remember the look on a colleague’s face recently when we had to wait a few seconds before boarding an elevator so my wife, who is also my law partner, could finish sending a fax from her Blackberry. With a slight grin, I thought simply: “Welcome to the world of cloud computing.”
What is SaaS?
If you’ve been following anything at all related to legal technology, you’ve no doubt heard the acronym SaaS, which stands simply for “Software as a Service.” As the term implies, it’s software, but instead of being installed on your own computer or server, it’s offered as a service, usually on a subscription basis.
Think of your cellular phone airtime, your cable TV subscription, or your broadband internet connection. All of these things are offered to you as a service by the provider. Your cable TV company doesn’t send you a DVD each month with all of their programming – rather, they serve content from their location to yours, and except for your end-user device (e.g. your cable box), all of the hardware and software is handled by them.
Although a relatively new concept in legal computing, SaaS for the legal industry seems to be catching on. In my opinion, SaaS is most apt to be used by solo practitioners and smaller firms, since larger firms tend to have in-house IT staff to manage their technology resources. Even so, SaaS could eventually be embraced by law firms of all sizes. However, for at least the time being, this article is written for the solo and small firm audience.
SaaS is built upon a simple concept: a user gets all the benefits of a sophisticated software application without the costs and maintenance requirements that would normally be involved if the software was installed on the user’s own system. Instead of having a server in your office host the application, that server is on the internet, and shared by hundreds, or maybe thousands, of users.
The benefits are obvious: lower hardware costs and less time spent maintaining hardware and software resources. With someone else keeping the server in tip-top shape and patching the software, the user gets to focus more on his or her clients, which can result in more billable time. The downsides, however, are less obvious, and take a bit more consideration. While SaaS is a convenient way for a solo or small firm to have an enterprise level application at their fingertips, computing “in the cloud” as they call it comes with some tradeoffs.
First and foremost, someone else is in control of and has access to your data. In the legal profession, where confidentiality is key, this is a big issue. Second, cloud computing only works if you have an internet connection. If you need to access your SaaS system right away and your internet connection goes down, well, you get the point. Third, while the up-front costs might be lower than licensing a traditional in-house application, over time, even with routine maintenance costs considered, the costs of an outsourced solution may meet or even exceed the in-house cost.
Finally, your SaaS application is only as good as your provider. If you sign on with a start-up that has a small client base and little capital, the service might not be much better than what you could get if you opted for a lower-cost, in-house, off-the-shelf application. These are just some of the issues that come to mind as I write this article. Certainly there are more things to consider, and each user will have their own specific requirements. Our own experience with hosted email taught me a lot about what our specific requirements were, and below is a brief self-assessment of our firm’s foray “into the cloud.”
How have we incorporated SaaS?
I’ve been asked several times, by both fellow attorneys and those in the IT field, what application my firm uses for electronic mail and calendaring. They’re usually surprised when I tell them that we use Microsoft’s Exchange with Research in Motion’s (RIM) Blackberry Enterprise Server (BES). Why is that? They’re surprised to hear this because, at least in my opinion, most people feel that Exchange and BES require special dedicated hardware, expensive software licensing, and a level of in-house administration and maintenance that most solo’s and small firms simply cannot afford.
So how do we do it? Simple: after running Exchange in-house from our Windows Small Business server for a short period of time, we opted instead to use a hosted Exchange provider with hosted BES. With hosted Exchange, we enjoy all the features of having an in-house Exchange server and a BES, without any installation and maintenance concerns. Since we are using a third-party’s server on a ‘subscriber’ basis, all we have to do is pay our monthly fee and configure some of our account-specific options, and our provider takes care of the rest, such as purchasing, installing, and maintaining all necessary hardware and software.
Although we have total confidence with our chosen hosted Exchange provider, we didn’t come at it easily. Before settling where we are now, we actually had another hosted Exchange provider, and we even tried a totally different platform for a brief period of time. The lessons we learned were invaluable, and taught us a lot about shopping for SaaS-based services. With the right provider, you should be able to rest easy knowing that your outsourced solution is secure, accessible, and reliable.
Once you’ve decided that a hosted application is right for you, my suggestion would be to evaluate prospective providers based on three criteria (you may have more): terms of service, reliability, and accessibility. Our fourth criteria, cost, is not highlighted here because, after all, it’s either in your budget or it’s not – it’s as simple as that. So let’s get into more detail on my three criteria.
The provider’s terms of service.
This was the single most important criteria for us. A single term which we found ethically or professionally objectionable was a deal-breaker, and we looked no further at the provider. And with respect to a provider’s terms of service, we looked the closest at privacy and confidentiality. We found some providers’ terms of service outright unacceptable, especially those that contained sweeping language allowing the provider to access and view our data for any reason whatsoever, and without notice.
