Practicing law with SaaS

  • April 16, 2014
  • Luigi Benetton

The best lawyers have also always been excellent collaborators — how well you work with colleagues, clients and opposing counsel has often correlated with your overall success. That traditional advantage is about to carry over into the 21st century, thanks to the rise of collaborative online technology, often referred to as “Web 2.0.” Leading the way is the phenomenon known as “Software as a Service” (or SaaS).

What is Saas? It’s been described as software that doesn’t reside on your hard drive or office network, like Microsoft Word or Outlook. It’s software that you access through the Internet from a third-party provider outside your office, which hosts and operates the software. You pay that provider for it (on a one-time or subscription basis) just as you’d pay a traditional software provider for the program that resides on your own system.

It sounds simple, but its potential impact is far-reaching, because it enables lawyers to handle more of their business online than ever before. For example, instead of the tried-and-true MS Word or Excel, you can author documents and spreadsheets online using Google Docs. Instead of using MS Outlook for your e-mail, you can use one of a series of web-based e-mail applications (though beware of security issues).

But there’s more to SaaS than just office software. You can store and back up your documents digitally and securely on remote computer servers, rather than in paper ones in office cabinets. You can hold meetings online with Webex or plan projects with SharePoint or Basecamp, instead of bringing people together physically. You can even make business calls with voice-over-Internet-protocol (VOIP) services rather than a long-distance phone carrier.

Most strikingly, all you need to do this is a standard web browser like Internet Explorer or Firefox: SaaS users don’t install any software on their computers. Each application is “hosted” on another computer in the “cloud,” the symbol on computer network architecture diagrams that represents the Internet.

(Hence the term “cloud computing,” with which SaaS is often confused but is not synonymous — cloud computing is only one delivery mechanism for SaaS, points out Larry Port of RocketMatter, a Florida-based technology company providing web-based software for the legal services industry.)

Given the falling costs and rising availability of broadband Internet access, SaaS tools are feasible options, particularly for lawyers who work with a variety of people or regularly access information on the road. But are lawyers ready to share control over information that belongs to them and, more importantly, their clients?

Keep in mind that SaaS providers are generally outside the legal profession and outside the firm’s employ. “We are talking about putting our data in other people’s hands, outside of our offices,” says Jim Calloway, director of the Management Assistance Program of the Oklahoma Bar Association. “That’s what makes people nervous.”

Some of these worries resemble the ones that lawyers faced when they first started using email. “Email now travels over the Internet unencrypted and it goes through other people’s systems,” said Fraser. “There was a whole lot of hand-wringing over whether this would violate privilege, whether security was sufficient.”

“Clients themselves communicate with lawyers using email, so they implicitly consent to lawyers using email as well,” Fraser said, adding that disclaimer statements at the bottom of emails explain this implicit consent.

Those disclaimer statements helped strike a better balance between benefits and risks, and today, multitudes of lawyers check email on their BlackBerries without a second thought. Email completed the journey to widespread acceptability. Could SaaS be far behind?

Safe, At a Distance: Backups as an Online Service

There are two types of computer hard drives: those that have failed, and those that will. If you lose data to a hard drive crash, malware or a misplaced laptop, you need to replace at least three things: hardware, software, and client data. You can easily get replacement hardware and software from the respective vendors. But who will help you retrieve client data?

Questions like these have helped raise awareness of data backup among lawyers, although not enough practitioners actually get around to making and testing backups. So SaaS providers have now entered the data backup market, funneling their clients’ information onto their own servers.

“In my view, the main benefits of online backup are that it is done regularly, automatically and an offsite copy is made,” says Jim Calloway, director of the Management Assistance Program for the Oklahoma Bar Association. “[Hurricane] Katrina taught us that just taking a backup home, if you live within a few miles of your office, may not be a sufficient safeguard,” he adds.

Online backups often add one step that onsite backups might forgo — encryption. “Customers encrypt their data before it leaves their offices,” says Steve Rodin, president of data protection service provider StoragePipe Solutions Inc. “Customers choose the encryption keys, so we cannot look at their data. In many cases, we don’t even know what kind of data a customer stores with us.”

Online backup providers also tout typical benefits of SaaS: one monthly fee replaces hardware, software and maintenance costs of onsite backups; serving many customers results in economies of scale that help keep costs low; staff can drop routine backup drudgery in favour of more interesting work.

Yet many businesses also have a backup plan B. Calloway, for instance, recommends smaller firms back up to three separate portable hard drives. One stays on-site for daily backups, one should stay off-site every week, and a monthly backup on the third can stay in a bank vault or similarly secure spot.

Backup can be costly, however, and it may make economic sense to back up only current active data, rather than absolutely everything on your system. Not only that, but upload speeds lag behind download speeds. So Calloway omits “closed” data such as closed files from his backups. “The point of online backup is to back up today’s work,” he points out.

Rodin calls this continuous data protection, or CDP. “Many companies have a problem with people storing data on their laptops and PCs and not on centralized servers,” he said. The CDP feature ensures backups happen immediately as users saves files, as long as they have an Internet connection.

Calloway is sanguine when he handles objections about placing client data in another firm’s hands. “You can’t look at these services in a vacuum,” he said. “You have to recognize the risk of using online backup providers and minimize that risk.”
“But there’s a more significant risk in not backing up your data, or backing up your data but not taking anything offsite.”

