Simply put, cloud computing is the delivery of software, data access and data storage through the Internet. A third-party vendor, such as NextPoint or Clio, provides much of the IT infrastructure, so instead of a firm providing its own servers, storage, maintenance, support and security, the vendor manages all these components, and users access the programs and data through the Internet.

Cloud computing allows users of mobile devices — smartphones, laptops, netbooks, tablet computers — to access from anywhere information traditionally accessible only on office computer hard drives and local networks. One benefit of cloud computing is its ease of use. Traditional software can be overwhelming, often confounding users and requiring training. Cloud-computing applications often have simple, easy-to-use interfaces.  Traditional software requires constant updating and patches which can be disruptive because of changes in how the software is being used. Traditional software also can be costly. Ignoring updates in traditional software can be hazardous because they are often necessary to work with new operating systems or to fix problems.

On the other hand, upgrades and patches in the cloud are handled by the vendor, and the cost of upgrades and patches in a cloud environment is rolled into the monthly fee. Cloud vendors can respond quickly and seamlessly to bug reports. Cloud applications are usually operating- system independent, meaning that law firms are free to use any version of Microsoft Windows, Mac OS, Linux, Unix or any other operating system without worrying about compatibility.

Cloud computing can be substantially cheaper than traditional systems.  Traditional software often requires large capital investments with vendors generally charging a named user or concurrent licensing fee. Law firms incur additional costs for maintenance and support. More costs can be incurred to add or remove licensed users because licensing may not be transferable.

The cloud does not present these challenges. In essence, law firms rent software through the cloud instead of purchasing it — an arrangement called software as a service, or SaaS. Instead of requiring firms to maintain software licenses for each application, cloud computing generally requires only a Web browser, such as Internet Explorer or Safari. SaaS programs are priced on a per-user, per-month basis; they rarely include an implementation fee; and no additional hardware is necessary.

Maintenance and support costs — considered operating costs — are included in the monthly fee. Traditional software also may require costly hardware, such as a server, to function properly. Cloud computing diminishes the need for hardware with large hard-drive capacity and fast processing speeds (which can be expensive). For most small legal offices, this will be a clear benefit. However, if a law firm needs very large amounts of data, the money spent over time on cloud computing may approach the amount spent on traditional systems. While most fee-based, cloud-computing vendors offer generous storage space, the vendor may charge extra if users exceed their monthly or total storage cap.

Cloud computing generally requires access to consistent, high-speed Internet. Although some cloud computing applications have an offline version, like Evernote and NetDocuments, law firms with inconsistent Internet access are not good candidates for cloud computing.

Be aware of the security offered by the cloud provider. Ask questions. In a traditional non-cloud office setting, security breaches, data corruption or bugs are confined to a law firm’s local IT environment. In the cloud, these matters are beyond a law firm’s immediate control.

For example, vendors may outsource data storage to a separate company, making it necessary to know the security policies of not only the vendor but also the storage provider. Ensure that client and personally identifiable information is encrypted in transit and in storage. Know who has access to the data. If there is a security breach, whose responsibility is it to notify the end user? Is the responsibility the vendor’s as well as the storage provider’s?

Another security concern is reliable backup of the data in the cloud. Storage providers such as Amazon and Rackspace offer co-location of data, SAS 70 certified security, and many other fail-safes. These vendors often can provide significantly more security and backup than a small law office.  Another risk to consider is the potential dissolution of the vendor. If the vendor goes into bankruptcy or insolvency, access to and storage of a firm’s data becomes an issue. Vendors can provide law firms with local copies of their data to mitigate this risk. Availability of local copies of data should be a priority when choosing a cloud vendor.
Conversely, if a law firm decides to end its relationship with the cloud vendor, what happens to the firm’s data? Eventually the vendor will close the account and users will no longer be able to access the interface that allows them to read, enter and manipulate data. Again, ensure that the firm can keep a local copy of data so that migration to another vendor is an option.

Some cloud-computing vendors, like Google or Dropbox, offer free applications. However, the confidentiality of client data is at greater risk if a firm, or its members, choose to use free cloud services. Many free products often do not assume liability for lost data, and, in some cases, do not assert rights to the data itself. Vendors of free services often make data available to advertisers and third parties. Vendors of free services also assert the right to discontinue the service at any time.

With any cloud service, law firms should carefully read the terms of service, as well as the privacy policy. If a cloud vendor is served with a subpoena, will it notify the user before handing over the data? Law firms that must comply with regulations, such as requirements of the Sarbanes- Oxley Act or Health Insurance Portability and Accountability Act, should make sure those requirements can be met when using a third-party vendor.

Cloud computing allows users to access information from anywhere. But as with any access to sensitive data, users should be wary of accessing cloud-computing applications on a free, open wireless network, such as at a Starbucks, or on a shared, public computer, such as in a library. Always check that the connection is secure. Look for “https” in the browser address bar; otherwise, it is very easy for others to gain access to the information sent through an open wireless network.

Cloud computing is appealing because it reduces IT expenses relating to hardware, support, maintenance and configuration. The cost to be up and running is significantly minimized. It works on a variety of platforms and on most devices. It is built for a mobile workforce and often gets better buy-in from users who do not care to spend time getting trained on complex software. In some cases, the security supplied by the vendor exceeds that of a small firm. Lawyers considering the cloud need to make purposeful, informed decisions on the vendors with whom they work. Consider the sensitivity of the data first and foremost, evaluate the practice and its clients, do due diligence on the company — including engaging experts when needed — and perform a thorough cost analysis.  You might find that the benefits of the cloud outweigh the risks.

Lastly, consider attending the LSBA's Solo and Small Firm Conference (Feb. 25-26, 2016; Hyatt Regency NOLA).

Carefully examine all technology before buying, whether it’s SaaS or traditional. Consider asking these 20 questions of any SaaS vendor before committing your data to their hands. Vendors that aren’t willing or able to answer these questions should be treated with caution.

1. Do you offer a trial period or demo of your product?
   
2. What training options are available for customers?
   
3. What kind of documentation (e.g., knowledge base, product manual) is available for your product?
   
4. How often are new features added to your product?
   
5. How does your software integrate with other products on the market, especially products in the legal market?
   
6. How many attorneys are currently using your product?
   
7. What hours is your tech support available?
   
8. Do you offer a Service Level Agreement (SLA) and/or would you be willing to negotiate one?
   
9. What types of guarantees and disclaimers of liability do you include in your Terms of Service?
   
10. How do you safeguard the privacy/confidentiality of stored data?
    
11. Who has access to my firm’s data when it’s stored on your servers?
    
12. Have you (or your data center) ever had a data breach?
    
13. How often, and in what manner, will my data be backed up?
    
14. What is your company’s history — e.g., how long have you been in business and where do you derive your funding?
    
15. Can I remove or copy my data from your servers in a non-proprietary format?
    
16. Where does my data reside — inside or outside of the United States?
    
17. What happens to my data if your company is sold or goes out of business?
    
18. Do you require a contractual agreement for a certain length of service (e.g., 12 months, 24 months)?
    
19. What is the pricing history of your product? How often do you increase rates?
    
20. Are there any incidental costs I should be aware of?