Of course, it’s one thing when you can’t be in the office. It’s another thing when you don’t want to be in the office. Modern remote access capabilities are a boon for attorneys seeking to wind down their practices. There’s never been a more graceful way to fade out. As you draw down your daily and weekly hours, you can replace or supplement them with hours spent at home, interacting with client matters via the exact same interface you would have used at the office.
To get this right, you’ve got to select the correct technology platform.
There are critical information sets that lawyers need to access every day. The three most basic are: e-mail, contacts, and calendar. Like it or not, most modern business communication flows through e-mail. And that’s true for lawyers, too—so much so that most attorneys would be lost (and largely ineffectual) without consistent access to their e-mail in-box(es). So, in order to establish an effective remote access protocol, you’ll need to be able to get to your office e-mail.
Modern attorneys also have a tremendous number of contacts to maintain: parties to actions and related parties, colleagues, other professionals, support staff, etc. It becomes impossible to keep all this information—and all your contacts’ various points of communication—in your head. In order to establish an effective remote access protocol, you’ll need to determine a method for maintaining and updating your burgeoning contacts database on the fly.
Folks seem to have become quite adept at overscheduling themselves. Certain professionals have a degree of flexibility to reschedule meetings and appointments, but this is not always the case for lawyers, especially those with active court practices. It is critical for attorneys to meet their engagements; missing certain appointments, such a court dates, could lead to an ethics investigation and/or a malpractice claim. So, in order to establish an effective remote access protocol, you’ll need to figure out how to get access to your appointments on a continual basis, across all the devices you carry with you.
Although most attorneys carry around multiple electronic devices (from smartphones to tablets to laptops, and sometimes all three and more), these attorneys should not separately maintain multiple e-mail accounts, calendars, and contact databases. Instead, all e-mail messages, calendar appointments, and contacts should be updated across the various access points/databases via two-way synchronization, such as the kind offered by Microsoft Exchange Server. In two-way sync, a change in one place/repository is reflected in every other connected place/repository.
It’s true that most attorneys still prefer a home dashboard of some kind, from which they’ll do most of their work. This is why, even with Exchange Server representing a popular option for syncing e-mails, contacts, and appointments, the majority of lawyers still choose to do the bulk of their work in Microsoft Office (microsoft.com), which includes Outlook (e-mail), Business Contact Manager (contacts), and Calendar (appointments). There are also a number of other productivity suites that lawyers can access and sync through (including via Exchange Server, in some cases), such as Gmail (and related Google products; google.com), Corel Office (corel.com), and Open Office (openoffice.org).
You must also determine which physical hardware is required to make remote access a reality. Just because you’re remote and untethered does not yet mean you can leave the physical world entirely behind. At a bare minimum, you will need a primary device of some kind—be it a desktop, laptop, tablet, or smartphone—through which to access your information. And although it may not be the first thing you think of, if you’re going to be working remotely from multiple places, you really need to be using a portable scanner, along with a PDF manipulation program that you can access remotely. Given the powerful nature of modern remote access packages, if you’ve got a computer, scanner, and smartphone . . . you have an office, no matter where you happen to be.
There are, very broadly, two sorts of data to which you will need remote access when outside of a traditional office setting: (1) premise-based data, which is located in a physical space that you maintain and manage (e.g., you log into an office workstation with an outside computer), and (2) cloud-based data, which is located in a physical space that someone else maintains and manages (e.g., you use Dropbox to access some of your files while working remotely, and those files are maintained on Dropbox’s servers). Ultimately, all data has, as it terminus point, a tangible storage unit; the question is whether you own that storage container or some outside company does. This is the root of why some attorneys are so reluctant to use the cloud: You have to entrust your data to a third party. Can you give over the management of your data to the unseen eyes of operators at some faceless corporation? Most attorneys, for the sake of convenience, are willing to that. But, even if you do, there are ways to protect yourself; we’ll discuss some of these below.
Remote Access Options
But for now, let’s talk about some of the options for getting to, and working with, your client matter when you’re not in the office.
Virtual private network. The traditional model for accessing data remotely is via the virtual private network (VPN), which offers a secured data pipeline from your office workstation to a remote device. This is also known as “remote node” access and is a method to utilize programs and applications on an office computer via a remote device. In its most basic incarnation, the virtual private network allows for the viewing of a familiar folder structure, which increases efficiency when working out of the office. However, remote node access does have its drawbacks, including a lack of speed (it’s 20 to 200 times slower than what you’d experience in the office), the increased potential for corruption of data files as those are en route to the remote machine (owing to the lack of speed for transfers), and limited access to applications that are not installed on the remote workstation. Nowadays, the virtual private network is used mostly as a second, or additional, level of security for remote access.
