Legal-specific applications are being offered in what is often referred to as “cloud” versions. The technical term for this delivery model is called Software-as-a-Service ( SaaS): a service using full or partial functionality of the software at a low monthly or annual fee on a per user or per firm basis.
The benefits of cloud-based applications for law firms are plentiful and many firms are adopting this innovative technology. Some benefits of cloud-based applications are:
- Having the flexibility to work remotely
- Low upfront costs
- Minimal IT infrastructure to manage
- Minimal to zero downtime for software updates/upgrades (without affecting the use of employees’ workstations)
For many legal professionals, however, “going cloud” presents many uncertainties surrounding data security and privacy which must be addressed prior to choosing the right solution.
When choosing a cloud-based application, law firms not only need to know where their data will reside, but also should familiarise themselves with data privacy laws in the jurisdiction where the application is being hosted. While many cloud-based applications use Amazon Web Services (AWS) and Microsoft Azure as their hosting partners, several others will only disclose their hosting partners under a NDA. The following are considerations law firms must take into account when choosing a cloud-based application:
Security and Privacy
The cloud-based application provider and the hosting partner must follow a strict policy when it comes to data security and privacy. Physical and logical access rights to the server environment, for example, must be included in all polices. Any concerns are typically mitigated if the hosting providers are certified in specific data privacy and security industry standards, such as SSAE16 SOC2, PCI-DSS (for applications that process credit card transactions) and HIPAA (for applications that collect and store patient healthcare information or PHI). As a legal professional, it is imperative to obtain evidence that the cloud application provider and the hosting partner both comply with strict data security and privacy policies.
Due to data privacy laws, the physical location of the cloud-based application and its hosting partner is critical. Since countries have their own unique data privacy laws, some jurisdictions’ data privacy laws are more lax than others. A law firm must be aware of who has legal access to their data and under what circumstances their data is accessible by certain groups or individuals. While there are jurisdictions with strict data privacy laws which restrict public authorities to access data stored on the cloud, there are others which allow direct access, regardless if it is for lawful purposes or not. A law firm must take into account what data privacy laws it is bound to when choosing a SaaS solution. Having knowledge of the hosting partner’s location, therefore, is essential.
With the myriad of legal cloud-based applications available today, it is easy to get distracted and inadvertently ignore the issue of data security and privacy. Being cognisant of the security policy and data privacy laws a firm is bound by when selecting a cloud-based application is as important as the features it offers. Adoption of legal cloud-based applications will continue to increase: law firms must perform their due diligence and look beyond the features when selecting a solution. Moreover, knowing which applications work well on the cloud, which should stay on-premise, deploying a private cloud to host on-premise applications or a combination of these solutions is vital.
Please do not hesitate to contact us if you wish to discuss legal applications, cloud, data security and privacy with one of our consultants or subscribe to our blog to stay up to date on related topics.
To see our other articles relating to cloud and your law firm, click here.