25 Things To Ask Your Legal Private Cloud Provider

Raising the Bar:

25 Things To Ask Your Legal Private Cloud Provider

Every day, forward-thinking law firms ditch their servers and move to the cloud. We’ve seen more law firms make the switch to cloud-based platforms in the last 12 months than ever before, and the trend isn’t showing any signs of slowing.

And it makes sense. On-premise IT is full of headaches, unexpected costs, inflexibility and lack of security and reliability. Cloud-based solutions, conversely, offer security, mobility, reliability and scalability.

It becomes easy to see why so many law firms are moving to the cloud. Many of these law firms have, and are committed to, “traditional” or premise-based Legal Practice Management software. Applications like Time Matters, PCLaw, Tabs3, ProLaw, Needles and others. A Private Cloud is a platform that will host all of a law firm’s technology, including its practice management software.

Related: Private Cloud – a Primer for Law Firms

With so many law firms moving to a Private Cloud, there are also many companies jumping on the private cloud bandwagon, claiming “me too!” and throwing together their own cloud offering.

Which is a problem.

Here’s why. Many small, local IT consulting companies, who are losing business and revenue by the truckload to the cloud, have spun up their own cloud service in a desperate bid to stay afloat. Meanwhile, some software companies have done the same in an attempt to keep their software relevant for a bit longer.

But providing cloud services for law firms isn’t for newbies.

There are a number of serious issues to consider before selecting a cloud service provider. The legal profession has unique security, ethical, and

compliance requirements to factor into the selection of a cloud provider. Law firms also have specialized software and mobility considerations that few

cloud service providers are equipped to handle. Many cloud service providers—including otherwise capable and reputable providers—simply do not understand legal practice, issues surrounding privileged client information, nor do they have experience working with legal specific software.

Related: Download Now – 25 Things to Ask Your Legal Cloud Provider White Paper

The consequences of choosing the wrong provider can be devastating to a law firm. So to help you, our readers, friends and our colleagues separate the high-risk providers from the gold-standard ones, we’ve put together this list of 25 things to ask your potential Private Cloud provider.

1. Is the Cloud Provider Well-Regarded in the Industry?

New cloud service providers are popping up every day. Small local IT firms are rebranding themselves as cloud providers to avoid losing clients. It is imperative you ensure that your selected provider is established and reputable: Make certain business and legal authorities such as the Inc. 5000 list, the American Bar Association, and one or more state bar associations have recognized them.

A high-risk provider is one that is unknown to the larger legal technology community, or only known in a single city or region. Risks include slow response times, inexperienced technical support, system downtime, or worse, the provider simply going out of business.

2. Are They Exclusively Focused on the Legal Industry?

Numerous cloud service providers offer services to any business or industry. While they may be technically proficient, they typically do not have the experience to understand attorney’s ethical obligations and compliance requirements, and likely will not have deep experience in legal software used by law firms.

This means you should narrow your list to cloud service providers that exclusively service the legal industry. Some generalist cloud service providers may even claim to specialize in legal, though upon closer review, you will often find that legal is just one of many industries they serve.

If, in additions to law firms, you find that they serve accounting firms, healthcare, manufacturing, or… retail pizza: Avoid the riff-raff, and keep looking.

3. Is Cloud Service Their Primary Business?

In recent years, many companies not originally in the business of cloud computing have lost market share to the cloud, and often react by spinning up a cloud offering. This group includes software companies, local IT companies, and telecom/telephone companies.

As we’ve already discussed, these companies are desperately trying to stay relevant and stem the loss of business to the cloud. The significant risk to your firm is that in all likelihood, they will lack an independent, software-agnostic perspective, and will lack the infrastructure, and software acumen to provide a reliable, dependable, and secure cloud platform.

4. How Many Law Firms Do They Service?

We’ve seen cloud service providers claim that they service “a lot” of law firms. They may even have a web page or two dedicated to the legal industry. But when peeling back the layers of the onion, you’ll often find that this claim is… aspirational.

You’re a law firm. Your industry is special. It has unique needs. Make sure your chosen cloud service provider has law firm clients in the hundreds.

5. How Many New Law Firms Join Them Every Month?

In addition to how many law firms the provider currently serves, its important to understand how many new law firms sign up and become clients every month. This isn’t just about bragging rights, it speaks to acumen and experience.

A cloud provider that routinely onboards 10 or more law firms every month will have a defined and refined process for moving a law firm to the cloud.

