This article was written by Joe Kelly, CEO of Legal Workspace, and published in Colorado Lawyer.
Whether attorneys are hanging their shingles or working at large firms, information technology (IT) is probably not their highest priority. Most lawyers would rather focus on practicing law than worrying about technology. Nevertheless, IT plays a vital role in the business of law today.
Complicating matters is the growing necessity for practices to support mobile devices and a virtual workforce. At the same time, firms must also ensure security and compliance with professional obligations and regulations, such as the Colorado Rules of Professional Conduct and the Health Insurance Portability and Accountability Act of 1996 (HIPAA). When transitioning to new IT systems, attorneys and staff often want to continue using their favorite software programs, which may come from different providers and may not be legal-specific.
Those at larger law firms can usually let the IT department worry about such logistics. However, attorneys at small or mid-sized firms do not have the luxury of a large IT staff—if they have any IT staff at all. Consequently, lawyers are left to figure these things out, even if the sheer number of issues to consider when setting up or reimagining IT seems overwhelming.
It is helpful for small to mid-sized firms to think in terms of three main options when it comes to IT:
1) keeping IT onsite;
2) adopting a hybrid mix that involves some cloud-based solutions with some onsite hardware and software; or
3) being fully cloud-based.
When considering which approach to take, lawyers should evaluate its cost, security, and convenience, as well as the amount of time it will take away from their practice to manage each option. Although three options are listed in this article, not all options are an exact fit for every law firm.
The Onsite Approach
The onsite approach is the most traditional IT route, simply because technology has not allowed for many other options until the past decade or so. With this approach, firms set up and maintain all of their IT infrastructures at the law firm.
Cost of Onsite IT
Conventional wisdom holds that medium and large law firms will benefit the most from onsite IT. Solo attorneys and small law firms can often function in a peer-to-peer based environment without a server. However, many of today’s leading legal applications use SQL Server as their backend database. An attorney who selects one of these legal applications will need to purchase and install a server for the application to function.
Setting up onsite IT is an involved process that can easily cost thousands of dollars a year for each staff member. The firm will need to (1) purchase and configure servers for data applications, backup, and security; (2) purchase and configure software programs (e.g., a Windows server, the email server, practice management applications, and time and billing systems); and (3) purchase and set up hardware, including computers, laptops, mobile devices, and Bluetooth devices.
Unless lawyers are intimately acquainted with IT and have the time to devote to it, law firms will find the need to hire IT consultants to help with initial setup and configuration. The initial labor costs can easily reach $1,000 per staff member. Additional consultant costs may arise for ongoing maintenance, unless someone at the firm can dedicate significant time to maintaining and troubleshooting hardware and software issues. As the firm grows and adds more personnel, someone at the firm will need to oversee licensing additional software, buying more hardware, setting up additional email accounts, and ensuring compliance standards are met.
Security of Onsite IT
Many lawyers assume that high security is inherently linked to the onsite approach because the law firm maintains complete control over the files and systems, including how they are stored and shared. However, when software is housed within the firm, it must be updated continuously to make sure that systems are as secure as possible. This means that someone must be available to run patches, checkups, antivirus software, and other tools to ensure that systems are not vulnerable to malware and hacking.
With an onsite approach, the firm must also consider backup plans and disaster recovery solutions. Backup plans should take into account how to host the backup at another site in the event of a natural disaster, fire, gas leak, or other circumstance that makes the firm’s office inaccessible.
Firms also need to consider where they are most vulnerable. According to the IT security firm Trend Micro, hacking and malware account for 25% of all data breaches, while lost devices account for 41% of data breaches. That means that firms need to consider how they can remotely wipe any devices that lawyers and staff have lost or misplaced.
Trend Micro further warns that data breaches caused by hacking and malware tend to be highly sophisticated and deliberate: “Highly customized defense solutions and strategies are required in these cases.” Firms need to decide whether to install consumer firewalls or enterprise firewalls. Enterprise firewalls may be more thorough than consumer firewalls, but they can also be more expensive and complicated to operate. And unless the firm is large enough to warrant a dedicated IT staff member, the firm will need to pay for special training on a regular basis.
Finally, if any of the firm’s clients and their information calls for HIPAA compliance, the firm will need to add additional layers of security. Complying with HIPAA comes with very specific and often costly requirements around physical, technical, and administrative safeguards. Failing to comply with these safeguards can lead to penalties in excess of $1 million per year.
Convenience of Onsite IT
An onsite server is highly convenient because all hardware and software is located just down the hall. As a result, it’s easy for staff and attorneys to check on anything that goes wrong.
However, unless someone at the firm is an IT expert, it will be difficult to fix most problems that arise. That means that the firm will have to bring in an IT consultant to handle serious issues. Along with the added expense, someone at the firm will need to take time away from legal projects to work with the IT consultant. The firm will also lose billable time and productivity while hardware and software problems are being addressed.
