Cloud computing – delivering IT resources remotely via the web – has been a hot topic in legal IT for several years, and it has gained serious traction over the past 18 months. In common with other sectors that avoid early adoption of new technology, legal services providers interpret the term ‘cloud computing’ in several ways. This is partly due to perception, and partly confusion between public, private and hybrid cloud. Adoption ranges from purchasing particular cloud-based applications and services, or extra storage, in the cloud, to transferring a firm’s entire infrastructure to a cloud-based managed service.

Business environment

Legal services liberalisation has been key in terms of decision-making, as the business model of many commercial market entrants is based on technology that makes their offerings efficient and accessible. Early examples are Co-operative Legal Services, which uses Thomson Reuters’ MatterSphere (an on-premise matter management system) and Rocket Lawyer, which develops its own technology. These are not cloud products, but they highlight to law firms the value of technology in terms of market positioning and competitive advantage. Cloud vendors highlight their offerings as cost-effective and scalable resources funded out of Opex (operating expenditures) rather than Capex (capital expenditures) – allowing firms to purchase their IT rather like paying a utility bill.

In late 2012, the Legal IT Professionals (LITP) website conducted a survey of attitudes to cloud computing across the legal sector globally. In her introduction to the survey report, Nicole Black observes that, because cloud computing is relatively new in the sector and IT represents a significant investment, the rate of adoption is potentially difficult to measure – firms could be considering cloud as a possible option when their legacy software is due for renewal.

The LITP survey explored the attitudes of different stakeholders in legal technology. The findings revealed that users – in this case lawyers – were keener on cloud computing than IT directors, who were more risk-aware and perhaps risk-averse. The immediate interpretation was that cloud computing supports the popularity of mobile and remote working – giving access to software from any location and any device, thereby also supporting the growing trend of firms offering bring your own device (BYOD) options.

Nigel Stott, IT director at Clarion Solicitors in Leeds, presents a slightly different perspective – here particular departments sign up to cloud offerings that suit their needs. It is, however, important to retain overall control. Stott explains why we are not hearing about ‘buy your own software’ as an exciting new trend. ‘If departments sign up to different services that support their practices, the IT function needs to be involved to deal with system integration and support issues,’ he says, so it is not a matter of bypassing the IT department in favour of ‘BYOS’.

There is still scepticism about the cloud, enhanced by the recent collapse of managed services cloud provider 2e2, whose administrators asked clients to pay extra fees to recover their data. Stuart Walters, IT director at Taylor Wessing, says 2e2’s collapse was caused by financial issues rather than anything associated with cloud computing. It is, he stresses, a risk associated with doing business in a difficult market, rather than a risk associated with cloud computing. Historically, law firms have been resistant to change and slow to adopt – and adapt to – technology developments. But it could be that legal IT is experiencing a sea change.

Small steps

What applications are firms moving to the cloud? Although the options range from extra data storage to individual applications such as email management, through to major software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS) outsourcing, many firms are taking small steps.

It often starts with communication. Email in the cloud does not seem such a big risk because email is sent via the internet. More recently and perhaps driven by consumerisation – not in terms of BYOD but rather people using applications privately and becoming familiar with them – firms are increasingly looking at voice over internet protocol (VoIP) (corporate versions of Skype such as Microsoft Lync) to replace internal phone systems. Both Walters and Ben Weinberger, director of IT and facilities for Bond Pearce (about to become Bond Dickinson), are trialling Lync.

Other choices are a result of the proliferation of new devices across firms and users. At Clarion, Stott has introduced Yammer, a social network aimed at enterprises, as an internal communication system, replacing multiple channels with a single, two-way communication platform that users can access from any device or location. Private use of file-sharing applications such as Dropbox is popular, but this raises security issues for law firms. Stott is trialling Citrix FileShare, which, among other features, gives lawyers a secure way of taking documents to court on their iPads. New products are being launched in response to a growing demand for secure enterprise file-sharing applications. Nikec Docstore, which was designed specifically for the legal sector, is available as a secured cloud solution with security criteria including ISO 27001 compliance, multi-layer encryption and a UK datacentre.

Benefits and risks

The main advantages of cloud are greater business agility and flexibility. Cloud services do not have the same setup issues as solutions; on-premises systems are up and running very fast. They are scalable and transcend geographical separation, supporting merger and acquisition activity and subsequent integration, and enable firms to open and close offices in different locations quickly in response to client demand. Another major advantage for users is that cloud computing supports mobile and flexible working.

