Cloud environments have become a mainstay of business operations across multiple verticals. According to a 2020 survey conducted by the American Bar Association cloud adoption in the legal industry has lagged behind with cloud usage staying flat from 2019 to 2020 at 58%. The report also found that consumer cloud services were more popular than so-called dedicated legal cloud service applications however the benefits of cloud-based applications for law firms are plentiful. and many larger firms now taking the lead in adopting this innovative technology.
Some benefits of cloud-based applications are:
- Having the flexibility to work remotely
- Low upfront costs
- Minimal IT infrastructure to manage
- Minimal to zero downtime for software updates/upgrades (without affecting the use of employees’ workstations)
For many legal professionals, however, “going cloud” presents many uncertainties surrounding data security and privacy which must be addressed prior to choosing the right solution. When choosing a cloud-based application, law firms not only need to know where their data will reside, but also should familiarise themselves with data privacy laws in the jurisdiction where the application is being hosted. While many cloud-based applications use Amazon Web Services (AWS) and Microsoft Azure as their hosting partners, several others will only disclose their hosting partners under an NDA. The following are considerations law firms must take into account when choosing a cloud-based application:
Security and Privacy
The cloud-based application provider and the hosting partner must follow a strict policy when it comes to data security and privacy. Physical and logical access rights to the server environment, for example, must be included in all policies. Any concerns are typically mitigated if the hosting providers are certified in specific data privacy and security industry standards, such as SSAE16 SOC2, PCI-DSS (for applications that process credit card transactions), and HIPAA (for applications that collect and store patient healthcare information or PHI). As a legal professional, it is imperative to obtain evidence that the cloud application provider and the hosting partner both comply with strict data security and privacy policies.
Due to data privacy laws, the physical location of the cloud-based application and its hosting partner is critical. Since countries have their own unique data privacy laws, some jurisdictions’ data privacy laws are laxer than others. A law firm must be aware of who has legal access to their data and under what circumstances their data is accessible by certain groups or individuals. While there are jurisdictions with strict data privacy laws which restrict public authorities to access data stored on the cloud, there are others that allow direct access, regardless if it is for lawful purposes or not. A law firm must take into account what data privacy laws it is bound to when choosing a SaaS solution. Having knowledge of the hosting partner’s location, therefore, is essential.
With the myriad of legal cloud-based applications available today, it is easy to get distracted and inadvertently ignore the issue of data security and privacy. Being cognizant of the security policy and data privacy laws a firm is bound to in selecting a cloud-based application is as important as the features it offers. Adoption of legal cloud-based applications will continue to increase: law firms must perform their due diligence and look beyond the features when selecting a solution. Moreover, knowing which applications work well on the cloud, which should stay on-premise, deploying a private cloud to host on-premise applications or a combination of these solutions is vital.
Please do not hesitate to contact us if you wish to discuss legal applications, cloud, data security, and privacy with one of our consultants or subscribe to our blog to stay up to date on related topics.
To see our other articles relating to cloud and your law firm, click here.