Think about moving your law firm from its on-premise servers to the cloud: You have applications, databases, files and folders and email to move. You have printers and scanners to integrate and mobile devices to connect. Moving to a private cloud is a little like a heart transplant, and each of these components are like the arteries. Make sure you have a skilled surgeon performing the operation–one that consistently executes this process again and gain.

6. Will Your Data be Stored in the US Only?

Every bar association agrees that all client and confidential data should be stored within the continental United States. Surprisingly, the locality of where your data is stored is ambiguous or simply no defined by many cloud service providers. Microsoft’s own Office 365 states that your data may be stored or backed up to countries outside the US. This is one more reason to use a cloud service provider that is legal-centric, and only services the legal industry. If your firm’s data is stored or backed up to a country outside of the US, it can create a host of potential ethical issues.

7. Will You Retain Exclusive Ownership of Your Data?

Do not assume that data you store in the cloud belongs exclusively to you, even if the provider is well known and reputable. For example, in 2012, Google Drive came under fire for claiming the rights to anything a user uploaded, in perpetuity. Once you decide to use a cloud provider, make certain that the fine print includes unambiguous, perpetual ownership of any data you store on their cloud.

8. Will They Support Your Software? Can They?

There are plenty of companies willing to host your legal software. But generalist Cloud Service Providers simply cannot be relied upon to provide best practices to support your practice management, document management, and billing/accounting software.

The Cloud Service Provider you select will not merely host the software your firm relies upon, it should also provide first-call support for your applications, and apply security and application patches and updates as necessary, so that you can focus on practicing law. Ideally, your cloud service provider will have a strong working relationship with major legal software publishers so they have rapid access to the software company’s team when necessary.

Where such a designation exists, your cloud provider should be certified in hosting and supporting that application, such as Time Matters or PCLaw.

Unfortunately, we’ve seen to many cloud service providers take a so-called “best-effort” approach to supporting third-party software, such as your practice management software, leaving you stuck in the middle when the cloud provider blames the software for your challenges, and the software company blames the platform.

9. Is Their Cloud Optimized to Host Your Legal Software?

Anyone can sell you cloud hosting, cloud servers or virtual desktop services. But just like the legal profession is unique, so is the software that’s used in it. Legal practice management software, document management software and accounting software is very nuanced: It must be installed and managed in a very specific way, and the servers that host it must be built a very specific way.

Applications like ProLaw, Worldox, iManage and CopiTrak are just a few applications that have very specific requirements in terms of resources (computing power) and configuration. Some of these applications require a dedicated indexing server. Others require a minimum amount of CPU cores. You local IT guy or the non-legal-savvy cloud provider may not know this.

But you’ll find out the hard way, when your software doesn’t work right, or when the software company refuses to support you because the hosting environment doesn’t meet their requirements.

A good way to tell a cloud provider that clearly understands the requirements for your software: When you engage with the sales team, are they familiar with your software, and do they have a ready-made cloud configuraiton they can quickly quote? If not: steer clear, they’ll be learning at your expense

10. Do They Have a Tier-One Data Center?

Ensure that your chosen cloud provider hosts within Tier-One data center. This means your data will be stored within a data center that includes:

  • Multiple redundant Uninterruptable Power Supply (UPS) systems
  • Dual incoming city power feeds
  • Dual backup power generators, routinely tested & audited
  • On-demand emergency fuel contract with local city
  • Routine environment & humidity testing
  • Multiple OC12 and OC48 Internet Connections
  • Four redundant connections to upstream Internet providers
  • Inert gas fire suppression systems (FM-200)
  • Flood prevention systems, routinely tested & audited
  • 24×7 closed-circuit video surveillance
  • Physical security enforced to common data center space
  • Physical security enforced to Uptime servers & equipment
  • Redundant HVAC and humidity control systems, routinely tested & audited
  • 24×7 monitoring of facilities and systems by onsite technical staff
  • Biometric encoded physical access

All of these requirements add up to one thing: that your systems and your data will be safe, secure and always available to you.

11. Is Their Data Center SSAE16 Audited?

As a law firm that stores data that is both critical to your firm and to your clients, it’s imperative that your chosen cloud service provider has a world-class data center. The good news is: You don’t have to hire a data center expert and fly him or her to the provider’s data center to examine their facility with a microscope: There’s already a standard for this.

The SSAE16 certification is an independent, annual audit that a data center goes through to ensure the highest levels of reliability, resiliency, security and management. Ensure that your cloud service provider meets this standard.

12. Do They Own the Server Equipment?

(Or are they just reselling someone else’s servers?)

