According to the American Bar Association's (ABA's) 2019 Legal Technology Survey, the majority of law firms (58%) have taken the leap into cloud computing. They are drawn in by cloud technologies' 24/7 access from remote locations, relatively low cost of entry, predictable monthly expense and comprehensive data backup and retrieval. However, firms still have some significant and legitimate concerns.

Current landscape

Cloud computing generally refers to web-based software or services. Rather than installing software on the firm's server or attorneys' individual computers or mobile devices, attorneys access the software or services through an Internet browser or mobile app. The data is processed and stored on remote servers, not local computers or hard drives.

The survey found that attorneys see the cloud as a fast and scalable way to use advanced legal technology tools without a substantial upfront capital investment in hardware, software and support services. Instead, they can take advantage of monthly, per-user subscriptions. Almost half of respondents also view other economic benefits — including eliminating IT support, avoiding software management and version update requirements, and quick start-up times — as important.

Cybersecurity concerns

Only about 30% of respondents cited "better security than I can provide in-office" as a benefit of cloud computing, while 65% of current cloud users identified "confidentiality/security" as their top concern. They also are worried about losing control of data (45%) and losing control over updates (25%). Among attorneys who have not adopted the cloud, concerns cited include confidentiality/security (50%) and loss of control (36%).

Yet, few attorneys seem to be doing much to protect their data. No more than 35% (down from 38% in the 2018 survey) of respondents are taking any one of 13 specified cautionary security measures listed in the survey question. The most used measure is secure socket layers (SSL), which is the use of encrypted links, followed by local data backups (27%, down from 36% in 2018), reviewing terms of service (27%, down from 34%) and reviewing ethical decisions on cloud computing (25%, down from 34%).

Only 23% evaluated vendor company history, despite the fact that 94% cited vendor reputation as important when selecting vendors. Four percent negotiated confidentiality agreements in connection with cloud services, and 5% negotiated service legal agreements.

As the ABA laments, this behavior makes little sense if attorneys' biggest concerns about cloud computing are security and confidentiality. It also raises questions about their ability to satisfy ethical requirements regarding technology competency.

Security steps

Law firms can take several steps to shore up their security and, in turn, their (and their clients') confidence in cloud computing, including:

  • Conducting a Comprehensive Risk Assessment
    Attorneys clearly harbor some fears about vulnerabilities; however, they cannot take appropriate measures to reduce vulnerabilities until they have identified the risks.
  • Establishing Appropriate Cloud Structures
    There is no one-size-fits-all cloud structure. (See the following Sidebar: “Hybrid and Multi-Cloud Computing are Here”). Attorneys should choose the appropriate structure based on the firm's particular needs, with, for example, some materials and aspects receiving heavier security than others.
  • Managing Access
    Require passwords to be changed regularly, install multi-factor authentication to log in, and grant different levels of access based on actual need. Administrative staff, for example, should have much more restricted access to confidential materials than attorneys. It is also critical to terminate access when employees depart and vendor relationships terminate.

Proceed with caution

Attorneys should look no further than businesses in other industries for evidence of the benefits of cloud computing. The question, ultimately, may not be whether to adopt cloud computing, but how to adopt cloud computing. This latest ABA survey makes clear that attorneys have significant steps to take in order to achieve appropriate levels of cybersecurity.

Sidebar: Hybrid and multi-cloud computing are here

While many firms have slowly transitioned into cloud computing, the field has swiftly advanced. For example, there are now several hybrid or multi-cloud computing options that enable firms to customize their experience.

Hybrid computing comprises separate public and private clouds, with data and applications shared between them. The public cloud component provides access to immense storage capabilities on a scalable basis, meaning law firms can increase or reduce depending on their current needs. Firms can use private clouds (hosted on their own servers) to store confidential and sensitive data.

Multi-cloud computing generally refers to using more than one third-party cloud service. It allows a firm to transfer vital workloads and applications to a functioning cloud if another cloud goes down. Moreover, multi-cloud computing facilitates a "cafeteria-style" approach. Firms can pick and choose among providers based on the features required for each application.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.