August 01, 2016 Feature

Where Is Your Network Now? (Hint: It’s Already in the Cloud)

Doug Hafford

Most law firms today are considering whether to move to the cloud for their IT needs. An overwhelming number of firms are either actively seeking a cloud solution or are in the midst of moving toward such a solution. Many partners and firms, however, remain unconvinced for a number of reasons. In most cases, there are two primary concerns: security and cost.


Of the two concerns, security seems to be the more important, with cost being a close second. To understand this, let’s start with a simple concept. What does “in the cloud” actually mean? Generally it means your data is stored on a server that is accessible via the Internet. This leads to some simple questions you can ask yourself about your firm:

  1. Does anyone in your firm have a handheld device that receives e-mail?
  2. Does your firm allow users to work from home or remote locations?
  3. Can your users get to the web via a browser—for example, for legal research?
  4. Has anyone at your firm ever had a virus on their computer?

If you answered yes to any of these, then let’s ask another question: Do you know where your system is now? Yes, that’s right: Your firm is already in the cloud. Unless your firm is extremely isolated—and almost nobody is—you are in the cloud now. There really is no other way to look at it. Having the ability to walk into a server room (or closet, or perhaps the kitchen!) and touch a server has nothing to do with being in the cloud.

If you are in the cloud now, then you must ask yourself a new set of questions about the security of your system:

  1. How many dedicated IT staff do you have on security alone?
  2. Do you have a locked server room?
  3. a. Is it monitored by cameras?

    b. Is it under guard 24/7?

    c. Does it have a generator(s) in the event the power goes out?

  4. Is your firm’s network certified to meet common requirements such as:
  5. a. HIPAA (health information security)?

    b. ISO27001 (security management system standard)?

    c. SSAE16 (security controls)?

  6. Is your system redundant to geographically diverse locations?
  7. a. Are those other locations under the same standards?

  8. Can you send encrypted e-mail?
  9. Is your data encrypted end to end?

These are simple, easy choices from a very long list. If your firm, for example, has banking clients, you may be required to meet some or all of the standards above and many more. For most firms, meeting all these requirements is difficult if not impossible using an on-premises system. Even the largest firms find that meeting the simple and common requirements is costly. Why are these requirements needed? Obviously, it is because your network is in the cloud and it must be protected.

For those firms using a true cloud provider, these questions are quite easy to answer, but we must first look at what a true cloud provider is. Often we find that “cloud” solutions being sold in the marketplace are not actually cloud solutions but rather data centers. There is nothing inherently wrong about this aside from the fact that firms using these providers are wholly dependent on them and the provider’s security policies. Often these will meet the more basic certifications such as SSAE16 or ISO27001—but not always. Thus, if your firm is considering one of these hosting providers (notice I’m not using the term “cloud provider”), then inquiries about security certifications, geographic redundancy, and physical plant security are appropriate.

For a true cloud provider, however, such as AWS (Amazon Web Services;, Microsoft (, or Google (, all the various security criteria are met and many more. The largest provider in the world is AWS—by light years—and it also has the finest security in the world. It is a simple matter of going to the AWS site and examining its certifications to see that they meet anything a law firm might require. Thus by simply moving your on-premises network to the cloud, your security is dramatically increased.

So if we agree that you are already in the cloud now, then why not have proper security, redundancy, etc.? The answer for your firm may be cost, so let’s look at that next.


The biggest difficulty in comparing a true cloud solution or even a hosted solution with an on-premises network is gathering all the pertinent data. How do you add it all up?

Some firms do not care about security, or even best practices such as proper disaster recovery solutions. For these firms, the value of either of these areas is lessened and often ignored—that is until either a user gets a virus or data is lost owing to poor backup policies. When either of these things happen, partners tend to start noticing.

Some firms put little or no value on productivity, thinking that if the work gets done, why does it matter how efficiently it is completed? Again, if this is the opinion of the partnership, then it is difficult to assess any value to productive users. At the same time, the largest single cost in just about any law firm is personnel, so this, in fact, should be the primary area of focus.

If we assume that these things are important, then how do we compare? It is still more difficult than you might imagine, but a simple way is to add up the on-premises costs and compare them over time to the cost of a cloud solution. On-premises costs include:

  • physical server, storage, and peripheral equipment purchased and lifetime costs of those assets;
  • HVAC (i.e., climate control) costs to maintain that equipment;
  • backup and disaster recovery system costs;
  • ongoing monitoring, updates, and anti-malware costs;
  • dedicated IT staff to support these systems or the portion of time used by general staff to do so;
  • local PC lifetimes and costs for replacement;
  • internal and outside IT support costs for server-related issues; and
  • cost of an Internet provider, which may rise with a cloud solution for performance reasons.

If you add all this up over the lifetime of these assets—which is generally three to five years depending on the firm—you get some sense of your overall on-premises IT costs over time. It is a simple matter, then, to compare this with the monthly costs involved in a hosted or cloud network solution. Nine times out of ten, the costs are about the same.

Once you add in the intangibles such as mobility, the ability to work from anywhere, instant disaster recovery, dramatically reduced support costs for your users, and 24/7 availability, the cloud solution quickly out-performs any on-premises network.


To summarize, the cloud costs the same, is more secure (by light years), and offers significant intangible benefits. So why not move to a complete cloud solution? The answer to this can be recent investment in local equipment—perhaps the timing is not yet right. It might be that the firm does not care about backup, mobility, user productivity, and similar issues and simply wants the cheapest IT solution it can find. In any case, it is prudent to look at cloud solutions when the firm’s timing is right. At that point, security and cost can come off the table and you can decide which cloud offering is best for you.

Doug Hafford

Doug Hafford is founder and CEO of Afinety, Inc., a full-service IT solution for law firms. He is responsible at Afinety for consulting and network design, client relations, and sales and marketing. He writes for many legal-specific publications regarding small business IT strategies.