In Comparing the Cost of SaaS LPM Tools to Conventional: The Metrics That Matter Carolyn Elefant presents a well considered argument that simply comparing the cost of software as a service practice management (SaaS LPM) tools to conventional desktop ones (as I do in: RocketMatter & Clio) isn’t accurate as it does not incorporate the intangible benefits inherent in the SaaS model such as the reduction in IT support costs, office space requirements, hours lost responding to client requests for updates, etc. I do have to agree with her assessment that one should make this type of externalities-based comparison when choosing a LPM system. However, I believe that for all its positives, the SaaS model has some serious flaws to overcome.
Current SaaS LPM offerings are immature technology that require reliable a high-speed Internet connection and offer no off-line capabilities. Whereas desktop systems tend to be mature software offerings from stable companies with long track records and most desktop systems offer some form of mobile access. Buying into one of the current SaaS solutions means risking mission-critical software on the belief that you will have Internet access 24/7/365 and that nothing will fail in the electronic chain that connects your computer to the SaaS provider’s servers.
Then there is the attorney’s ethical duty to use reasonable care to protect client data. While it appears that when an attorney provides a third party software vendor, the reasonable care standard could be met if there is an enforceable obligation to preserve confidentiality and security between the attorney and the vendor, and available technology is used to guard against foreseeable attempts to infiltrate the data. While SaaS LPM vendors promote their data security, encryption and secure backup as selling points, their Terms of Service agreements are quick to disclaim any obligation to preserve reliability or data integrity, or to prevent unauthorized access or alteration.
There is no doubt that SaaS LPM has great potential and can offer a good return on investment. However, any cost-benefit analysis should encompass the costs associated with the risks inherent in the technology.
Rural Lawyer 
Bruce,
Thank you for this response to my piece on SaaS. You are right to point out the risks of SaaS. At some point I would love to see an analysis of system breaches and how often they occur and what the damage is and then compare those findings to risk to data in general.
For example, about 6 months ago, I received notice from a federal agency where I worked 20 years ago that a box containing employee records and social security numbers had been misplaced and that I should be alert for identity theft, etc…My point is that potential breaches are always possible (though arguably more catastrophic if done on line). So while we consider the risks as we must do, it would be nice to have a way to evaluate and measure them based on past experiences.
Carolyn,
There are a number of studies out there that analyze the frequency and cost of security breaches. PrivacyRights.org‘s Chronology of Data Breaches offers a number of references on this issue. A quick way to estimate the cost of a data breach is to use Tech 404’s calculator.
Pingback: Metrics That Matter: Data Loss « Rural Lawyer