Most law firms today are considering whether to move to cloud solutions for their IT needs. An overwhelming number of law firms are either actively seeking cloud services or are in the midst of moving toward such a solution. Many partners and firms, however, remain unconvinced for a number of reasons. In most cases, there are two primary concerns, security and cost.
Of the two concerns, security seems to be the more important, with cost being a close second. To understand this, let’s start with a simple concept. What does “in the cloud” actually mean? Generally, it means your data is stored on a server that is accessible via the Internet. That leads us to some simple questions you can ask yourself about your firm.
1. Does anyone in your firm have a handheld device that receives email?
2. Does your firm allow users to work from home or remote locations?
3. Can your users get to the web via a browser – for example for legal research?
4. Has anyone at your firm ever had a virus on their computer?
If you answered yes to ANY of these, then let’s ask another question. Do you know where your system is now? Yes, that’s right: Your firm is ALREADY in the cloud. Unless your firm is extremely isolated – and almost nobody is – you are in the cloud now. There really is no other way to look at it. Having the ability to walk into a server room (or closet, or perhaps the kitchen!) and touch a server has nothing to do with being in the cloud.
If you are in the cloud now, then we must ask ourselves a new set of questions about where we want our system for security purposes.
1. How many dedicated IT staff do you have on security alone?
2. Do you have a locked server room?
a. Is it monitored by cameras?
b. Is it under guard 24×7?
c. Does it have a generator(s) in the event the power is out?
3. Is your firm’s network certified to meet common requirements such as:
a. HIPAA (health information security)
b. ISO27001 (security management system standard)
c. SSAE16 (security controls)
4. Is your system redundant to geographically diverse locations?
a. Are those other locations under the same standards?
5. Can you send encrypted email?
6. Is your data encrypted end to end?
These are simple, easy choices from a very long list. If your firm, for example, has banking clients, you may be required to meet some or all of the standards above and many more. For most firms, meeting all of these is difficult if not impossible. Even the largest firms find that meeting even the simple and common requirements is costly. Why are these requirements needed? Obviously it is because your network is in the cloud and it must be protected.
For a cloud based network, these questions are quite easy to answer, but we must first look at what a true cloud provider is. Often we find the “cloud” solutions being sold in the marketplace are not actually cloud solutions but rather data centers. There is nothing inherently wrong about this aside from the fact that firms who use those providers are wholly dependent upon them and the provider’s security policies. Often these will meet the more basic certifications such as SSAE16 or ISO27001 but not always. Thus if one of these hosting providers (notice I’m not using cloud provider) is being considered, then inquiries about security certifications, geographic redundancy and physical plant security are appropriate.
For a true cloud provider however, such as AWS (Amazon Web Services), Microsoft or Google, all of the various security criteria are met and many more. The largest provider in the world is AWS (by light years) and they also have the finest security in the world. It is a simple matter of going to the AWS site and examining their certifications to see that they meet anything a law firm might require. Thus by simply moving an on-premises network into the cloud, your security is dramatically increased.
So, if we agree that you are in the cloud now, then why not have proper security, redundancy etc.? The answer for your firm may be cost, so let’s look at that next.
The biggest issue with comparing a true cloud solution or even a hosted solution with an on premises network is gathering all the pertinent data. We are often asked to help firms do this comparison and we can often do it quite quickly when we have historical data available, but how do you add it all up?
Some firms do not care about security, or even best practices such as proper Disaster Recovery solutions. For these firms the value of either of these areas is lessened and often ignored – that is until either a user gets a virus or data is lost due to poor backup policies. When either of those things happen, partners tend to start noticing.
We also encounter firms that put little or no value on productivity, thinking that if the work gets done, why does it matter how efficiently it is completed? Again if this is the opinion of the partnership, then it is difficult to assess any value to productive users. At the same time, the largest single cost in just about any law firm is personnel, so this in fact should be the primary area of focus.
If we assume that these things ARE important, then how do we compare? It is still more difficult than you might imagine, but a simplistic way to do it is to add up the costs below and compare them over time to the cost of a cloud solution.
• Physical server, storage and peripheral equipment purchased and lifetime of those assets
• HVAC costs to maintain that equipment
• Backup and Disaster Recovery System costs
• Monitoring, updates and anti-malware ongoing costs
• IT staff to support these systems OR the portion of time used by staff to do so.
• Local PC lifetimes and costs for replacement
• Internal and outside IT support costs for server related issues
• Cost of Internet provider which may rise with a Cloud Solution for performance reasons.
If you add all of this up over the lifetime of these assets – which is generally 3 – 5 years depending on the firm – you have some feeling for your overall IT costs over time. It is a simple matter then to compare this with the monthly costs involved in a hosted or cloud network solution. We find that 9 times out of 10 when we do this comparison the costs are about the same.
Once you add in the intangibles such as mobility, work from anywhere, instant disaster recovery, dramatically reduced support costs for your users and 24×7 availability the cloud solution quickly out performs any local network financially.
To summarize, the cloud costs the same, is more secure (by light years) and offers significant intangible benefits. So why not move to the cloud? The answer to that can be recent investment in local equipment – thus timing is not yet right. It might be that the firm does not care about backup, mobility, user productivity and similar issues and simply wants the cheapest IT solution it can find. In any case, it is prudent to look at cloud solutions when the firm’s timing IS right. Security and cost can come off the table and you can decide which cloud offering is best for you.