Remote control access. As its name implies, remote control access offers more control than a virtual private network. Users operate their office workstations remotely, via screen redraws, rather than via the actual transfer of documents and information. Remote control users still see their traditional office workstation arrangements, however, and this familiarity drives efficiency. Remote control access also solves the major problems related to remote node access: it’s fast (the office local area network governs speed), there’s better data integrity (no data is actually crossing to a remote device, save for the screen redraws), and all applications are accessible (as long as these are available on the office workstation). Remote control access options, such as the popular LogMeIn (logmein.com) and GoToMyPC (gotomypc.com), also offer cross-platform and cross-device compatibility; additionally, they’re relatively cheap and easy to use. However, certain drawbacks remain, including the continuing need for office hardware (physical workstations) and intensive up-time requirements (because you might log into an office workstation at any time, you need to keep this hardware up and running at all hours, requiring additional electricity consumption in your office, as well as a battery backup power supply and more frequent data backups).
Terminal services. Remote desktop services, also called terminal services, allow users access to office workstations that are maintained virtually, where a single server (rather than multiple workstations) can run dozens of virtual workstations at one time. With terminal services, there is no longer a need for tethered workstations when working remotely, and the computers that do inhabit the office can be turned off, which increases security and reduces power consumption. Additionally, updates can be made more easily and do not need to be applied to each physical machine. However, terminal services can be expensive: There are costs associated with installation, and you’ll likely need an IT specialist to set up and maintain the system.
Hosted exchange servers. Microsoft Exchange Server, as was alluded to above, is an e-mail and calendaring server and application that is the de facto corporate standard for handling e-mail, calendaring, contacts, and tasks. Exchange Server provides robust syncing capabilities to ensure that information is available across devices and platforms. At present, many attorneys access their fundamental data sets via a law practice management software system; yet, even many of the cloud versions of these programs have added exchange sync capabilities, likely because the ability to access data via native applications is a more seamless option. Hosted exchange server providers charge customers a monthly subscription fee, which over the course of time compares favorably with the premise-based options in terms of the total cost of ownership.
The cloud. Perhaps the most popular method of accessing data online is via the cloud. The cloud has been popularly represented as the great “server in the sky”; really, though, it’s just your data residing in a physical server hosted by a third party in a secure location. The advantage of the cloud is that you’re saving setup and maintenance costs for that server; and, in theory, that third-party corporation will be able to provide a more secure environment for your data with its resources than you could with yours. There are a plethora of document storage and productivity platforms in this space, including Dropbox (dropbox.com), Google Drive (drive.google.com), Box (box.com), Microsoft SkyDrive (skydrive.com), and more. Most of these services provide a certain amount of storage space (measured in gigabytes) for free before you have to pay for additional storage. Some have better document management features than others. But they all basically do the same thing: provide you server space without the physical hardware.
Software as a service. It may seem as if there are two very distinct worlds for remote access and storage protocols—the traditional physical desktop/server versus the (seemingly) ephemeral cloud—but there are plenty of spaces where those two worlds collide, sparking hybrid evolutions that incorporate features of both aspects of data retrieval. Software as a Service (SaaS) removes the traditional desktop computer application to the web (some reliable third party’s server versus your own)—think of the traditional Microsoft Office products versus Gmail and Google Apps or even Microsoft’s own Office 365. Users pay SaaS providers a monthly subscription rate (for those programs that do charge a fee) to maintain and update the programs. In addition, users acquire the ability to access these systems (housing their information) wherever they have Internet access through secure log-in protocols.
Desktop as a service. Desktop as a service (DaaS) is the natural evolution of SaaS: If it’s good to move specific applications to the cloud, it’s even better to remove users’ entire desktop systems to the cloud. SaaS is hosting for specific applications; DaaS is hosting for all your applications. Where SaaS provides part of a solution, DaaS offers the whole solution. DaaS delivers the benefits of cloud computing for cloud-based and premise-based data. DaaS services are charged monthly, as are SaaS services; the total cost of ownership is favorable to traditional in-office set-ups. Top-tier DaaS providers, such as Rackspace (rackspace.com) and Amazon (amazon.com), feature convoluted pricing models based on multiples of factors such as up-time requirements and resources used. These vendors will even manage the user’s operating system and other fundamental programs. Second-tier providers offer a flat-fee pricing model based on total resources used. Turnkey solutions provide it all, allowing you to off-load your entire IT responsibility. Keep in mind, however, that without local IT support, you become solely dependent on the DaaS provider for that support, which the provider can price at a rate of its choosing. There are legal-specific DaaS providers, such as Legal Workspace (legal-workspace.com); these providers may be advantageous for attorneys if they have effective relationships in place with vendors of software that attorneys require.