A Hybrid Approach
A hybrid approach encompasses onsite IT functionalities and the advantages of specific cloud-based software to support practice management, billing, and other areas.
Cost of Hybrid IT
This approach can be more cost-effective than an onsite system, since cloud-based software and applications normally run on a subscription model based on the number of users (e.g., software licenses for each user) or the amount of storage needed. The manufacturer normally handles all upgrades and patches automatically. This option and the subscription model are often more affordable than buying software licenses.
When considering which programs to host onsite and which to base in the cloud, the firm should consider its current software and processes. The ratio of cloud to onsite applications will affect costs. Firms will also need to spend more time and money managing multiple vendors when some programs are cloud-based and others are managed within the firm.
Because the main goal of leveraging technology at a law firm is to increase efficiency, progress usually involves connecting and automating different parts of a firm’s work flow. This becomes very difficult in a hybrid model. For example, a firm may use a cloud version of a non-legal-specific bookkeeping system and want to link it with the accounts receivable from a time and billing system. Some systems on the market cannot support this approach.
Security of Hybrid IT
The security of hybrid systems depends on the types of cloud-based applications and software that the firm is using. Many cloud-based apps and software offer built-in security contingencies, such as automatically installing the latest updates to address vulnerabilities and potential viruses.
However, attorneys need to be aware that common cloud-based apps or software, such as Google Drive or Dropbox, often have data storage facilities around the world, which might prompt data ownership questions. If the firm’s data resides overseas, it raises the question of who actually owns it. Therefore, when considering cloud providers for any type of information storage, attorneys have a responsibility to find out where their data will be stored. They need to feel confident that their data cannot be lost or stolen and understand who physically owns it.
Reliability and security are also major concerns with mainstream cloud-based services. Amazon Web Services (AWS), one of the world’s largest cloud providers, has been known to stop working on occasion. In September of 2015 roughly one-third of AWS services were down for an excess of five hours. Since the services can support a variety of items such as backup and recovery, websites and business applications, an interruption can impact a law firm’s ability to access critical client files or billing information.
Convenience of Hybrid IT
Most cloud-based software and applications enable mobility, allowing staff and attorneys to access information from anywhere at any time. A hybrid approach is also easier to scale up with solutions that grow as the firm grows and adds more staff.
The Cloud-Based Approach
With this method, all IT needs are handed off to a cloud-based third party. This third party sets up, configures, launches, and maintains hardware and software, allowing the firm to forego servers and backup devices.
Cloud-based solutions normally use one of three ways to configure a law firm’s IT:
1) managed cloud computing platform;
2) desktop as a service; or
3) private cloud computing.
The first approach, managed cloud computing, enables firms and other organizations to share databases, hardware, and software remotely through the provider. With managed cloud computing, law firms can purchase entire virtual servers or parts of cloud servers.
With the desktop as a service model, law firms can utilize virtual desktops that are highly customizable and run from the cloud. Users’ data is downloaded and uploaded to and from the cloud when users log on and off.
The private cloud computing option is similar to the managed cloud computing with one major exception: In private cloud computing, law firms do not share hardware with other companies or industries. A private cloud IT system allows law firms to maintain confidentiality and privilege when handling sensitive data on behalf of clients.
Costs of Cloud IT
When outsourcing entirely to the cloud, regardless of the configuration, law firms usually pay for a subscription-priced service that often offers a lower–entry price point compared to paying for onsite IT. Subscription based services are priced per person and normally include the programs the firm needs to operate its practice, along with IT support.
Typically, cloud providers offer a place for the firm to install an operating system and then build up its IT based on that foundation. Semi-customized programs typically include a desktop built on a Windows-based platform, MS Office, file storage, and antivirus protections. From there, firms can add their legal-specific programs of choice, such as practice management, document management, and document automation systems. This model tends to provide greater stability for the IT budget because the firm will not accumulate unexpected IT costs.
Security of Cloud IT
While all cloud providers tout their security protocols, not all of them understand the unique requirements of those in the legal industry. That is why law firms should consider a cloud-based provider that focuses on the legal industry and offers private servers with enhanced security measures, such as enterprise-grade firewalls, intrusion detection/prevention systems, and dual-factor authentication.
Firms should also look for the physical security of the data center that hosts the firm’s information (e.g., keycard access and biometric identification) and immediate disaster recovery that is enabled by a secondary site. That means that even if the firm’s office is destroyed, or one database supported by the cloud provider is compromised, attorneys and staff will only be one login away from accessing their information.
Convenience of Cloud IT
Cloud IT can be the most convenient approach, as the law firm has to spend little to no time managing IT. With this model, attorneys spend more time practicing law and the staff is able to focus on supporting the firm’s needs.
For small and mid-sized firms, there have never been more options for IT, ranging from systems that are completely hosted onsite to those that reside solely in the cloud. Attorneys should consider factors such as cost, security, and convenience, with the ultimate goal of selecting an approach that enables them to spend less time on IT and more time on their clients and law practices.