25 Things To Ask Your Legal Private Cloud Provider

Updated: March 20, 2024|In Cloud Computing, Legal Technology|By Dennis Dimka

What To Ask A Legal Cloud Service Provider

As law firms increasingly move from traditional on-premise servers to cloud-based solutions, the benefits are clear: cloud services offer superior security, mobility, reliability, and scalability compared to the costly, inflexible nature of on-premise IT.

This shift is notable among law firms reliant on premise-based legal practice management software like Time Matters, PCLaw, Tabs3, ProLaw, and Needles.

However, the burgeoning demand for private cloud solutions has attracted many providers, some hastily assembling services to capitalize on the trend. This includes small IT consultancies fighting to stay relevant and software companies seeking to maintain their market presence. But the legal industry’s unique requirements — strict security, ethical standards, compliance, and specialized needs — demand providers with specific experience serving law firms.

To help firms vet private cloud providers, we’ve put together a list of 25 essential questions you should ask before hiring.

If you’re in the marketing for a cloud-service provider, this guide is for you. It will help you hire the right provider the first time.

Section 1:

Provider Credibility and Specialization

Is the Cloud Provider Well-Regarded in the Industry?

New cloud service providers are popping up every day. Small local IT firms are rebranding as cloud providers to avoid losing clients. It’s important that your selected provider is established and reputable.

Make certain business and legal authorities such as the Inc. 5000 list, the American Bar Association, and one or more state bar associations have recognized them.

A high-risk provider is one that is unknown to the larger legal technology community or only known in a single city or region. Risks include slow response times, inexperienced technical support, system downtime, or worse, the provider simply going out of business.

Are They Exclusively Focused On the Legal Industry?

Numerous cloud service providers offer services to any business or industry. While they may be technically proficient, they typically do not have the experience to understand an attorney’s ethical obligations and compliance requirements and likely will not have deep experience in legal software used by law firms.

This means you should narrow your list to cloud service providers that exclusively service the legal industry. Some generalist cloud service providers may even claim to specialize in legal, though upon closer review, you will often find that legal is just one of many industries they serve.

If, in addition to law firms, you find that they serve accounting firms, healthcare, manufacturing, or… retail pizza, that’s a red flag. Keep looking.

Is Cloud Service Their Primary Business?

In recent years, many companies not originally in the cloud computing business have lost market share to the cloud and often react by spinning up a cloud offering. This group includes software, local IT, and telecom/telephone companies.

As we’ve already discussed, these companies are desperately trying to stay relevant and stem the loss of business to the cloud. The significant risk to your firm is that, in all likelihood, they will lack an independent, software-agnostic perspective and will lack the infrastructure and software acumen to provide a reliable, dependable, and secure cloud platform.

RelatedPrivate Cloud for Law Firms – A Primer: What is a private cloud? What are the costs? Learn everything you need to know about private clouds.

How Many Law Firms Do They Service?

We’ve seen cloud service providers claim that they service “a lot” of law firms. They may even have a web page dedicated to the legal industry. But when digging a bit deeper, you’ll often find that this claim is… aspirational at best.

You’re a law firm. Your industry is special. It has unique needs. Make sure your chosen cloud service provider has law firm clients in the hundreds.

How Many New Law Firms Join Them Every Month?

In addition to how many law firms the provider currently serves, it’s important to understand how many new law firms sign up and become clients every month. This isn’t just about bragging rights; it speaks to acumen and experience.

A cloud provider that routinely onboards 10 or more law firms every month will have a defined and refined process for moving a law firm to the cloud.

on premise to cloud

Think about moving your law firm from its on-premise servers to the cloud. You have applications, databases, files and folders, and email to move. You have printers and scanners to integrate and mobile devices to connect.

Moving to a private cloud is a little like a heart transplant; each component is like the arteries. Make sure you have a skilled surgeon performing the operation — one that consistently executes this process again and again.

Section 2:

Legal Compliance and Data Security

Will Your Data be Stored In the US Only?

Every bar association agrees that all client and confidential data should be stored within the continental United States. Surprisingly, the locality of where your data is stored is ambiguous or simply not defined by many cloud service providers.

Microsoft’s Office 365 states that your data may be stored or backed up to countries outside the US. This is one more reason to use a cloud service provider that only services the legal industry. If your firm’s data is stored or backed up to a country outside of the US, it can create a host of potential ethical issues.

Will You Retain Exclusive Ownership of Your Data?

