Most people use many cloud applications daily in their personal lives, from Gmail to Dropbox to Netflix. In large business enterprises, the average number of cloud applications used by each employee is 36.
In the legal profession, it’s still a much different story. The very slow pace of growth continues. That’s not the big news. In 2019, the biggest concerns from the ABA 2019 Legal Technology Survey were the poor—and worsening—cybersecurity approaches lawyers are taking to the use of cloud applications.
The terms “cloud” and “cloud computing” have become much more familiar to lawyers in the last few years, but there can still be some confusion about definitions and acronyms. In the enterprise IT world, you will find public, private, and hybrid clouds, and many flavors of “as a service”: software (SaaS), infrastructure (IaaS), and platform (PaaS), to name the three most common.
To keep it simple, the 2019 Legal Technology Survey has focused on the basic concept of a “web-based software service or solution,” including SaaS. In practical terms, you can understand cloud computing as software or services that can be accessed and used over the internet using a browser (or, commonly now, a mobile app), where the software itself is not installed locally on the computer or phone being used by the lawyer accessing the service. Your data are also processed and stored on remote servers rather than on local computers and hard drives. Cloud applications might also be referred to as “web services” or “hosted services.”
Cloud services might be hosted by a third party (most commonly Amazon or Microsoft) or, more commonly in the legal profession, by a provider running its services on Amazon, Microsoft, or another cloud data center provider. It’s also possible, though unlikely, that a law firm could host and provide its own private cloud services.
The cloud approach has become quite popular in the business world (e.g., Salesforce.com, BaseCamp, Microsoft Office 365, LinkedIn, Facebook, and Slack), and for individuals (e.g., Dropbox, Gmail, and Evernote). There are also a growing number of legal-specific cloud services, such as Clio, Rocket Matter, NetDocuments, Practice Panther, MyCase, TimeSolv, and many more.
The 2019 Survey results again show lawyers still moving much more cautiously to the cloud than the rest of the business world. The 2019 Survey reports that cloud usage bumped up very slightly, up to 58% in 2019 from 55% in 2018. Those not using cloud services dropped slightly—from 33% to 31%. The “Don’t know” category decreased slightly to 11%. Solo and small firms continue to lead the way in cloud adoption at around 60%, with the lowest reported adoption in firms with 50-99 lawyers (44%).
The 2019 Survey highlights a major concern that, while lawyers talk the talk about security concerns in cloud computing, to a shocking degree they do not walk the walk. The poor results in the cybersecurity category should be a major concern for the profession. If you take only one thing from this TECHREPORT to add to your 2019 technology agenda, it should be to up your game on cloud security, for your sake and, even more so, for the sake of your clients.
The key cloud computing benefits have remained constant over the years. Lawyers and law firms see the cloud as a fast and scalable way to use advanced legal technology tools without the need for a substantial upfront capital investment in hardware, software, and support services. Cloud services are generally made available in the form of a “subscription,” with a periodic fee (typically monthly) per user.
A popular example of a cloud service is Dropbox, a cloud service for file storage and sharing, that many lawyers report that they are already using. The standard Dropbox business account currently costs $150 per user per year. Many traditional software providers have moved to cloud models and offer hosted versions of their products, joining a large number of companies that focus solely on the cloud. The EXPO Hall at ABA TECHSHOW 2019 again had a noticeable increase in the number of exhibitors with cloud products over prior years.
Despite slow growth and wariness of lawyers, cloud computing appears to be moving toward becoming a standard approach in legal technology, with more than half now using cloud services.
- Cybersecurity may be reaching a crisis point in lawyers’ use of cloud services. There were significant drops in the use of very standard cybersecurity practices. Although lawyers say that confidentiality, security, data control and ownership, ethics, vendor reputation and longevity, and other concerns weigh heavily on their minds, the employment of precautionary security measures is quite low, with no more than 35% (down from 38%) of respondents actually taking any one of the specific standard cautionary cybersecurity measures listed in the 2019 Survey question on the topic. Seven percent of respondents reported taking NONE of the security precautions of the types listed. Only 41% of respondents report that the adoption of cloud computing resulted in changes to internal technology or security policies. These are troubling numbers.
- Cloud usage grew only slightly from 2018 to 2019, from 55% to 58%. Solos and small firms continue to lead the way.