The significant advantages DaaS offers attorneys include a built-in disaster recovery plan (because of the existence of redundant backups); centralized updates; better data security than the typical small firm could provide; and, perhaps most favorably, the flexibility to scale up or scale down (via a phone call or e-mail versus the movement of hardware) based on economic cycles.
For all that, though, switching to DaaS is not without risk or distinct disadvantages. For one thing, because the user is totally dependent on Internet access to acquire practice information, the smart money is on utilizing a strong Internet connection—and perhaps even a redundant connection as a backup. The question respecting remote access has often been, “How do you get your data to the cloud?” But the question respecting DaaS is, “When you need your data, how do you get it off the cloud and back to your office, which is now a ‘remote’ location?” This is all potentially very jarring psychologically for attorneys. And while it is possible to send your entire operation to the cloud using the DaaS protocol, the ultimate question is whether attorneys are ready to do that.
Securing the Data
Whatever choices an attorney makes respecting remote access to data, an underlying concern is always the confidentiality/security of that data, which, really, is the clients’ information entrusted to the lawyer. Earlier, we discussed the two sorts of data available for remote access: premise-based data and cloud-based data. Not surprisingly, methods for securing these data sets differ.
For premise-based data that is not being connected to the cloud or accessed by the Internet, law firms must rely on internal security mechanics, such as the application of firewalls and anti-malware software and the selection of strong system password and encryption methodologies. However, as soon as lawyers consider remote access systems, all this formerly premise-based data changes in character, even if most of the time the data is hosted on the premises of the law firm. Either that data is sometimes passing through/accessed by the cloud or it is cloud-based data in totality, where it exists off-premises at all times and is accessed there. When that’s the case, law firms must combine their internal security mechanisms with methods for protecting data that exists outside the office and is managed by third parties.
Whenever a law firm selects a third-party vendor to host its data, it should thoroughly vet the potential vendor’s history related to data security, its continuing ability to protect its clients’ data, and the security features inherent in its product(s) that ensure (to the extent possible) the protection of sensitive information. If the vendor passes muster, the lawyers within the firm must understand how to utilize the security features available within the new product(s).
Fortunately, most vendors offer security that is superior to what solo and small firm attorneys can leverage within their own practices, which is one of the reasons that hosted services are so compelling. But attorneys should understand which features are optional (such as two-factor authentication) and how to activate these options. In addition, lawyers must understand that there are ways that they can protect themselves even where they lack control over the actions of third-party vendors. Perhaps the most salient example is the fact that many vendors will give up their clients’ information on some slight provocation—as well as some heavier provocation, such as the serving of a warrant. Although vendors may encrypt your data, they maintain the encryption key and can use it at any time. Lawyer-clients can avoid this danger by applying their own encryption to the documents before uploading them to these third-party sites. This can be very easily done, either by encrypting documents in their native forms, by applying encryption via a pass-through service (e.g., Cloudfogger; cloudfogger.com), or by using a so-called zero knowledge system (e.g., SpiderOak; spideroak.com), which applies encryption but does not keep the code. The takeaway here is that lawyers seeking to use remote access protocols must make the effort to understand the systems they use and to apply an appropriate level of security for these systems.
Educating Your Clients
Of course, lawyers aren’t the only ones who must understand the remote access systems utilized by their law firms. One of the main drivers of remote access technology is that clients are able to use it, too—to get a direct connection to their files. It is incumbent on lawyers granting such online access to educate their clients about the safe and secure use of these systems, including practical instructions on the use of strong passwords and the ways to secure any devices by which clients access case information.
Smart lawyers will emphasize that the attorney-client relationship must be a team effort in order to be successful, and that the client must make at least as much of an effort as the lawyer does to secure data. Perhaps the best time to educate clients respecting data security is when lawyers do most of their other client education: when the fee agreement gets executed. Lawyers can add to their fee agreements a term respecting the remote access technology they utilize within the practice and the importance of securing information at those data points. The client will then more fully understand how the case will proceed and will have the opportunity to affirmatively opt in, or opt out, of the technology infrastructure adopted by the law firm.
The Choice Is Yours
Certainly, there is much to consider when making the leap to remote access. The process might seem complex, but, as with most things, proper planning and execution can ease what otherwise would be a significant administrative burden. Couple with that the staggering efficiencies made possible by remote access systems, and the decision becomes clearer: To compete in the modern business world, lawyers must adopt aspects of remote access technology into their practices, whether those technologies are client-facing or internal. Ultimately, the array of choices is a good thing because solo and small firm lawyers can mix and match products to suit their needs. In the end, there is no “right” answer, just the best fit for you.