Skip to content
Law Society of Scotland
Search
Find a Solicitor
Contact us
About us
Sign in
Search
Find a Solicitor
Contact us
About us
Sign in
  • For members

    • For members

    • CPD & Training

    • Membership and fees

    • Rules and guidance

    • Regulation and compliance

    • Journal

    • Business support

    • Career growth

    • Member benefits

    • Professional support

    • Lawscot Wellbeing

    • Lawscot Sustainability

  • News and events

    • News and events

    • Law Society news

    • Blogs & opinions

    • CPD & Training

    • Events

  • Qualifying and education

    • Qualifying and education

    • Qualifying as a Scottish solicitor

    • Career support and advice

    • Our work with schools

    • Lawscot Foundation

    • Funding your education

    • Social mobility

  • Research and policy

    • Research and policy

    • Research

    • Influencing the law and policy

    • Equality and diversity

    • Our international work

    • Legal Services Review

    • Meet the Policy team

  • For the public

    • For the public

    • What solicitors can do for you

    • Making a complaint

    • Client protection

    • Find a Solicitor

    • Frequently asked questions

    • Your Scottish solicitor

  • About us

    • About us

    • Contact us

    • Who we are

    • Our strategy, reports and plans

    • Help and advice

    • Our standards

    • Work with us

    • Our logo and branding

    • Equality and diversity

  1. Home
  2. For members
  3. Business support
  4. Technology
  5. Cloud computing guide
  6. Getting started

Getting started

Think strategically

It is easy to get started with cloud computing, but you should still think strategically about making the move. For instance, your new cloud services will need to interact with your existing IT systems, which may involve a complex mix of internally developed applications and third-party software. Any move to the cloud will involve a certain amount of disentangling, data migration and decommissioning of existing systems. A sensible starting point is to simplify your existing IT system to establish what works well in-house and what would benefit from being moved to the cloud.

Private cloud v public cloud

The majority of cloud computing services are delivered through what is known as the public cloud. These services are offered on a ‘one-to-many’ basis. This means that the standard functionality of the service is offered to all, although some elements of configuration for individual needs can still take place. For example, using a public cloud-based email system would allow you to configure mailbox settings and dictate who has permission to access the service and from which devices, but would typically not allow you to demand changes to the supplier’s security policy. Public cloud services typically share hardware and software between multiple clients of the provider, with software-based security controls in place to make sure that one client cannot access another's data.

A key factor with public cloud services is that the terms of the contract tend to be fairly fixed. Provided you are satisfied with the functionality, compliance and security arrangements on offer, it is perfectly possible to run the majority, or indeed all, aspects of a legal practice using the public cloud, including email, document production, practice management, storage and networks.

By contrast, private cloud services are tailored more precisely to the needs of the customer. For example, it is usual for private clouds to be run on separate infrastructure, which adds an additional layer of physical security. As with more traditional IT procurement, more fully negotiated agreements are more likely to be put in place for private cloud offerings to meet specific customer needs, albeit such a bespoke arrangement is likely to come with a commensurate price tag.

As a balance between the two offerings, the hybrid cloud has emerged - an infrastructure that includes links between public and private clouds so that it appears as a single environment to users - while the component entities remain distinct. Larger organisations are likely to make use of a hybrid cloud offering, for example, using a private cloud to host sensitive data and critical workloads and a public cloud for less critical resources. Most smaller organisations are likely to use public cloud services, as this can lead to an easier (and quicker) implementation with standardised upgrade schedules and a lower overall cost.

Client considerations

A significant proportion of the data that a law firm may look to place in the cloud will relate to clients. Clients will have expectations that this data is held securely and safely, and in accordance with regulatory requirements and any engagement terms.

Unless specifically prohibited by the engagement letter, no specific client consent is required to make use of cloud providers as the law firm will generally be acting as a data controller . However, if the personal data is going to be processed by the cloud provider outside the United Kingdom and/or European Economic Area (EEA), it will be necessary for the law firm to satisfy itself that the security arrangements proposed are compliant with data protection requirements (including the UK General Data Protection Regulation and the Data Protection Act 2018), and that the requirements relating to international transfers of personal data are met.

Questions to ask providers

Cloud computing providers range from large, international organisations to local companies and others specialising on the legal or professional services market. It is important to ask some key questions to ensure a potential provider meets your service delivery, security and compliance requirements.

Questions to ask include:
  • What commitments around availability and performance of the services are being given?
  • How responsive is the support that the supplier provides if the service fails / becomes unavailable? Does this flow through to service credits to compensate for the service being unavailable?
  • Where will my data be held and processed (including remote access for support purposes)?
  • How easily can I get data back, both during and at the end of the service?
  • What backup arrangements are being offered if the service goes down? How quickly can that backup be accessed?
  • What security arrangements are in place?
  • What systems do I have to run in order to be able to use the service? Are there relevant formats that data / content will be stored in and are they consistent with my other systems?
  • How does pricing work? Do excess charges automatically apply if the number of intended users is exceeded?
  • If using a shared rack in a shared data centre, what would happen to my data if another customer's server on my shared rack was seized, perhaps by a regulator for investigatory purposes?
  • Is any bespoke development work required so that I can use the service, or am I taking a standard service (possibly with some customisation)?

A cloud solution hosted on a dedicated server will come at a premium but should ensure a greater degree of security and control of your data and systems.

Add To Favorites

Additional

  • Cloud computing guide

In this section

  • Benefits and risks
  • Getting started
  • Key contract provisions
  • Data issues
  • Other issues
  • Service levels
Law Society of Scotland
Atria One, 144 Morrison Street
Edinburgh
EH3 8EX
If you’re looking for a solicitor, visit FindaSolicitor.scot
T: +44(0) 131 226 7411
E: lawscot@lawscot.org.uk
About us
  • Contact us
  • Who we are
  • Strategy reports plans
  • Help and advice
  • Our standards
  • Work with us
Useful links
  • Find a Solicitor
  • Sign in
  • CPD & Training
  • Rules and guidance
  • Website terms and conditions
Law Society of Scotland | © 2025
Made by Gecko Agency Limited