- Despite some reservations, lawyers continued to use popular consumer cloud services like Google Apps, iCloud, and Evernote at higher rates than dedicated legal cloud services. Clio and NetDocuments ranked the highest among the legal cloud services.
- Lawyers are becoming more familiar with cloud technologies and are attracted by anytime, anywhere access, low cost of entry, predictable monthly expenses, and robust data backup. Notably, almost 30% indicate that cloud services provide the benefit of giving greater security than they can provide on their own.
- Concerns about confidentiality/security and lack of control lead the worry list by a wide margin. Almost 94% of lawyers rate the reputation of the vendor as important in their decision-making process.
- The 2019 Survey results also suggest that client-focus is not a driving factor for lawyers using and considering the use of cloud computing. The consideration of client needs, expectations, and desires should be a key target area for innovative lawyers and firms.
- Solos, small firms, and medium-sized firms have higher cloud usage than large firms. These results might reflect a lack of familiarity with the tools used in large firms or the dependence of large firm lawyers on IT departments.
- Only 8% of respondents indicated that they expected to replace an existing software tool with a cloud tool in 2018. 48% have no plan to do so and 40% don’t know.
- A third of lawyers are at firms with extranets. Extranets are used primarily for firm lawyers (91%) and much less likely for clients (36%).
1. Cybersecurity: At a Crisis Point?
Although lawyers have a lot of concerns and wariness about cloud services, especially security, confidentiality, and control issues, their reported behavior about precautionary measures simply does not reflect what they express their level of concern to be. In fact, the results are shocking and reflect little, if any, positive movement in the past year or even in the past few years. The lack of effort on security has become a major cause for concern in the profession.
Of 13 standard precautionary security measures listed in the 2019 Survey, the measure most commonly used was used by only 35% (using secure socket layers aka SSL) of the respondents. Given the emphasis on data privacy in 2019 because of the European Union GDPR and “hacking” by state actors, the jaw-dropping decrease from 38% to 28% of respondents reviewing vendor privacy policies is alarming. The next most widely-employed precautions were making local data backups (27%, down from 36% in 2018), reviewing Terms of Service (27%, down from 34%), and reviewing ethical decisions on cloud computing (25%, down from 34%). Would lawyers recommend that their clients take these approaches?
The numbers only get worse from there.
A meager 17%, down from 30% in 2018, sought advice from peers and only 23% evaluated vendor company history, despite the stated importance of vendor reputation (94%) in selecting vendors.
At the very bottom of the results are things that lawyers should do quite well. A mere 4% negotiated confidentiality agreements in connection with cloud services, and, in the next to last place, only 5% negotiated service legal agreements (SLAs). Using data escrow was in the last place (1%). If security and confidentiality are lawyers’ biggest concerns about cloud computing, does this behavior make any sense in an era of state-actor intrusion concerns? What questions does this raise about meeting technology competency requirements?
2. Usage Numbers
The percentage of the 2019 Survey participants answering “Yes” to the basic question of whether they had used web-based software services or solutions grew slightly, from 55% to 58%. 31% said “No,” a small decrease. “Don’t know” responses stayed roughly the same at 11%. Solos (59%), small firms of 2-9 lawyers (61%), and mid-sized firms of 10-49 lawyers (59%) continued to lead the way in usage. Larger firm “Yes” responses ranged from 44-53%. These overall results, however, can be confusing given answers to other questions, suggesting the possibility that actual usage might be higher than the reported usage. For example, many mobile apps are also essentially front-ends for cloud services. Many lawyers who do not think that they are using the cloud may, in fact, be using it every day, especially through mobile apps.
3. Consumer Cloud Services More Popular Than Dedicated Legal Services
The 2019 Survey asked respondents what cloud providers they had used. Google Docs topped the list at 37%. Other consumer cloud services also remained popular (notably, iCloud at 27% and Evernote at 16%), despite a lot of discussion about encryption and other security concerns about consumer cloud services in the press and among lawyers. Surprisingly, Office 365 usage is reported at only 7%.
Legal-specific cloud services have not reached the same levels of popularity as consumer services. Clio continues to be the most popular legal cloud service named by respondents (11.4%, up from 9.7% in 2018), followed by NetDocuments (8%), and MyCase (6%). These results might reflect both the difficulties lawyers and others have with determining what exactly is a cloud service and the increased number of legal cloud service providers, especially in the case management category. Note that services that many would consider “cloud”—WestLaw, LexisNexis, FastCase, to name a few—do not show up in the results, except possibly as small components of the “Other” category (17%).