Do not assume that the data you store in the cloud belongs exclusively to you, even if the provider is well-known and reputable.

For example, in 2012, Google Drive came under fire for claiming the rights to anything a user uploaded in perpetuity. Once you decide to use a cloud provider, ensure that the fine print includes unambiguous, perpetual ownership of any data you store on their cloud.

Is Their Data Center SSAE16 Audited?

As a law firm that stores data critical to your firm and your clients, your chosen cloud service provider must have a world-class data center. The good news is that you don’t have to hire a data center expert and fly them to the provider’s data center to examine their facility with a microscope. There’s already a standard for this.

The SSAE16 certification is an independent, annual audit that a data center goes through to ensure the highest levels of reliability, resiliency, security and management. Ensure that your cloud service provider meets this standard.

Do They Have Any Conflicts of Interest?

Be wary of conflicts of interest that may spell trouble for your firm.

For instance, beware companies whose core business is making and selling software that also purports to be a cloud service provider. They may claim to be software agnostic… but the moment your software (which competes with their software) has a problem… don’t be surprised when their “solution” is to switch to their “house” software application.

We’ve seen this plenty.

Also, beware of cloud providers that are really VARs (Value Added Resellers) in disguise. Companies that are in the business of selling and implementing software. Because (A) cloud hosting isn’t truly their forte, and (B) they have a vested interest in promoting the software they represent, which may not be the software your law firm uses.

What Will They Do If Served a Subpoena?

Your cloud provider should have a clear, documented policy on how to deal with subpoenas if they’re ever served regarding your firm’s data. Unsophisticated cloud providers might hastily react to a scary-looking legal letter or subpoena. A cloud-first, legal-first company will know better and will have a clear process for notifying you and responding to any subpoenas.

Are They Fully Compliant With Microsoft (and other) Licensing?

This one’s critically important.

A cloud service provider that hosts Microsoft products such as Windows, Microsoft Office, Exchange, Remote Desktop, and SQL must license these products via Microsoft’s SPLA (Service Provider License Agreement) model. It’s a strict requirement. Managing, reporting, and paying these licensing fees are complex, and errors can lead to significant penalties for the cloud provider.

Under-experienced cloud providers are often either lackadaisical with managing their Microsoft (and other) license requirements or outright under-report to avoid paying the full bill due to Microsoft each month.

Why should you care?

If your cloud provider isn’t on their game with respect to tracking, reporting, and paying their licensing fees, one audit from Microsoft (which is an inevitability for any cloud service provider) can wipe them out.

Section 3:

Technical and Operational Excellence

Will They Support Your Software? Can They?

There are plenty of companies willing to host your legal software. However, generalist cloud service providers simply cannot be relied upon to provide best practices to support your practice management, document management, and billing/accounting software.

The cloud service provider you select will not simply host the software your firm relies upon; it should also provide first-call support for your applications and apply security and application patches and updates as necessary so that you can focus on practicing law.

Ideally, your cloud service provider will have a strong working relationship with major legal software publishers so they have rapid access to the software company’s team when necessary.

Where such a designation exists, your cloud provider should be certified in hosting and supporting that application, such as Time Matters or PCLaw.

Unfortunately, we’ve seen too many cloud service providers take a so-called “best-effort” approach to supporting third-party software, such as your practice management software, leaving you stuck in the middle when the cloud provider blames the software for your challenges, and the software company blames the platform.

RelatedThe Financial Case for Cloud for Law Firms: Learn just how much money you can save when you switch from on-premise to the cloud.

Is Their Cloud Optimized to Host Your Legal Software?

Anyone can sell you cloud hosting, cloud servers, or virtual desktop services. But just like the legal profession is unique, so is the software used in it.

Legal practice management software, document management software, and accounting software are very nuanced. It must be installed and managed in a very specific way, and the servers that host it must be built in a very specific way.

Applications like ProLaw, Worldox, iManage, (and just about everything in the image below) have very specific requirements regarding resources (computing power) and configuration. Some of these applications require a dedicated indexing server. Others require a minimum amount of CPU cores. Your local IT guy or the non-legal-savvy cloud provider may not know this.

different types of legal software

But you’ll find out the hard way if your software doesn’t work right or the software company refuses to support you because the hosting environment doesn’t meet their requirements.

When you engage with the sales team, are they familiar with your software, and do they have a ready-made cloud configuration they can quickly quote? If not, steer clear. They’ll be learning at your expense.