These benefits, which sometimes but not always include cost, may outweigh the risks, so long as firms look beyond service-level agreements (SLAs) and consider operational and continuity issues. Following the sudden collapse of 2e2, its clients had to pay to access data – if they had not backed it up elsewhere. Stott observes that backup is a crucial element of a firm’s business continuity and disaster recovery strategy. ‘A firm’s onsite systems and data are generally backed up at an offsite data centre,’ he observes. ‘So it follows to back up offsite data and software onsite.’

Frank Jennings, a partner at DMH Stallard who advises on cloud computing contracts, explains that any firm using a managed service provider would be exposed to similar third-party risks. ‘If a firm puts all its data in one location – either onsite or with an external provider – the data is at risk if anything happens to that building or provider,’ he explains. ‘For example, if 2e2 was running a firm’s master copy and its backup copy, the firm would lose access to the data. So a firm that does not want to run its own server room and is looking to move its systems to the cloud should consider an escrow arrangement where a third party holds a backup copy of the data, or of the live environment, depending on what it has in the cloud, and how much it is prepared to spend. If one provider holds the master copy and another holds the backup copy, then if one gets into difficulty the firm still has a copy of the data. However, this is effective only if the backup copy is up to date. The natural progression is to have a live fail-over with a third party, which involves significant cost.’

The alternative is to have a hybrid arrangement whereby the third-party cloud provider runs the IT and every week, every day or every hour (depending on the frequency required) the firm is provided with a backup to store at its premises. In that way the firm would not require an expensive IT infrastructure; it would simply have to maintain one server or a mechanism to keep a backup copy on premises. This seems so straightforward it is surprising that so many firms do not have a usable data backup.

‘In that situation, if anything happens to the cloud provider, there is no need to pay for access to the data as there is a usable backup copy on premise,’ explains Jennings. Moreover, the issue is money. The more frequent the backup, the more it will cost. Furthermore, if a firm is moving to the cloud to save money, the easiest way for a provider to offer a competitive price is not to provide backup, fail-over (an automatic backup system) or live security. ‘Ultimately, if you want a resilient, secure system, you have to pay for it,’ adds Jennings.

Quality standard

Jennings chairs the code of practice governance board for the Cloud Industry Forum (CIF), which promotes transparency, capability and accountability. He has written best practice guidelines that strike a balance between cloud providers and customers. There is no international standard for cloud computing, so the CIF represents something like a quality standard for reputable cloud vendors.

Having established that cloud-based data storage and managed services are no less secure than on-premise systems, what should firms look for when considering a cloud provider? ‘It is easy to switch to the cloud, but important to consider how to move data and services back from the cloud or change cloud provider,’ suggests Jennings. If it is simply storage, you do not have much choice over terms and conditions. If a business buys extra storage from Amazon Web Services, the contract terms are not in its favour.

However, if it is a bespoke, hybrid or private cloud, the customer has a greater say in the contractual relationship. In both situations, there is no reason why the customer should not be able to migrate out.

Jennings highlights some contractual considerations that underpin genuine flexibility and cost-effectiveness:

  • A legal lock-in whereby the customer has signed up to a minimum-term contract which includes the provider’s ability to increase prices. It is important to look at the commercial terms of the contract, and whether price increases are built in and there is the ability to terminate the contract on that basis.
  • A proprietary lock-in whereby the system or functionality makes it difficult to move to a competing provider. If the vendor is providing bespoke software or functionality, there could be a problem getting the same service elsewhere.
  • A psychological lock-in where people feel that changing the provider will create problems. This runs counter to the benefits of cloud computing, which revolve around flexibility. In this case, it is important to look at the migration terms. Does the provider undertake to assist with migration and what charge is involved?
  • Other considerations include security and business continuity, including backup arrangements and knowing where your data resides, as these affect your rights and compliance obligations.

Established vendors and new entrants

Despite convergence in legal IT, with larger vendors having acquired much of the competition, there are new entrants to the market with interesting cloud-based offerings that range from entire systems to specialist applications. The latest are based on Microsoft platforms. Peppermint Technology is based on Microsoft Dynamics CRM and brand new cloud supplier Ad Coelum (Latin for ‘to the sky’) is based on Microsoft Azure. Many software suppliers offer a choice between on-premises solutions and cloud-based SaaS.

