Whether you’re setting up a practice for the first time or upgrading existing technology, odds are you’re taking a long, hard look at the cloud. Here is a checklist to help you through the process.
Moving your data to the cloud is all about vetting the cloud provider – will they or won’t they keep your client information secure? Here are your marching orders:
Research the Provider
- What is their reputation?
- How many years have they been in business?
- Are bloggers and news outlets critical or supportive?
- Can the provider give you a list of other lawyers who use their product? (If so, check the provider’s references.)
- Talk to friends and colleagues: are they familiar with the product or provider? What are their thoughts?
- If you belong to a listserv, poll the members of the listserv.
- Use the power of Google to reveal problems. A general search using the product or provider name is a good start. To uncover security issues, Google the product or provider name followed by the words “security concerns” or “data breach.” To reveal if outages are a problem, search the product or provider name followed by the words “downtime statistics.”
Evaluate Speed and Reliability
Uptime, bandwidth, and general reliability of the Internet matter.
- Check on provider uptime statistics as part of your general research – see the discussion above.
- Make sure your technology is up to the task. To use the cloud effectively you must have a fast, reliable Internet connection. If you don’t, contact your ISP. If there is a remedy (and you can afford it), great. If not, taking your practice into the cloud is likely not a good choice.
Read the Fine Print
- Contact customer service for clarification of terms if needed.
Educate Yourself about Encryption
Every cloud provider encrypts your data. The devil is in the details:
- Is your data encrypted at all times (in transit and at rest)?
- Does the provider hold a master encryption key? (If so the provider can access your data at any time, thus defeating client confidentiality.)
- Is third-party encryption an option? If the answer is yes, you can lock out the cloud provider. A master key only permits the provider to unlock their encryption, not yours. With third-party (AKA client-side) encryption, you – the user – apply your own encryption software before uploading any content to the cloud provider’s site. Here’s the rub: encrypting your own content isn’t always an option for compatibility reasons, so check with the provider.
Learn about Data Access Policies – “Authorized” and “Unauthorized”
Getting an answer to the master encryption key question will resolve whether the provider’s employees can freely access your information. Now you need to ask:
- Will the provider notify you if authorities seek access to your account information? (Some providers comply with subpoenas first and tell you about it later.)
- What is the provider’s procedure if a data breach occurs?
Know Before You Go: Security, Backups, Redundancy, and Local Copies of Your Data
- Find out what the provider has to say about the physical security of its facilities. Features like fire suppression, redundant electrical systems, temperature controlled environments, video surveillance, and 24/7 monitoring by security personnel are standard.
- Learn everything you can about how your data is backed up. Where, when, and how. A decent cloud provider has multiple servers that are geographically dispersed.
- Consider it a deal breaker if you can’t download a local copy of your own data. Keeping a local copy just makes sense. First, it protects you if the provider goes out of business (some have). Second, if the provider suffers a catastrophic breach you’ll still have a pristine copy of your information. [Caveat: ability to download a local copy of your data does not mean you can work with it offline. This is simply a way to protect yourself in a worst case scenario.]
Nail down the Details: Support, Training, Data Migration, and Data Integration
Cloud products are generally pretty easy to use, but at some point you’ll need help – maybe at the outset when you import your data – or later when you start using more advanced features of the program. Either way, ask:
- Does the provider offer live telephone support? Live chat? Email? What are the hours? Is it free or is there a support contract?
- What resources does the provider have on its website? Searchable knowledge base? User forums? Blog? Training videos? Webinars?
- Will the provider help you migrate your existing data? Are you on your own? If there is a fee for data migration, get an estimate.
- What about product compatibility and integration? Some users need the cloud product to communicate with an existing piece of software, like QuickBooks or Outlook. [Tip: don’t just take the cloud provider’s word for it. Run another Google search: Is (cloud product name) compatible with (existing program)? If the blogosphere has spotted issues, you’ll uncover them quickly enough.
Product Cost and Licensing
Most cloud products are sold on a monthly subscription basis. Do a bit of research:
- What is the current fee per user? Any price breaks for multiple licenses?
- Research historic costs. If monthly fees have jumped significantly in the recent past, factor this into your choice.
- Are product upgrades or new features included in existing subscriptions or is there an additional fee?
- What does a single license or a single user account include? Some providers are strict: one user/one license/one device. Others are more flexible: one user/one license/multiple downloads: desktop, laptop, tablet.
Choose the Right Version
If your cloud provider offers multiple packages or products, proceed cautiously.
- Look for a Web page on the provider’s site that will compare the features of each version side by side.
- Call customer service when in doubt.
- Take advantage of free trials, which are almost universally available. A trial run is the best way to know whether you’re really going to like something.
Cyber Liability and Data Breach – What if the Worst Happens?
If you’ve decided to store your data in the cloud, it might be a good idea to have cyber liability and data breach coverage.
The Professional Liability Fund Excess Claims Made Plan automatically includes a cyber liability and data breach response endorsement with these features:
- Forensic and legal assistance to determine compliance with applicable law
- Notifications to individuals as required by law
- 12 months credit monitoring to each notified client
- Loss mitigation resources for law firms
If you aren’t eligible or don’t wish to purchase excess coverage through the PLF, contact a commercial carrier.
This is Too Much Work – Can’t You Just Tell Me What to Do or Give Me a List of Recommended Products?
No. I can’t make this decision for you. You and I have different likes, dislikes, needs, skill levels, and preferences. (Think: Windows vs. Mac, Word vs. WordPerfect, or Mayonnaise vs. Miracle Whip.)
If you want to be happy with your choice, you have to make it. We can talk, I can point you toward resources, or send you comparison charts. But in the end you are the decider.
[All Rights Reserved 2015 Beverly Michaelis]