Ensure the provider actually owns the server equipment. Some smaller Cloud Service Providers (especially local IT companies) simply rent servers or space from large public cloud providers such as Microsoft Azure or Amazon Web Services. This creates a significant problem as it complicates data ownership and seriously limits the cloud service provider’s ability to control and support the infrastructure, making them essentially intermediaries.

13. Do They Use Enterprise-Grade Servers?

Does the Cloud Service Provider host on enterprise-grade, name-brand servers such as Dell, HP or IBM… or did they cut corners by building their own “whitebox” servers? This matter for a whole host of reasons. Low-cost or new-to-the-market providers often try to save a few dollars (after all–building a sophisticated cloud infrastructure isn’t cheap) in this arena. This introduces significant risk to your firm, from downtime, to loss of data. Trust me: You have ethical obligations to keep your client’s data secure–saving a few dollars here isn’t worth it.

A reliable cloud service provider will employ name-brand, enterprise-grade server equipment that is under warranty by its manufacturer.

14. Do They Have an Enterprise-Grade Backup System?

Make certain you understand your Cloud Service Provider’s backup and disaster recovery system. A dependable, robust provider will have at least two

independent systems for backup and recovery. The backup strategy should include a file-and-folder backup, so you and your staff can quickly recover deleted files, and a “bare-metal” (or full virtual server) recovery system so the provider can perform a complete system restore in the event of a disaster..

The Cloud Service Provider should also be able to synchronize your data in the cloud back to a server or device at your site. This not only serves as an extra backup, but creates a geographically redundant backup that you can see and touch for yourself.

15. Do They Guarantee Uptime?

It’s important, especially to a law firm, that your chosen cloud service provider have a financially-backed Uptime SLA. Meaning: They guarantee that your cloud system will be “up,” or available, a certain percentage of the calendar year. A reliable provider will guarantee “five nines” of Uptime, or 99.999%.

What’s more, the cloud provider should clearly outline their maintenance windows, the time when they might take their systems down for scheduled maintenance, upgrades and repairs. There should be no surprises here–the last thing you want is to go to log in one day or evening–only to realize that you can’t log in and access your legal software, your documents or your email.

16. Do They Manage AntiVirus End-to-End?

Make sure that your cloud service provider not only provides antivirus protection for the cloud servers that your data and applications will reside on (of course), but that they also provide and monitor antivirus for each of your local computers (desktops and laptops).

After all–one of the purposes of moving to the cloud is to consolidate all IT management and support to a single platform and a single provider. Some cloud service providers leave you to your own devices (no pun intended) when it comes to managing security and antivirus for your local computers.

17. Do They Have Any Conflicts of Interest?

Be wary of conflicts-of-interest that may spell trouble for your firm.

For instance, beware companies who’s core business is making and selling software that also purports to be a cloud service provider. They may claim to be software agnostic… but the moment your software (which competes with their software) has a problem… don’t be surprised when their “solution” is to switch to their “house” software application.

We’ve seen this plenty.

Also, beware cloud providers that are really VAR’s (Value Added Resellers) in disguise. Companies that are in the business of selling and implementing software. Because (A) cloud hosting isn’t truly their forte, and (B) they have a vested interest in promoting the software they represent, which may not be the software your law firm uses.

18. What Will They Do if Served a Subpoena?

Your cloud provider should have a clear, documented policy on how to deal with subpoena’s if they’re ever served one regarding your firm’s data. Unsophisticated cloud providers might hastily react to a scary-looking legal letter or subpoena. A cloud-first, legal-first company will know better, and will have a clear process for notifying you and responding to any subpoenas.

19. Are They Fully Compliant With Microsoft (and other) Licensing?

This one’s critically important.

A cloud service provider that hosts Microsoft products such as Windows, Microsoft Office, Exchange, Remote Desktop and SQL must license these products via Microsoft’s SPLA (Service Provider License Agreement) model. It’s a strict requirement. Managing, reporting and paying these licensing fees are complex, and errors can lead to significant penalties to the cloud provider.

Under-experienced cloud providers are often either lackadaisical with managing their Microsoft (and other) license requirements, or–outright under-report to avoid paying the full bill due to Microsoft each month.

Why should you care?

If your cloud provider isn’t on their game with respect to tracking, reporting and paying their licensing fees, one audit from Microsoft (which is an inevitability for any cloud service provider) can wipe them out.

20. What Kind of Help Desk do they Operate?

Supporting the technology needs of hundreds of law firms takes more than a basic phone system. To efficiently and effectively manage incoming support calls–including helping your firm when you need help now, takes a sophisticated phone system to manage incoming calls and quickly route them to the most capable technicians. This may sound like an in-the-weeds thing to think about, but having a well-oiled help desk (including people, process and systems) will make the difference between waiting on hold for seconds vs. minutes, and being connected with a capable engineer vs. a “level one” support rep who can only document your issue and pass it along. (More on this in a minute.)

