September 26, 2019
How Cloud Costs and Security Concerns Influence Law Firms’ Migration Strategies
Legal organizations should talk through anticipated expenses and the risks associated with moving data to the cloud or storing it on-premises.
Here’s a winning argument in any court: By migrating all or some of their infrastructure to the cloud, law firms can avoid costly capital expenditures, gain faster access to technology resources and have greater flexibility to respond to changing technology needs.
For those reasons, most firms are no longer grappling with the question of whether to move to the cloud, but rather how many systems will make the migration — and the larger the practice, the more complex that decision becomes. For instance, many midsize or large firms may end up adopting a hybrid approach, using some public cloud services while maintaining sensitive data or mission-critical apps on-premises.
Although there are several factors to consider when nailing down a cloud migration strategy, two of the most important relate to anticipated costs and security concerns. Here’s why:
How Your Law Firm Is Structured and Manages Its Finances Matter
When you move from an on-premises data center to the cloud, you’re also shifting a big chunk of your IT spend from capital expenditures to operating expenditures. The lower up-front investment for OPEX can prove an advantage for firms that may lack the resources or the desire to invest in infrastructure.
Instead of building out a new data center to serve the firm for another three to five years, a firm can simply pay for cloud services as it needs them. This also removes the need to anticipate future growth and avoids overprovisioning, as cloud infrastructure can be scaled up or down as needed.
But running in the cloud isn’t always cheaper. It’s very easy for users to spin up services they aren’t fully utilizing or forget to turn them off. While uploading data to the cloud is usually free, providers will charge you fees when you want to download it. Production systems that are running most or all of the time are typically costlier to operate when you’re paying per CPU cycle or per gigabyte.
If you fail to closely monitor your cloud OPEX costs, it could prove to be more expensive over the long run.
Protecting Sensitive Data Is Complex, Any Way You Slice It
Perhaps the biggest reason some law firms are hesitant to move to the cloud is concern over privacy and security. Besides the need to protect client confidentiality, many firms deal with a wide range of sensitive and highly regulated data, such as medical, employment, immigration or financial records.
But this is where perception tends to blur reality. When you look at the history of major data breaches and successful attacks over the past five years, nearly all of them affected private firms maintaining their own data. They had failed to keep their systems up to date, or they had set up a cloud service with an inadequate security profile.
The truth is that your data is much more vulnerable when you’re managing it yourself. Security is inherently complex. If you have data in 20 locations, that means you may have 20 firewalls to manage, along with 20 intrusion detection and other security systems. Making a single companywide policy change requires touching each of those systems. Unpatched vulnerabilities account for 60 percent of data breaches, according to the Ponemon Institute.
The big cloud vendors have much greater security expertise than private entities, and all are certified compliant with federal data governance standards. There’s also a growing market of cloud access security brokers that can not only help secure cloud applications but also monitor use and enforce firmwide policies.
Long-held perceptions are slowly changing. According to the American Bar Association’s “2018 Legal Technology Survey Report,” slightly more than 30 percent of firms said they adopted cloud solutions in part because they offer greater security than the firms could provide on their own.