Essentially, we felt that signing on under such terms almost immediately would amount to a breach of the duty of confidentiality we have with our clients. (In some jurisdictions, you might even be breaking the law or committing professional misconduct by agreeing to such terms, so check your local requirements!) After all, with such an open-ended grant of access, how could we have been assured that bored system administrators wouldn’t use our client’s data as their own personal soap opera? This might be a little farfetched, and I’m sure provider administrators have better things to do with their time, but you get my point.
The most common language we found was that allowing for access where required by law, to carry out the business of the provider (such as in performing data integrity and anti-virus checks), and in enforcing the terms of service themselves. Personally, we didn’t see a problem with this language, as it seemed reasonable from the provider-perspective, while allowing a substantial amount of confidence for us that our data would remain confidential. Finally, and least common, is language which simply prohibits the provider from accessing and viewing a customer’s data. The problem with this type of agreement is that it’s rare from what we’ve seen, as we’ve only seen it with one provider to this day.
At the end of the day, you’ll have to review the terms of service presented to you by each provider you are considering, and consider those terms of service against your jurisdiction’s laws, rules, and regulations. If in doubt, call your local bar association, or whatever organization regulates lawyers in your jurisdiction. And the best advice I can give is this: don’t just click “I Accept” when prompted undefined read the terms of service thoroughly. You’ll be glad you did.
How reliable is the provider?
By “reliability” I mean both uptime and backup. ”Uptime” refers to the amount of time that the network service is on, accessible, and running properly. For example, what good is anything else if your provider is only up 70% of the time? What if you need it the other 30%? For this reason, we looked for a provider with a high uptime rate (something like 99.9% or higher, and yes, there is higher), and we scoured the internet to see if any customers posted forum comments which contradicted those claims. With respect to backup, we looked at the provider’s backup frequency, their guaranteed backup time, and the amount of history that was available.
For hosted Exchange, this might be less important if you’re using a cached mode where you always have a backup copy of your server’s data on your local machine. In cached Exchange, you have an automatic backup on your local machine in the form of an “.ost” file. If you need a “.pst” file for importing and exporting, you can simply create one on the fly using Outlook. We keep localized “.ost” files on multiple machines, and archive older data to a “.pst” file. We then back the archive “.pst” up locally and remotely. This is all in the event of something happening to our Exchange host, which itself is mirrored and backed up.
However, for SaaS practice management, billing, and document collaboration applications, to name just a few, the ability to constantly have access to download a complete and updated backup copy of your data, in a non-proprietary readable form, is crucial. Even if your provider tells you that their systems are backed up to 50 different servers all over the country, if they don’t offer you the ability to locally (i.e. on your own machines) backup your data on your own and at any time, I would look elsewhere.
This criterion will hold different importance to different users. I am frequently out of the office, so for me, I need access to my email anywhere, whether I’m in my office, at home, on the road, or using my Blackberry. For this reason, I made sure that we selected a provider with secure web-based email access and the option to connect to a BES.
When I log into the web client, I am essentially accessing my server-based Exchange store with my folder hierarchy in place, just the way I see them in Outlook. Using the BES, any changes I make on my computer or via the web are automatically “pushed” to my Blackberry, and vice versa (with some limitations). Since lawyers are increasingly mobile, this type of remote access may be critical. Before deciding on a provider, check out the types of mobile services they offer, and at what prices. Your account should be flexible enough to provide you with the ability to add and remove users and mobile services as needed.
A word about trial periods, non-standard data formats, and provider- hopping.
Although I would encourage those considering a SaaS application to look favorably on those providers that offer “trial” or “evaluation” periods, I would add this cautionary note: don’t sign on to a provider with an eye towards repeatedly switching hosts. First, your data files may be extremely large, which means they will take a long time to download from and upload to each provider. Second, with each new provider you use, you have to worry about a copy of your data being at yet another location, and this time on a third-party’s server with whom you no longer have a relationship.
Third, for those of you considering SaaS providers that don’t store data in industry standard or non-proprietary formats (e.g. XML, SQL, CSV, or simple text), find out before signing up just how easy it is to get usable data back should you wish to leave. There’s nothing worse than deciding a month or two later that you want to switch to another provider, only to find out that your data is locked away in an unconvertible format. Do your homework now, to avoid problems later.
Cloud computing for the masses?
As with anything, do your research, know your local requirements, check to see what people are saying on internet forums, ask all the questions you can think of, and even ask a prospective service provider for references. Done right, SaaS can be a wonderful thing. Good luck!
|
Jason Molder's picture will arrive momentarily. We apologize.
Jason L. Molder is a Florida attorney and practices in a two-attorney firm with his wife, Nicole. His practice is generally limited to construction, condominium association, creditor’s rights, information technology, and e-discovery law.
He has worked in law firms of all sizes, from 2 to 500+ attorneys, and in addition to his legal practice, offers legal technology consulting to other attorneys.
Jason is a cum laude graduate of the University of Miami School of Law. For more information about Jason, visit his firm’s website at
www.molderlegal.com.
"SaaS application is only as good as your provider.
If you sign on with a start-up that has a small client base and little capital, the service might not be much better than what you could get if you opted for a lower-cost in-house off-the-shelf application."
|