Mr Blue Sky – moving your firm’s applications to the cloud
3Kites’ Paul Longhurst and Richard Kemp of Kemp IT Law explain the benefits of moving away from on-premise systems and the practical steps to take
Cloud has long since transitioned from hype to reality but some law firms still struggle with the idea of moving away from on-premise systems they can see and hug to something they don’t control.
Why do these objections still exist when so many organisations are embracing the benefits of having companies like Amazon and Microsoft host their data securely? Some of these fears reflect a regulated environment where lawyers are rightly concerned about the guardianship of their clients’ data and this needs to be addressed by assessing relevant options and filtering out any that do not provide appropriate assurances and safeguards.
Beyond the technical considerations for access, scale and security, the biggest barrier that we observe today is that of cost. If the objective for looking at cloud is to save costs then don’t waste your time and effort, simply renew the server licences and keep the operations staff employed.
Cloud services (fully costed against all like-for-like hardware, software, staff, buildings, backups and such) may provide savings for the first few years but, over time, continued subscription costs are likely to outweigh the on-premise equivalents. However, this is not a straight comparison. As systems evolve, changes will increasingly happen on cloud first and ultimately may only happen in the cloud.
Also consider here that, like leaks in a roof, cyber attacks tend to find the weakest point and it is more likely to be an internally maintained system than one that is hosted and managed by an organisation whose entire business is focused on cloud security and reliability.
All of this ongoing evolution and additional protection comes at a price but one that should be weighed against the likelihood that the hosting and management of systems will become increasingly difficult for law firms which, even at their largest, have relatively small IT operations when compared with the corporate behemoths that many of them serve.
Service level agreements
Once you have chosen your cloud service and have budgetary approval, you will need to sign on the dotted line. Cloud vendors have always been reluctant to negotiate their service level agreements (SLAs), saying in effect that this is the product: ‘You’re taking a room at our hotel, this is what it looks like and we can’t change it’. As the big cloud vendors get more powerful in the market, their contract terms are hardening. You see this particularly with terms around liability – where a direct loss (only) general liability cap of 12 months’ fees is emerging as market practice.
The contract documentation can be complex and you can end up with several sets of terms all forming part of the agreement - master agreement, order form, statement of work, specific cloud terms per product, separate terms for professional services and the ubiquitous data protection addendum. Be aware too of ‘nested’ terms – link upon link from one contract document to the next – and vendors’ rights to change the terms at any time if they wish.
Contract lifecycle points to watch out for include business continuity and getting your data back. A longer contractual commitment will get you lower prices, but in many cases you won’t be able to get out early for convenience without paying the balance of the contract fees.
Data protection issues in the cloud context continue to take up a lot of time in negotiations. If your cloud vendor is a processor (as they mainly claim to be), you’ll have to build in GDPR-compliant controller – processor clauses. If data is going to the US or India, for example, you’ll generally have to include the right set of standard contractual clauses. International transfers, particularly those involving the US, are an area of growing challenge.
Many buyers start off with an on-prem system but want the flexibility of being able to move to the cloud during contract lifecycle. This can present issues, but the golden rule is to negotiate the post-migration cloud terms at the outset if you can. Reconciling on-premise system costs (typically, one-off upfront software licence fees, professional services fees for the implementation and annual support fees of around 20% of the software fees) with in-cloud costs (annual subscription fees with support wrapped in, professional services fees for the migration and new hosting fees) can be challenging to manage, but customers are best placed to get better terms if they’re negotiated at the start of the relationship.
3Kites and Kemp IT Law are jointly hosting a seminar covering these topics on 10 March. Click here to apply for a place at the seminar.
Paul Longhurst is a director of 3Kites consulting and Richard Kemp is a partner at Kemp IT Law. This is the second article in the series Navigating Legaltech.
About 3Kites and Kemp IT Law
3Kites is an independent consultancy, which is to say that we have no ties or arrangements with any suppliers so that we can provide our clients with unfettered advice. We have been operating since 2006 and our consultants include former law firm partners (one a managing partner), a GC, two law firm IT Directors and an owner of a practice management company. This blend of skills and experience puts us in a unique position when providing advice on IT strategy, fractional IT management, knowledge management, product selections, process review (including the legal process) and more besides. 3Kites often works closely with Kemp IT Law (KITL), a boutique law firm offering its clients advice on IT services and related areas such as GDPR. Where relevant (eg when discussing cloud computing in a future article) this column may include content from the team at KITL to provide readers with a broader perspective including any regulatory considerations.