Several months ago I was asked by a partner to review the privacy policies and terms of service for a number of consumer cloud storage providers and to rank them according to how well they met his requirements based on firm policies, ABA missives, and a handful of other relevant opinions about client confidentiality and the cloud.  Long story short, they all failed miserably.  None of them came close to meeting the “requirements”.  

The partner was hoping to be able to tell his fellow attorneys that the firm doesn’t approve of consumer cloud storage for client related information, however, if you are going to use a consumer solution for “personal information” we recommend provider X.  My pessimistic report made even that a difficult statement.  Still hoping to salvage something from this conversation he asked a follow-up question. 

“Do any of these services provide anything close to the level of security we have in email?”

Had I sipped my coffee a second earlier I surely would have showered my office with stale joe.

“Excuse me”, I said, “Could you ask that again?”

“Attorneys send client confidential information all the time via email, so do any of these services come close to meeting the standards for email security?”

That’s what I thought he meant.  I broke the news to him slowly, explaining it this way. “I wouldn’t put anything in consumer cloud storage that I wouldn’t leave in a file folder on the front seat of my locked car.  But, I wouldn’t put anything in an email that I wouldn’t write on the back of a postcard and hand to a stranger on the street to mail for me.  The least secure of these consumer cloud storage solutions is many, many times more secure than a standard unencrypted email.  In fact, some of them have much better security protocols than your average law firm.”

The partner was flummoxed.  “Then what’s the big deal about this cloud thing?”

I was reminded of this incident when I attended the ILTA conference a couple of weeks ago.  In the vendor hall I saw a lot of vendors pushing their cloud-based SaaS solutions and a lot of firms saying, “Sorry, we have to host all of our own data.”  Typically the vendor went on to explain the value of allowing them to host the data. The product is constantly monitored, backed up, and securely encrypted in transit and at rest.  The product and mobile apps are updated multiple times a day. They simply can’t provide such a high level of service if you insist on hosting the product behind your firewall.  

These conversations went back and forth for a long while.  I never once heard a cloud vendor acquiesce and say, “Well, OK. We’ll let you host it yourself.”   Chances are good that if you host their service, you will have a less than ideal experience.  And if you have a less than ideal experience, they will have to spend a lot of time and money to make you happy, which will eat into their profits.  They would rather not have you as a customer at all, than to have you be a less-than-completely-satisfied customer.  It seems some vendors have learned a lesson that many law firm’s have not: not all revenue is profitable. 
Taken together I think these incidents are representative of a larger paradigm shift. Traditional IT services, even the big traditional Legal software vendors, are moving to the cloud.  Attorneys will eventually figure out how to work with the cloud and still meet their ethical obligations, or they will just get used to the risks and ignore them like they have with email in the last 20 years.  The ABA will eventually make some coherent and unambiguous statements about the acceptable use of cloud services. And all of these will come together at the same time that firms begin to realize the economic benefits of not supporting an entire service infrastructure in-house.

Once that happens law firms will look back on all of the sturm und drang surrounding the Cloud, Software as a Service, and the Consumerization of IT, and they’ll wonder what all the fuss was about.  They’ll probably also wonder what all those nice people who used to run their network are doing now.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Ryan McClead Ryan McClead

Ryan is Principal and CEO at Sente Advisors, a legal technology consultancy helping law firms with innovation strategy, project planning and implementation, prototyping, and technology evaluation.  He has been an evangelist, advocate, consultant, and creative thinker in Legal Technology for more than…

Ryan is Principal and CEO at Sente Advisors, a legal technology consultancy helping law firms with innovation strategy, project planning and implementation, prototyping, and technology evaluation.  He has been an evangelist, advocate, consultant, and creative thinker in Legal Technology for more than 2 decades. In 2015, he was named a FastCase 50 recipient, and in 2018, he was elected a Fellow in the College of Law Practice Management. In past lives, Ryan was a Legal Tech Strategist, a BigLaw Innovation Architect, a Knowledge Manager, a Systems Analyst, a Help Desk answerer, a Presentation Technologist, a High Fashion Merchandiser, and a Theater Composer.