Seeing through the cloud
It is now almost a truism to say that “cloud computing” – the provision of computing and data storage resources by a third party over an internet connection – can offer attractive benefits, from reduced IT capital expenditure costs to software features which may previously have been beyond a business’s reach.
But, particularly in a legal services environment, the approach also brings potential risks which must be managed. These pitfalls are both regulatory and commercial in nature, but all require a solid understanding of the technology itself, if they are to be avoided.
Paul Motion, partner with bto solicitors, chairs the Law Society of Scotland’s Technology Subcommittee, which is currently working with cloud providers, law firms and in-house counsel to agree a set of guidelines for firms procuring cloud services.
“The Society recognises there is a need for guidance, given the various commercial pressures in the market – including the introduction of ABS – but also pressure from some cloud providers claiming they have this magic bullet”, he said.
“The Society’s regulatory role means it’s in a good position to provide this guidance. There are a number of pressing quality assurance considerations, as well as law firms’ overriding duty to client confidentiality.”
Traps for the unwary
George Blair of Denovo Business Intelligence is one provider who has been working with the Society on the best practice guideline.
“We recognise the concerns in the event of a disaster recovery situation, but as long as the practice and supplier adhere to these procedures, the fears are alleviated and there can be no data security issues”, he said. “At Denovo we recognise that data is 100% our clients’ property and access is always guaranteed.”
Bill Maxwell of cloud provider Minerva Business Solutions agrees there is a significant section of the profession which lacks the in-house IT expertise to make the best decisions.
“There are a lot of firms who are already pretty IT-savvy, who are not going to walk into these things blindly,” he said. “But at the other extreme, there are plenty who are still using freebie email addresses – they don’t even have a proper web presence. With these guys, I’m worried they would walk into situations which could cause them all sorts of problems.
“It’s not even necessarily the case that they’re falling foul of unscrupulous providers. Office 365, Google Docs, Azure: they’re all perfectly reputable, but they’re not necessarily set up to meet the specific needs of law firms. There are serious questions around the US Patriot Act and client confidentiality; for example, can you as a firm put your hand on your heart and say nobody can access your client data when you know there’s a possible loophole?”
Such jurisdictional worries have emerged as key when it comes to protecting client data. In the past six months, Google and Microsoft have acknowledged that, as US companies, they may be required to hand over data held on European servers to US intelligence services, with the former reported as having already done so.
It therefore seems likely that the geographical and jurisdictional arrangements of the provider – and, crucially, the data centres it uses – will be a core focus of the guidelines.
Industry input
Even when working with entirely EU-based providers, there is an understandable trepidation around the idea of entrusting client data to a third party. At a recent Society round table discussion in Edinburgh, questions were raised over the portability and recoverability of data, in the event of a disaster or a breakdown in the client-provider relationship.
Carol-Anne Welsh, a solicitor with Morisons, welcomes the Society’s effort to bring in IT industry representatives, who she says provide a vital technical perspective on such questions.
“The legal profession perhaps tends to focus on the wrong things,” she said. “For those of us with a background in technology, a lot of the questions being raised around email, for example, are a bit of a non-issue. We’re all using email already and any given message will inevitably get pinged around the world in the course of transmission.
“A far more pressing practical issue is getting a good service level agreement – one which meets the specific needs of the profession – and ensuring your own connectivity is reliable, so you can access the data when you need it.”
With input from a broad cross-section of IT experts, law firms and other interested parties, the Technology Subcommittee is well on the way to distilling the many issues raised by the cloud into a single set of guidelines, expected later this year. It is hoped this will provide much-needed reassurance to firms, as well as a checklist for providers wishing to work with the profession.
Warren Wander, managing director of LawWare and LawCloud, concluded: “The Society is leading the way for other professional bodies. It sends out a message that it understands the challenges cloud poses to the profession, as well its competitive benefits. Otherwise, it’s not until firms start having bad experiences that they would start asking these important questions.”
In this issue
- The role for pro bono
- Rectifying trusts – a Scottish perspective
- Squeezing capital claims
- The many faces of mortgage fraud
- Welcome break or cause for concern?
- Opinion
- Reading for pleasure
- Book reviews
- Council profile
- President's column
- Beware what you register
- Justice inside and out
- Auto-enrolment: are you prepared?
- Power and authority
- Refining the message
- Seeing through the cloud
- Don't drag out child cases
- Up to the job?
- Permanence changes
- LGPS: sea change again
- Scottish Solicitors' Discipline Tribunal
- ILG takes on risk
- Real burdens revived
- Practical limitations
- CPD: how to comply
- Law reform update
- The learning curve
- Ask Ash
- Inside story
Additional