Do They Have a Tier-One Data Center?

Ensure that your chosen cloud provider hosts within a Tier-One data center.

This means your data will be stored within a data center that includes:

  • Multiple redundant Uninterruptable Power Supply (UPS) systems
  • Dual incoming city power feeds
  • Dual backup power generators, routinely tested & audited
  • On-demand emergency fuel contract with local city
  • Routine environment & humidity testing
  • Multiple OC12 and OC48 Internet Connections
  • Four redundant connections to upstream Internet providers
  • Inert gas fire suppression systems (FM-200)
  • Flood prevention systems, routinely tested & audited
  • 24×7 closed-circuit video surveillance
  • Physical security enforced in common data center space
  • Physical security enforced to Uptime servers & equipment
  • Redundant HVAC and humidity control systems, routinely tested & audited
  • 24×7 monitoring of facilities and systems by onsite technical staff
  • Biometric-encoded physical access

Do They Own the Server Equipment?

Or are they just reselling someone else’s servers?

Ensure the provider actually owns the server equipment. Some smaller cloud service providers (especially local IT companies) rent servers or space from large public cloud providers like Microsoft Azure or Amazon Web Services.

This creates a significant problem as it complicates data ownership and seriously limits the cloud service provider’s ability to control and support the infrastructure, making them essentially intermediaries.

enterprise grade server

Do They Use Enterprise-Grade Servers?

Does the cloud service provider host on enterprise-grade, name-brand servers such as Dell, HP, or IBM, or did they cut corners by building their own “white box” servers? This matters for a whole host of reasons.

Low-cost or new-to-the-market providers often try to save a few dollars (after all, building a sophisticated cloud infrastructure isn’t cheap) in this arena. This introduces significant risks to your firm, from downtime to loss of data.

You have ethical obligations to keep your client’s data secure. Saving a few dollars here isn’t worth it.

A reliable cloud service provider will employ name-brand, enterprise-grade server equipment that is under warranty by its manufacturer.

Do They Have an Enterprise-Grade Backup System?

Make certain you understand your cloud service provider’s backup and disaster recovery system.

A dependable, robust provider will have at least two independent systems for backup and recovery. The backup strategy should include a file-and-folder backup so you and your staff can quickly recover deleted files and a “bare-metal” (or full virtual server) recovery system so the provider can perform a complete system restore in the event of a disaster.

The cloud service provider should also be able to synchronize your data in the cloud back to a server or device at your site. This not only serves as an extra backup but creates a geographically redundant backup that you can see and touch for yourself.

Do They Guarantee Uptime?

It’s important, especially to a law firm, that your chosen cloud service provider has a financially-backed Uptime SLA. Meaning that they guarantee that your cloud system will be “up,” or available, for a certain percentage of the calendar year. A reliable provider will guarantee “five nines” of Uptime, or 99.999%.

What’s more, the cloud provider should clearly outline their maintenance windows and the time when they might take their systems down for scheduled maintenance, upgrades, and repairs. There should be no surprises here — the last thing you want is to go to log in one day or evening only to realize that you can’t log in and access your legal software, your documents, or your email.

Uptime Practice guarantees uptime. Check out our demo below.

Do They Manage Antivirus End-to-End?

Make sure that your cloud service provider not only provides antivirus protection for the cloud servers that your data and applications will reside on (of course), but that they also provide and monitor antivirus for each of your local computers (desktops and laptops).

After all, one of the purposes of moving to the cloud is to consolidate all IT management and support into a single platform and a single provider. Some cloud service providers leave you to your own devices (no pun intended) when it comes to managing security and antivirus for your local computers.

Section 4:

Support and Service Quality

What Kind of Help Desk Do They Operate?

Supporting the technology needs of hundreds of law firms takes more than a basic phone system. To efficiently and effectively manage incoming support calls, including helping your firm when you need help now, takes a sophisticated phone system to manage incoming calls and quickly route them to the most capable technicians.

This may sound like an in-the-weeds thing to think about, but having a well-oiled help desk (including people, process, and systems) will make the difference between waiting on hold for seconds vs. minutes and being connected with a capable engineer vs. a “level one” support rep who can only document your issue and pass it along. (More on this in a minute.)

These kinds of systems separate the capable, sophisticated operations from the fly-by-night operations.

A capable cloud provider will have an ACD (Automatic Call Distributor) phone system that queues calls in a FIFO (First-In, First-Out) manner and will provide real-time visibility into hold times and call volume.

