Have you heard about cloud computing? Perhaps anyone in the business and legal fields are all aware of what this computing technology is all about. This however is still a developing technology, which makes it threatening and quite challenging to understand for those who are technically challenged. Can this technology deliver substantial improvements to the legal profession? And how can a firm prepare to migrate to cloud computing? Let’s take a look how.
Cloud Model and Legal Framework
Let’s begin with the basic concept of cloud computing. In this model, the applications are accessed locally but are hosted in another location, normally the data center of the cloud provider. These data centers provide greater processing power and better security as compared to investing on an on-site server and setting up your own IT department. Cloud computing relies on hardware virtualization in storing and securing sensitive data that law firms have.
Now, would an off-site storage be acceptable for those in the legal profession? Preserving client confidentiality is one of the highest ethical obligations of any lawyer, so those who are not clear how security is implemented on cloud platforms may think twice. So far, there is no official guidance coming from bar associations when it comes to cloud migration. Until such a guideline exists, it is understandable for law firms to take a cautious stand.
However, such a stand must also be weighed in comparison to the benefits delivered by specific services for the implementation of cloud technology like fast access to available information and support for various mobile computing platforms including smartphone for example.
Evaluation of Technology
Since there is a lack of legal guidance, law firms can evaluate and prepare for migration by assessing their foremost concern which is data security. Although this is critical, such an evaluation must coincide with other factors that will help them come up with an acceptable, profitable, and viable decision. Consider the following questions:
- What are your business requirements? This should be the primary factor to consider because unless cloud computing can significantly improve your process, not amount of security protocols would matter. Shifting to the technology for the sake of just adopting what is the latest may not be a sound business judgement.
- Does the provider cater to your market? This is where you evaluate the experience of the cloud provider in relation to the field of business you are in. For example, if you are in the legal profession, you would definitely want a cloud provider familiar with the requirements of your profession to give you a leg up on your competition. This goes with providing your law firm with the necessary support services it may need with a clear understanding of your legal obligations.
- What is the encryption level used? This may be a bit technical, but this actually helps you understand how your files will be protected before they are transmitted to the end user. In line with this, you must know who can get the encryption key to make the data useful.
- What are the details of the service level agreement? This should clearly spell out the obligations of the vendor as it relates not only to data security but also server up time, support response time, and consequences for failing to meet these obligations.
- Who can access the data? It is necessary to define to whom and what are the circumstances that would allow the vendor to reveal the user data. The Terms of Service should state whether the data can be shared freely or certain policies like a need for a subpoena for example would be necessary before such data is revealed. The provider must also inform the client before any user data is released.
- Where will the data be stored? The truth is that only a number of cloud providers have their own data centers. For those in the law profession, if the chosen provider is renting from third-party data centers, make sure that you look into the policies of service between the provider and the data center.
- What is the level of access allowed for employees of the data center? When too much access is granted, the possibility of security compromises greatly increases. This is especially true when data center employees are not completely satisfied with their working environment. Then the use data becomes vulnerable to outside hackers.
Basically these are all the things you need to consider before heading to cloud computing. Being in the law profession you are already aware that nothing should be assumed and everything must be in writing.