These kinds of systems separate the capable, sophisticated operations from the fly-by-night operations.

A capable cloud provider will have an ACD (Automatic Call Distributor) phone system that queues calls in a FIFO (First-In, First-Out) manner, and will provide real-time visibility into hold times and call volume.

21. How Many Support Staff Do They Have?

An easy way to spot a smaller cloud provider that likely cannot meet the needs of your law firm is looking at the total size of their support staff (and finding that its smaller than you thought). We’ve seen small, local IT companies that launch their own cloud offering have no more than a small handful of total technical staff–including support and onboarding staff.

If you pointedly ask the provider how many total support staff they have, and the answer is ambiguous or cagey: Chances are the number is too small for your law firm. Or worse yet–they outsource some (or all) of their Help Desk staff.

A capable cloud service provider will have at least 3 onboarding specialists, and no less than 6 dedicated, full-time Help Desk/support staff.

22. When You Call Their Help Desk – Who Answers?

You’re a busy law firm. You’re working tight deadlines. Your revenue, your reputation, possibly even lives are at stake. So when you call your cloud provider’s help desk, needing assistance–it matters who picks up the phone.

Some cloud service providers employ so-called “level one” technicians to triage inbound support calls. These entry-level technicians, while well-intentioned, often are only trained or authorized to handle the most basic support requests such as resetting a password or advising you to reboot your computer. Any problems more sophisticated than that–they tell you they’ll have to “escalate” to a “level two” engineer.

Or worse yet: If you didn’t heed our earlier advice, and went with a generalist cloud service provider–one that serves multiple industries (in addition to law firms), chances are the support engineer you get won’t be trained in the software your firm uses. You’ll call with a question about your ProLaw software, or maybe a problem with your firm’s Time Matters… wait on hold… only to be told that that particular support rep doesn’t know that software, and they’ll have to call you back.

Not the experience you want when so much is on the line.

23. Do They Help You Stay Compliant?

Does your firm need to be HIPAA compliant? Perhaps you need to meet PCI, or SOX compliance?

Or maybe you don’t, and you simply want to keep your data very secure, and avoid running afoul of your state bar association. (If so: good for you.)

A capable, legal-grade cloud service provider will not only maintain the strictest levels of information security, they’ll provide tools for your firm to stay secure and remain (or become) compliant with many third-party regulations. Tools and options including:

  • Two-Factor Authentication support.
  • Restricted Access Options (limiting who can log in, from where).
  • Policy-based Email Encryption.
  • Email Archive, Retention and Legal Hold.
  • Email Disclaimer.
  • Onsite Cloud Backup (keep a copy of your cloud data onsite).
  • Military-grade Encryption
  • 24 x 7 Network Security Monitoring
  • Strict Password and Access Policies Enforced

24. Will You Have to Sign a Long-Term Contract?

The cloud is meant to give you flexibility: To add and remove staff, to add or remove storage, to work from anywhere. So its counter-productive when a cloud-service provider requires you to sign a contract for one, three or five years. You need to be agile–to change the makeup of your cloud plan and, if necessary, to be able to change directions completely.

Avoid long-term contracts. Your cloud service provider should offer a simple, month-to-month term.

25. Will They Support Your Local Environment?

This may be the most important item in this list. Most cloud service providers will (naturally) provide some level of support for their cloud platform, and some limited support for the software you run within it.

But what about your local environment? Will they support your local desktops and laptops? Your printers and scanners? Your local network? Your wireless router?

Unfortunately, many cloud service providers either draw a hard line here, and outright refuse to provide any support for your local environment (“Your hardware is your problem,”) or charge extra fees, possibly hourly consulting fees, to provide support of your local environment.

You should never be told by your private cloud provider that for certain things, “You need to call your IT company.” The cloud provider is supposed to be your IT company. An end-to-end private cloud platform should include both hosting for all of your technology and unlimited support–for everything. The cloud. Your software. Your hardware. Everything. And–for a simple, transparent, fixed fee.

Closing the Loop

These are the top questions you should be asking any potential cloud service provider for your law firm.

Is your firm looking for a cloud provider? Take my advice: Print this article out. Ask each company you’re interviewing every question on this list. If the answer is anything other than what we recommend in this list, or–if the answer seems vague, ambiguous or even cagey: Keep looking.

What company you ultimately host your applications and data with will be one of the most important decisions you make for your firm.

Good luck.