Uptime Practice was a true miracle when the pandemic struck.  We moved to Uptime Practice and were working immediately.

Todd Tracy  –  The Tracy Law Group, PLLC

How Many Support Staff Do They Have?

An easy way to spot a smaller cloud provider that likely cannot meet the needs of your law firm is by looking at the total size of their support staff (and finding that it is smaller than you thought). We’ve seen small, local IT companies launch their cloud offering with no more than a small handful of total technical staff, including support and onboarding staff.

If you pointedly ask the provider how many total support staff they have and the answer is ambiguous or cagey, chances are the number is too small for your law firm. Or worse yet–they outsource some (or all) of their Help Desk staff.

A capable cloud service provider will have at least 3 onboarding specialists and no less than 6 dedicated, full-time help desk/support staff to provide proper IT services for law firms.

When You Call Their Help Desk – Who Answers?

You’re a busy law firm. You’re working tight deadlines. Your revenue and your reputation are at stake. So when you call your cloud provider’s help desk needing assistance, it matters who picks up the phone.

Some cloud service providers employ so-called “level one” technicians to triage inbound support calls. These entry-level technicians, while well-intentioned, often are only trained or authorized to handle the most basic support requests, such as resetting a password or advising you to reboot your computer. If any problems are more sophisticated than that, they tell you they’ll have to “escalate” to a “level two” engineer.

The IT hierarchy typically looks like this.

(Image Source)

Or worse yet, If you didn’t heed our earlier advice and went with a generalist cloud service provider — one that serves multiple industries (in addition to law firms) — chances are the support engineer you get won’t be trained in the software your firm uses. You’ll call with a question about your ProLaw software or maybe a problem with your firm’s Time Matters, only to be told that that particular support rep doesn’t know that software, and they’ll have to call you back.

Not the experience you want when so much is on the line.

Section 5:

Compliance Assistance and Additional Features

Do They Help You Stay Compliant?

Does your firm need to be HIPAA compliant? Perhaps you need to meet PCI or SOX compliance requirements?

Or maybe you don’t, and you simply want to keep your data very secure and avoid running afoul of your state bar association. (If so, kudos to you.)

A capable, legal-grade cloud service provider will not only maintain the strictest levels of information security, but they’ll also provide tools for your firm to stay secure and remain (or become) compliant with many third-party regulations.

Tools and options include:

  • Two-Factor Authentication support.
  • Restricted Access Options (limiting who can log in, from where).
  • Policy-based Email Encryption.
  • Email Archive, Retention and Legal Hold.
  • Email Disclaimer.
  • Onsite Cloud Backup (keep a copy of your cloud data onsite).
  • Military-grade Encryption
  • 24 x 7 Network Security Monitoring
  • Strict Password and Access Policies Enforced

Will They Support Your Local Environment?

This may be the most important item on this list. Most cloud service providers will (naturally) provide some level of support for their cloud platform and some limited support for the software you run within it.

But what about your local environment? Will they support your local desktops and laptops? Your printers and scanners? Your local network? Your wireless router?

Unfortunately, many cloud service providers either draw a hard line here and outright refuse to support your local environment (“Your hardware is your problem”) or charge extra fees, possibly hourly consulting fees, to support your local environment.

You should never be told by your private cloud provider that for certain things, “You need to call your IT company.” The cloud provider is supposed to be your IT company.

An end-to-end private cloud platform should include both hosting for all of your technology and unlimited support — for everything. The cloud. Your software. Your hardware. Everything. And for a simple, transparent, fixed fee.

Section 6:

Contractual and Financial Considerations

Will You Have to Sign a Long-Term Contract?

The cloud is meant to give you flexibility: To add and remove staff, add or remove storage, and work from anywhere. So, it’s counter-productive when a cloud service provider requires you to sign a contract for one, three, or five years. You need to be agile to change the makeup of your cloud plan and, if necessary, to be able to change directions completely.

Avoid long-term contracts. Your cloud service provider should offer a simple, month-to-month term.

Closing the Loop

These are the top questions you should ask any potential cloud service provider for your law firm.

Is your firm looking for a cloud provider? Take my advice: Print this article out.

Ask each company you’re interviewing every question on this list. If the answer is anything other than what we recommend in this list, or if the answer seems vague, ambiguous, or even cagey, keep looking.

What company you ultimately host your applications and data with will be one of the most important decisions you make for your firm.

Good luck.