Skip to content
Cloud computing

Law firm cloud computing: The role of security as both a barrier and a driver

The tide has turned for law firm use of cloud computing. More than one-half (51%) of the 79 Am Law 200 firms that responded to ALM’s 2015 Am Law-LTN Tech Survey answered “yes” when asked whether they use cloud computing.

Of the cloud computing use cases reported by Am Law firms, software as a service (SaaS) for e-discovery and human resources (62%) predominated over other use cases, such as email management (31%), storage (31%), billing (27%), IP practice software (27%) and productivity applications (27%). Firms that reported cloud computing use in the 2014 Tech Survey, reported they used cloud resources the same (35%) or more (65%) in 2015.

Although cloud computing has been available for many years, we’re only now seeing more law firms in the clouds than not – but no sea change. The ALM survey indicated the biggest challenges for law firms to shift computing resources to the cloud are allaying security concerns (86%) and providing firms more control over their data (61%). Compare a survey conducted by InsideLegal polling 1,282 members of the International Legal Technology Association (ILTA). Of the 14% responding, a majority found the cloud compelling for its flexibility and mobility offerings but had reservations for cloud security and the lack of integration with existing on-premise systems.

At 451 Research, we define cloud computing as externally delivered computer services hosted by third parties that support multi-tenant architectures, rapid provisioning, self-service and scalable and elastic computing resources. Although some enterprises are reluctant to embrace cloud computing because of perceived security considerations, 451 Research sees security as a principal driver to the cloud, with mobility requirements. As Gartner analyst Jay Heiser observed, “Cloud services are not only highly resistant to attack, but also are a more secure starting point than most traditional in-house implementations.”

Surveys conducted by 451 Research Voice of the Enterprise (VOTE) indicates enterprises are moving computer workloads from traditional, virtualized and dedicated infrastructure products to cloud computing, such as Infrastructure as a Service (IaaS) like Amazon® Web Services (AWS), and Platform as a Service (PaaS) like the Microsoft Azure cloud; and specialized application environments, such as SaaS. When VOTE polled 809 mid-level and senior managers, IT managers and staff professionals, in industries from government to retail with revenue from $1 million to $1 billion on which off-premise or cloud computing models they use: 50% of the 569 respondents indicated SaaS; 31% IaaS; 17% PaaS. Multiple answers were allowed.

The “best execution venue” (BEV) is used at 451 Research to refer to an infrastructure environment best suited to execute or run an application workload. A BEV may be selected from a comparative analysis of on-premise and cloud key performance indicators, such as application support, compliance, data sovereignty, ease of use, performance, price and security or other indicators deemed important by the firm and their clients. Often, 451 Research sees a BEV analysis driving workloads from traditional environments, such as on- premise and hosted infrastructure, to IaaS, PaaS and SaaS – all acquired or consumed with operational, not capital,  expenditures.

451 Research expects the compound annual growth rate (CAGR) for cloud computing in 2016 will be $21.9 billion, up from $16.9 billion in 2015. Our research indicates steady growth from 2017 to 2020, when we expect a CAGR of $44.3 billion for cloud computing. But not every law firm workload must be in the cloud. There may be tape libraries and legacy mainframe or microcomputer applications that last converted to a client-server architecture that may never leave an on-premise location. But most will; because enterprises and their legal departments will demand that partners and law firms work with them quickly, efficiently and in a secure fashion.

Cloud Computing Growth Rate 2015-2020

Cloud computing growth rate 2015-2020
Source: 451 Research

The overall demand for legal services continues to grow, reaching about $437 billion in 2015. But the demand for large law firm services has flattened in the last few years. Big Law legal work is going elsewhere: in-house and to alternative service providers and lower-cost firms.

Cloud resources can make lawyers more mobile and available to clients; enable meaningful collaboration in creating value…

In-house counsel have been pressured by their parent organizations to cut costs. They are keeping more work in-house, where they can control the cost and quality of work. Most chief legal officers indicate they are doing work formerly retained by outside legal counsel and other providers (Association of Corporate Counsel Chief Legal Officers 2014 Survey). When they outsource, technology is helping them assign discrete workloads to the most cost-efficient and proficient provider – often alternative service providers to Big Law.

How can Big Law respond to the changing legal market? Law firms can turn to the cloud as a BEV. Cloud resources can make lawyers more mobile and available to clients; enable meaningful collaboration in creating value, such as creating documents and sealing deals; keep client information confidential and secure – all while improving the firm’s operational efficiency.

Many cloud providers can provide the same or greater level of security than what the largest law firms can feasibly provide on premise. SaaS and managed service offerings supply different levels of data and infrastructure separation, i.e., degrees of multi-tenancy, albeit there is more multi-tenancy in public clouds, such as AWS and Azure. Most cloud providers can satisfy SOC 2 audits that evidence policies, communications, procedures and monitoring that directly correlate to the availability, confidentiality, privacy, processing integrity and security of data. Unauthorized access to data is ensured with encryption, multifactor authentication, virtual private, intrusion detection systems and network tunnels. Cloud providers that own their own data centers have hardened physical systems in place to prevent unauthorized access, such as biometrically controlled doors, CCTV cameras and alarms. Many law firms find it difficult to meet cloud security levels due to the high capital expenditures and ongoing maintenance costs.

As lawyers become increasingly mobile, law-firm data can be readily available on tablets and smartphones. Rather than sitting behind a firm firewall, data consolidated in a cloud repository can gain value from on-demand access – or on client demand. Lawyers can exchange data efficiently and securely with clients and internal and external litigation teams, to mitigate spoliation risk and eliminate the need to return to the firm to transmit information to clients, partners and associates.

From the Tech Survey, Winston & Strawn observes that the total cost of ownership for their e-discovery services is best applied in-house and not in SaaS. But Fox Rothschild, Hinshaw & Culbertson, Lathrop & Gage, Seyfarth Shaw, Stinson Leonard Street and Vedder Price beg to differ and subscribe to managed and SaaS for e-discovery. Kelley Drye & Warren and Orrick are using a cloud-based document and email management system. Nixon Peabody is using a PaaS to give the firm flexibility in securely working with mobile devices.

The cloud computing will continue to gain traction for the legal industry as more law firms transition workloads from on-premise infrastructure to IaaS, PaaS and SaaS. After your firm conducts BEV analyses, rather than ask what can go to the cloud, better to ask what can’t.

Meet the author

Sean La Roque-DohertySean La Roque-Doherty
 is a 451 Research
analyst covering information governance,
compliance and electronic discovery. He is
licensed to practice law in California, the
District of Columbia and New York.



Images of Forum magazine

Read more from Forum Magazine in the Know 360 app

More answers