The Mutable Cloud

Emmerson observed that “nature is a mutable cloud, which is always and never the same”. The same observation can be made about web-based practice management systems.  In her latest screencast, Nicole Black does an excellent job in reviewing the mutable world of web-based practice management systems. She does an excellent job of comparing and contrasting the features of the 3 major players in the web-based LPM world (Clio, LawRD & Rocket Matter) with on-screen demonstrations of each of the systems. If you are thinking of investing in a web-based LPM service, Ms. Black’s screencast is a must see.

While Ms. Black does provide some general words of warning about the ethical traps and general risks involved with using web-based systems (in fact, I applaud her insistance that one checks out the service’s data backup and recovery systems before investing), I would have liked more in-depth information on these subjects.When I’ve looked into the ethical issues of SaaS LPM, I have found that the only way an attorney can meet their ethical obligation to use reasonable care to protect client data is if there is an enforceable obligation to preserve confidentiality and security between the attorney and the vendor, and available technology is used to guard against foreseeable attempts to infiltrate the data. While SaaS LPM vendors promote their data security, encryption and secure backup as selling points, their Terms of Service agreements are quick to disclaim any obligation to preserve reliability or data integrity, or to prevent unauthorized access or alteration.

As for the costs of data loss, studies show that on average, an hour of data loss/theft costs $50,000 and that 60% of all businesses that suffer a data loss close within 6 months of the event. Given that hardware malfunctions and external attacks are the leading causes of data loss/theft, I don’t see how increased Internet exposure of client data is a good thing. While one can mitigate the possibility of hardware failure by using in-house backup systems (and given plug-n-play systems like HP’s media servers or Apple’s time capsule there is very little cost to do so) and/or by using NAS RAID arrays for data storage. As for external attacks, the only sure way to avoid them is to isolate client data from the Internet. Barring that,  keeping client data behind a firewalled router and a DMZ (again there are several plug-n-play examples out there) seems a reasonably safe compromise.

My guess is that one’s stance on SaaS LPM v. standalone systems comes down to risk-tolerance, evaluation of the ROI and philosophy.  I don’t buy the general assumption that SaaS LPM is always cheaper to operate than a standalone system. When I work long term numbers, I can never get a positive ROI for a SaaS system. My hardware costs are the same whether I invest in a standalone system or a SaaS system. While the initial buy-in for SaaS is typically lower than the initial buy-in for most standalone systems, I have found that the on-going costs of a SaaS LPM are typically 2-3 times that of most standalone systems. While there are some time-related costs involved in maintaining a standalone system, I have yet to invest more than 10 minutes a quarter in such maintenance.