Ahead in the cloud

Dean Mostert, IT director at Stephens Scown, which has 230 users based in three offices in Devon and Cornwall, shifted his firm’s entire system into the cloud. The decision was driven by the need to replace its practice management system and infrastructure. It was also client-driven. Data security, disaster recovery and business continuity regularly appeared in tender documents. ‘Clients need to know that they can access data, and that our service will not be disrupted,’ he says.

Mostert decided that a fully hosted service would best support his strategy for getting the best use and value out of the software. There are PCs and a router onsite. The only other hardware onsite is a local print server controlled via the cloud. However, the virtual desktop is not obvious. When users log in, their PCs run scripts that take them straight to the log-in page. ‘Most users have no idea that the whole system resides in a datacentre near Telford,’ he adds.

A common criticism of cloud services is dependence on internet connectivity. Mostert got around this by deploying a private cloud. ‘We have a dedicated point-to-point link to the datacentre with a fixed bandwidth that allows all our users to connect at the same time. It is scalable and can be increased at will. The backup link is delivered via different technology and there is an automatic failover.

Mostert needed to find a vendor. He was looking for a partnership, so focused on working directly with datacentre suppliers. ‘Resellers tended to oversell solutions,’ he says. ‘I saw immediately that the datacentre would dictate the solution.’

Moving to the cloud meant relinquishing control of the firm’s IT infrastructure. Mostert realised that some software applications would not conform. ‘I needed to feel confident that the supplier would work with me to overcome this,’ he says.

While the main advantages of moving to the cloud include a single centralised system, scalable resources and speedy software deployment – the recent Office 2010 upgrade took just one day – routine user support proved to be a significant challenge as cloud SLAs tend to focus on disaster recovery and resilience. Realising that helpdesk support is business-critical because it directly affects client service, Mostert negotiated with his supplier, e-know.net, to strengthen this aspect of the service.

For Mostert, the shift to cloud has transformed roles within his team. ‘We are developing our practice management system, building new workflows and gaining efficiencies, and we have replaced our on-premise helpdesk with an in-house trainer.’

Specialist cloud-based systems allow firms to compete effectively with commercial legal services providers. Epoq cloud-based document assembly software supports volume and online work, and enhanced self-service options that enable firms to compete with new market entrants on efficiency and flexibility. Its white-label cloud-based software allows firms to offer online document drafting services on their websites. Nothing is hosted on the law firm’s servers. The software is hosted by Epoq. Richard Cohen, chairman and co-founder of Epoq, highlights the importance of onsite backup. ‘Epoq retains all data for law firms that use its software. Everything is segregated. Nobody can access anybody else’s data.’

However, firms need to understand that unless they capture their data from the cloud and store it in their own case management system, there could be difficulties in relation to their responsibility to the client. ‘We give firms the tools to extract data,’ says Cohen. ‘Lawyers can fold the document into different formats, including Word, PDF and RTF – and file it in their case management system, but if they don’t do it, there could be problems. That is not the cloud provider’s responsibility. A good cloud provider should provide a mechanism for the firm to capture the document and undertake to protect client data and documentation. Obviously the law firm needs to have a contract with the provider, but this does not mean that the firm is not responsible for capturing and storing it for the required time.’

Neil Barnett, product manager for hosting and cloud at Daisy Group, agrees that cloud is not an all-or-nothing decision or one that is irreversible. He believes that 2013 is the year of the hybrid cloud, with firms testing the water as their server contracts come up for renewal. There are various possible combinations, for example firms are combining cloud applications with onsite data, or purchasing data storage in the cloud but retaining major applications onsite. Like Cohen and Jennings, Barnett emphasises the importance of compliance and making sure you know where your data resides. Daisy Group’s datacentres are based in the UK.

At last, cloud is becoming a standard option in legal IT with many well-established systems and applications offering parallel cloud and on-premise solutions.

Managing the change

Change management is a key issue. ‘People often forget the cost of change and moving away from legacy systems, processes and ways of working,’ says Stott. ‘Most users have no idea where the datacentre is. It is important to sell change into the business.’

Cloud computing is a strategic tool, therefore it is essential for the IT department to maintain a certain level of control over the devices and applications that are used across the firm – for security, compliance and risk management. In terms of management it is about deciding to relinquish some controls while retaining others. The right choices for the firm’s size, profile, culture and stakeholders can underpin, or even represent, a firm’s competitive advantage by supporting its business agility in a shifting and challenging market. That is why cloud computing is here to stay.

Joanna Goodman is a freelance journalist and editor of Legal IT Today