Lawyers and SaaS: An ethical minefield or a match made in heaven?
What is SaaS?
SaaS is a software delivery model where software is hosted on a central Cloud platform, users then access this software on the platform over the Internet.
Who would I be working with?
When accessing software in this manner, there are could in fact be two providers that you need to work with. If the software owner doesn’t host their own Cloud, they will be partnered with a third party provider. This partnership is not necessarily a problem, as generally speaking the Cloud provider will have invested in both the security and hardware for the platform. The structure of this will look a little like the diagram to the right.
Some examples of SaaS within a law firm can include:
- Online document management and sharing systems
- Customer Relationship Management tools (CRM)
- Accountancy software
- Online email services
Why should I use a Cloud software service?
Some SaaS advantages include:
- Location independence – as long as you have the internet, you can access software/data and work on the move.
- You can pay for the software on a monthly or quarterly basis, avoiding any cash flow issues.
- You can access the service almost instantly after purchasing, many companies even offer free trials.
- Streamline processes and increase productivity.
- Software patches and upgrades are completed automatically, so you don’t have to waste valuable time updating.
When it comes to utilising Cloud Computing technology, lawyers have to balance their requirements with the needs of clients. Naturally, client data protection comes first.
From our experience, we’ve compiled a list of questions that we think are important to ask potential software providers.
Who can access the information we store?
You need to make sure that nobody can access your information, besides your organisation. There’s no point paying for a “secure” Cloud service when your confidential documents can be accessed by the hundreds of people working for your Cloud provider.
Will you be willing to sign a non-disclosure agreement?
It’s important that you have full trust in your software provider and the Cloud provider that is storing your data. If you do have to share any confidential information with them, it’s vital that it stays confidential.
What security measures do you have in place?
This must address both physical and virtual security measures. There is no point paying for a secure solution if it is easily hacked, so virtual security must be accounted for. Similarly, there is no point in having a virtual protected service, if someone can simply walk into the data centre where it is stored and copy your files. What legislation do they adhere to? Are they ISO 27001 compliant? Does this meet the requirements of your firm?
Which country is my data stored in?
Your data will be automatically accountable to the regulations of any country in which it is stored, so it’s important that your data is stored in the UK. If it were to be stored in the US then it would be subject to legislation such as the US PATRIOT Act. Is the data stored in numerous geographical locations, so it will still be available if a disaster should occur in one data centre?
Can I remove the data from your system fully? How long do you keep it for after the contract has ended?
Can you be sure that once the contract is terminated, that a copy of your data won’t be stored? If they delete the data from your system, will it still be accessible through backup? If you should cancel the contract, how long do you have to retrieve all the data off the system? You need to have a firm grasp of all these answers.
There are definitely some security considerations to be made when using software as a service technology, but by working with the software supplier (and Cloud provider) these can be easily overcome. Therefore, the benefits of the Cloud easily outweigh these considerations.