprehensive view of cybersecurity.

Security is actually becoming a reason to move to the cloud for many companies. The same goes for compliance, which is another common concern, especially among law firms that work in health care, financial services, or with international clients. Many of the established legal IT vendors with cloud products make sure that they are thoroughly compliant with regulatory and international standards. For a complex regulation like HIPAA, it is often a headache to achieve the level of compliance on your own that a cloud vendor can offer.

When considering a cloud vendor, make sure to ask about the particular regulations that matter to your firm. Moving to the cloud can often be a way of outsourcing risk.

For an industry that must be always on and available for its clients, outages are not an option, and the cloud is commonly perceived as providing spotty service. Those of you who have Office 365 will know that this view is inaccurate. Of course, it depends on the quality of your office’s internet connection, but running on the cloud does not leave you more vulnerable to being hard to reach. According to Microsoft, Exchange Online – the cloud version of Exchange – has an uptime of more than 99.9 percent. This might even be an improvement compared to your existing email environment.

A switch to cloud systems can make privacy and compliance less of a burden. Depending on your IT setup, it will likely also mean more room for growth, less complexity, and lower costs.

If you are considering the cloud, opt for established vendors who answer to strict security standards and who can provide satisfactory answers to your concerns.