This is the latest in a series of articles, initially published in The Global Legal Post, on various technical themes in language which can be understood by those who prefer to use technology rather than immerse themselves in it.
Cloud has long since transitioned from hype to reality but some law firms still struggle with the idea of moving away from on-premise systems they can see and hug to something they don’t control.
Why do these objections still exist when so many organisations are embracing the benefits of having companies like Amazon and Microsoft host their data securely? Some of these fears reflect a regulated environment where lawyers are rightly concerned about the guardianship of their clients’ data and this needs to be addressed by assessing relevant options and filtering out any that do not provide appropriate assurances and safeguards.
Beyond the technical considerations for access, scale and security, the biggest barrier that we observe today is that of cost. If the objective for looking at cloud is to save costs then don’t waste your time and effort, simply renew the server licences and keep the operations staff employed.
Cloud services (fully costed against all like-for-like hardware, software, staff, buildings, backups and such) may provide savings for the first few years but, over time, continued subscription costs are likely to outweigh the on-premise equivalents. However, this is not a straight comparison. As systems evolve, changes will increasingly happen on cloud first and ultimately may only happen in the cloud.
Also consider here that, like leaks in a roof, cyber attacks tend to find the weakest point and it is more likely to be an internally maintained system than one that is hosted and managed by an organisation whose entire business is focused on cloud security and reliability.
All of this ongoing evolution and additional protection comes at a price but one that should be weighed against the likelihood that the hosting and management of systems will become increasingly difficult for law firms which, even at their largest, have relatively small IT operations when compared with the corporate behemoths that many of them serve.
Service level agreements
Once you have chosen your cloud service and have budgetary approval, you will need to sign on the dotted line. Cloud vendors have always been reluctant to negotiate their service level agreements (SLAs), saying in effect that this is the product: ‘You’re taking a room at our hotel, this is what it looks like and we can’t change it’. As the big cloud vendors get more powerful in the market, their contract terms are hardening. You see this particularly with terms around liability – where a direct loss (only) general liability cap of 12 months’ fees is emerging as market practice.
The contract documentation can be complex and you can end up with several sets of terms all forming part of the agreement – master agreement, order form, statement of work, specific cloud terms per product, separate terms for professional services and the ubiquitous data protection addendum. Be aware too of ‘nested’ terms – link upon link from one contract document to the next – and vendors’ rights to change the terms at any time if they wish.
Contract lifecycle points to watch out for include business continuity and getting your data back. A longer contractual commitment will get you lower prices, but in many cases you won’t be able to get out early for convenience without paying the balance of the contract fees.
Data protection issues in the cloud context continue to take up a lot of time in negotiations. If your cloud vendor is a processor (as they mainly claim to be), you’ll have to build in GDPR-compliant controller – processor clauses. If data is going to the US or India, for example, you’ll generally have to include the right set of standard contractual clauses. International transfers, particularly those involving the US, are an area of growing challenge.
Many buyers start off with an on-prem system but want the flexibility of being able to move to the cloud during contract lifecycle. This can present issues, but the golden rule is to negotiate the post-migration cloud terms at the outset if you can. Reconciling on-premise system costs (typically, one-off upfront software licence fees, professional services fees for the implementation and annual support fees of around 20% of the software fees) with in-cloud costs (annual subscription fees with support wrapped in, professional services fees for the migration and new hosting fees) can be challenging to manage, but customers are best placed to get better terms if they’re negotiated at the start of the relationship.