In the last few years, the collaboration tool Slack has become extremely popular in small businesses and technology companies. As of now, there is still no indication of its uptake in the legal world.
4. Where is the Client-focus?
Largely missing in action in the results were clients and client concerns. Here are a few numbers to consider. Extranets are probably the classic example of a secure cloud tool that can help clients and help collaborate on projects with external parties; the results show that 91% of firms allow access to their lawyers and 57% to their staff. Access to clients, who potentially benefit the most from extranets, was only provided by 36%. Collaboration for “friendly” outsiders was permitted by 25%.
5. Cloud Benefits
There was not a lot of change in the perceived benefits of cloud computing shown in the 2019 Survey. Anywhere, anytime access is the biggest perceived benefit of cloud computing for lawyers. Low cost of entry and predictable monthly expenses are also highly rated benefits. Other economic benefits, such as eliminating IT, software management requirements, and quick start-up times are also seen as important benefits by almost half of the respondents. Only 30% of lawyers see “better security than I can provide in-office” as a benefit of cloud computing—a striking number, especially to anyone familiar with data center security procedures as compared to standard security practices in law firms.
6. Biggest Lawyer Concerns
While more lawyers reported using the cloud, they continue to express reservations and concerns about the cloud. When current cloud users were asked to identify their biggest concerns, they cited “confidentiality/security concerns” (65%) and concerns about losing control of data (45%). Concerns about losing control over updates (25%) and vendor longevity (24%) were other significant concerns. Only 14% listed client concerns about lawyers using the cloud. The changes from 2018 were not significant.
There were similar concerns among those lawyers who have yet to try the cloud. When asked a question about the concerns that had prevented them from adopting the cloud, 50% cited confidentiality/security concerns, 36% cited the loss of control, and 19% cited the cost of switching. “Unfamiliarity with the technology,” was listed by 35%. Again, the changes from 2018 were not significant.
7. Name and Reputation of Cloud Vendor
Ninety-four percent of respondents using cloud services considered the name and reputation of the cloud vendor as either very important (72%) or somewhat important (22%) to their decision, down slightly from 95% in 2018. Only 23% of respondents, however, reported that they evaluated the vendor’s history and only 17% sought out peer advice/experiences in connection with the vendor. This area is definitely one in which lawyers can improve their due diligence efforts.
8. Replacing Existing Tools with Cloud Services
Even though interest in cloud services is high, the interest does not seem to translate into substantial action at this point, at least in terms of replacing existing software tools. Only 8% of respondents indicated that they expected to replace an existing software tool with a cloud tool in 2019. Lawyers might be looking to the cloud only for new tools or to supplement existing tools. They also might not be thinking of mobile apps as cloud tools.
9. Internally-focused Extranets
Extranets are the premier example of a client-facing tool. Lawyers, perhaps ironically, have focused on extranets as internal tools. Extranets are private websites for which a user—internal or external—must have authorization to use. A law firm extranet could be used to allow a client to access files or gain other information on matters.
A third of lawyers are at firms with extranets. Extranets are used primarily for firm lawyers (91%) and staff (57%) but much less for clients (36%). These numbers suggest opportunities for lawyers to open up these tools for clients.
The 2019 Legal Technology Survey shows that for a small, but slowly growing, majority of lawyers and firms, cloud services are now part of the IT equation. Overall, reported growth in cloud use stayed relatively flat in 2019. The continuing lack of actual attention to confidentiality, security, and due diligence issues, however, remains a serious and disturbing concern, especially with the growth in mobile apps running on cloud services. The results on security procedures will continue to fuel client concerns about whether their outside law firms are making adequate efforts on cybersecurity, and the numbers indicate that they should be worried.
There is much that law firm IT departments and technology committees, legal technology vendors and consultants, corporate law departments, clients, and all legal professionals interested in the adoption of technology by lawyers can learn from these results. They give us much to think about and some indications where firms might want to move their technology strategies in the coming year and beyond. Applying basic common sense, diligence, and increased attention to cybersecurity efforts might be the biggest lesson to learn for the upcoming year. In short, cloud cybersecurity must be at the top of the list of questions for clients to ask their law firms. The current state of cloud security among law firms is a train wreck waiting to happen.