All Together Now: SaaS Allows Lawyers to Create Documents Simultaneously, Collaboratively, and for Free

Collaboration has never been optional for lawyers. That fact spurred Tom Mighell and Dennis Kennedy to write The Lawyer’s Guide to Collaboration Tools and Technologies: Smart Ways to Work Together. Since Mighell lives in Dallas and Kennedy calls St. Louis home, the two lawyers decided to “eat their own dog food” and write every chapter collaboratively with Google Docs.

Mighell, senior counsel and litigation technology support coordinator for Cowles & Thompson PC in Dallas, praises the move. “It was just so much more convenient,” he says. “There would always be one version of the document. We wouldn’t have to e-mail back and forth. We wouldn’t have multiple copies of things on different computers.”

Web-based office productivity suites (word processing, spreadsheet and presentation software) are picking up steam across many industries, and law is just the latest. Users can create documents from scratch, although many people upload existing documents to get started. Co-authors and collaborators can then be invited to access the document and make changes, which are tracked and recorded so that previous versions can be resurrected if need be.

As with all things Saas-related, security must be dealt with. Mighell and Kennedy chose Google Docs while recognizing that its privacy is not ironclad. “Google’s security is probably better than any law firm’s security,” says Mighell, “but that’s not necessarily a reason to trust them. The Google Docs licence agreement makes it clear that they have access to that doc if they choose to access it.”

“The more sensitive and confidential a document is, the more you want to use something more secure, like a client extranet, where you have more control over document security than Google.”

Mighell also notes that online authoring tools frequently lack more advanced features such as headers, footers and tables of authorities common to their “installed” competitors. Meanwhile, those competitors have been stretching tentacles into the cloud. Adobe, for instance, offers a suite of five online applications called Acrobat.com that features the online authoring tool Buzzword. Microsoft supplements its Office suite with Office Live.

From a security standpoint, tools like Acrobat.com may prove more attractive than “pure” SaaS. For instance, Acrobat enables authors to imbue every PDF they create with 256-bit encryption and determine lifecycle rights management for each individual document. When software industry titans embrace SaaS, something big is going on.

Read the Fine Print

If you’re kicking a SaaS provider’s tires, looking under the hood means carefully checking the contract. Consider the words of Chris Bennett, an intellectual property lawyer with Davis LLP: “Many of the contracts start off remarkably one-sided in favour of the SaaS provider. It’s worthwhile taking a good look at that contract and focusing on the areas where SaaS is most vulnerable. It’s important to reduce risk as much as possible, both in the contract and practically.”

Larry Port, founding partner and chief software architect of Rocket Matter LLC, sourced a provider for his company’s servers that guarantees realistic “four nines” uptime (the service is available 99.99 percent of the time). “You want to be in that range,” he says. “If anybody offers you 100 percent uptime, I would be careful about that. There are things that are external to their service, just like any utility.”

And if you’re going to place mission-critical information into another company’s hands, don’t just test their technology — test their support and training options. “Send an e-mail or make a phone call and see what kind of response you get,” says Mike McDerment, CEO of online billing service Freshbooks.com. “That’s often the most telling way to evaluate a prospective vendor.”

An Ethical Decision?

SaaS providers don’t just keep your software on their servers. They store your information too — outside your firm’s firewall. That fact alone gives many lawyers pause. If the service meets all of a lawyer’s confidentiality and privacy concerns and those of the relevant bar association, SaaS may be an option.

David Fraser, a privacy and technology lawyer with McInnes Cooper in Halifax, suggests you float the idea with clients: “Discuss whether the convenience of the service outweighs risks to privilege, or determine what sort of information can go on these systems.”

Audit Clauses

To win a prospective client’s trust, some vendors offer tours of their offices and server facilities. Take them up on it, and take a good look around.

Has the vendor (in IT parlance) “hardened” the server facility? Hardening involves numerous details such as secure building access, quality server hardware and monitoring technology, sound backup facilities (including fuel tanks), and redundant Internet connections.

Tangible assets are only as good as the processes that govern them and the people who enact those processes. Ask the provider about hiring criteria, staff qualifications and the approach they use to protect your data.

“A number of privacy commissioners in Canada have said this is a good idea,” says Bennett. “Besides, it gives the SaaS provider a little additional motivation to do what they’re supposed to be doing.”

Even after you perform due diligence, what if the provider compromises privilege? “I would want to ensure that the liability of the company isn’t limited,” said Fraser. “I would want them to indemnify me against any claims that would be made against me as a lawyer for something that went wrong at the service provider’s end.” While a contractual demand like this might not be feasible, “I would rather have a service provider that would agree to stand behind their service.”

Saying Goodbye

Should you need to switch to another system, make sure you can easily extract all your data in a format that lets you quickly put it into another system. “Getting data out of an application is a resource- and bandwidth-intensive process,” warns Larry Port, a founding partner and chief software architect of Rocket Matter LLC.

Clients aren’t the only parties who can terminate a service agreement. “What happens if I don’t pay my subscription fee?” asks Mighell. “Do you shut me out of my data? If you cancel my account for non-payment, do I get my data back?”

Port welcomes these types of questions, even though. “Vendors have the responsibility to answer difficult questions about SaaS,” says Port— though as he points out, nobody seems to ask them before installing Microsoft or Adobe products.