Industry analysis from Intapp: A brighter day for cloud
The article was originally featured as an industry analysis in the April 2017 issue of Briefing magazine, download Briefing.
Law firms have been understandably cautious in their approach to cloudbased services – taking a wait-andsee approach as technologies are tried, tested and proven.
However, there are many signs that the winds have changed. In 2016, 62% of the 440 firms responding to the ILTA technology survey reported that adoption of cloud-based solutions was now “increasingly likely” – up 11 percentage points from 2015.
In the shadows
What’s behind this shift? There are many reasons. Certainly, lawyers’ demands and the problem of ‘shadow IT’ – unauthorised routes to meeting them – are undercurrents that no firm’s IT department can afford to ignore.
Today it’s easier than ever for individuals to set up their own cloud services accounts. Whether it’s a client who offers to make a file available via Dropbox, or a colleague who suggests creating a file on Google Docs to make it easier to collaborate on a project, temptations abound for employees who should know better.
There are many strategies for clamping down on unauthorised technology use and mitigating the associated risks. At the same time, many IT leaders are trying to understand the motivations for individual users to ‘go rogue’. The reasons often come down to convenience and ease of use.
A big part of the challenge for IT is to ensure that the services they offer are convenient and easy to use, and that all staff are aware of – and fully trained on – the systems available to them.
In addition, many IT departments are now incorporating cloud-based applications in certain areas, and/or offering lists of ‘approved’ cloud services that employees are authorised to use. By thoroughly reviewing cloud services vendors, and establishing policies around how employees use these applications, IT can help to manage security, confidentiality and other risks, and ultimately enforce compliance.
A CIO we spoke to recently said that he even welcomes requests from partners to evaluate new web-based applications and mobile apps on a regular basis. If employees’ suggestions are listened to, and they’re involved in a formal evaluation process, they become more aware of the review criteria and considerations in selecting the right applications for the firm.
Clients calling for cloud
There are also clear signs that a growing number of corporate law departments and their law firms are more comfortable in trusting cloud services providers with their sensitive data – particularly as ‘best-of-breed’ solutions become available in more key areas.
For example, although some clients have clear outside counsel guidelines that limit the storage of their data in the cloud, in other instances it’s the clients themselves that are requiring firms to use certain cloud-based services.
Many enterprises today require invoices to be submitted electronically via web-based services such as eBillingHub. In other cases, clients – themselves recognising the need for improved file sharing, collaboration and a clear audit trail of which files were accessed, and when – are requiring firms to use document management services such as Box.
The growing maturity, security and sophistication of cloud-based services also means that firms are more confident in formally offering cloud-based collaboration to their clients via services such as HighQ.
In other words, the cloud offers more than just efficiency or expediency. Some firms are already using cloud services strategically to offer a highly differentiated experience to their clients.
Safe passage? Of course, security concerns have loomed large on the horizon for law firms, which are regularly targeted by hackers for access to sensitive client information. In the aforementioned ILTA survey, 44% of respondents reported that security concerns have been a barrier to cloud adoption at their firms.
In parallel, however, there is growing awareness of the advanced security controls that cloud infrastructure providers can provide. In another survey – the ILTA/InsideLegal technology purchasing survey, a quarter of respondents cited security as one the most compelling reasons to embrace cloud-based technologies.
Many cloud service providers regularly undergo security audits and work to adhere to strict security standards such as ISO 27001.
Firm IT departments are also becoming more savvy in evaluating cloud services from a security point of view.
In evaluating cloud applications, it’s important for IT to understand the security controls put in place by the vendor. How secure are the APIs and interfaces? Does the vendor carry out rigorous threat modelling, code reviews and penetration testing? How are system vulnerabilities uncovered and patched?
Firms are also developing a stronger appreciation for how a shared security model between cloud services providers and IT should work to defend against data breaches and minimise risks.
Security measures such as multifactor authentication, encryption and identity management – essential tools in any IT arsenal – are all the more critical in a cloud environment.
Centralised access management, and ongoing training and education of employees, are also critical in a world where the biggest vulnerabilities flow from the behaviour of end users – whether their intentions are overtly malicious, overly trusting or merely careless.
Saving days
In a world where clients are putting a lot of pressure on firms to reduce costs, the cost savings that come from using cloud services are another significant part of their appeal.
Both firms and their clients can cut capital expenditures and operating costs over the long term when they reduce the numbers of onpremises servers they need to purchase and maintain. And firm and in-house IT departments are increasingly focused on adding business value beyond simply ‘keeping the lights on.’
At the same time, firms are understandably concerned about whether this cost saving comes at the expense of reliability and performance.
For cloud infrastructure providers, such as Amazon Web Services, maintaining maximum uptime – and minimising the impact of service outages when they do occur – are another key focus. The top infrastructure as a service (IaaS) providers compete on the basis of 99%+ availability, as well as 99%+ durability – the ability to restore data after a fault has been corrected.
The popularity of high-availability cloud-based email management services such as Mimecast, is also helping to propel firms to the cloud. The 2016 ILTA survey found over half of firms reported using cloud-based high-availability (HA) email services or a combination of cloud-based and onsite HA solutions for email.
Reliability and performance are key advantages of using cloud applications such as Intapp Open and Intapp Time. Indeed, cloud-based applications enable vendors to innovate faster and implement software updates and patches as soon as they become available. Costly upgrades that take months or years can be a thing of the past.
Change in the atmosphere
Whether your firm is considering a dramatic shift from an on-premises-only IT infrastructure to a ‘cloud-first’ strategy, or pursuing a pragmatic move to the cloud application by application, it’s clear that the atmosphere has changed significantly.
Adopting cloud services provides organisations with the ability to be more agile, flexible and efficient. It can also enable them to allocate IT resources to other initiatives – focusing internal staff on more strategic security roles, or positioning IT as a catalyst for firm-wide improvements in process efficiency – delivering greater business value, faster.
Most importantly, the cloud can help to free those IT resources to contribute more directly to innovation in terms of client services.
But as a provider committed to offering firms a choice – cloud or on-premises – Intapp looks forward to helping firms navigate the journey ahead, whichever way the wind blows.
