Yes, most law firms are rapidly moving to the cloud, with many already comfortably operating in the cloud environment. According to PwC’s latest law firm survey, 83% of Top 10 law firms are focusing on cloud modernisation – yet progress is mixed throughout the rest of the legal sector.
“Moving to the cloud” is not a strategy in itself. It’s a destination (that most firms should be working from, however), the migration to the cloud is only a part of the travel plan.
Recreating the Same Mess – at Altitude
For many law firms, cloud migration has become shorthand for progress. Boards talk about it as if it were an end state: once we’re in the cloud, we’ll be modern, secure and resilient. The thinking is understandable. Cloud platforms promise scalability, resilience and access to modern architecture. The marketing is compelling. The skies look clear.
But the problem is: the cloud does not always fix what’s broken on the ground.
Cloud is an enabler and a method of offloading risk and infrastructure costs, not a strategy. And firms that treat it as a strategy often discover (usually at pace and under pressure) that they’ve simply lifted old problems into a shinier environment.
One of the most common mistakes we see is firms replicating existing workflows, controls and behaviours inside a cloud platform. Same approvals. Similar workarounds. Same inconsistent data. Just hosted somewhere else.
The result is a technically successful migration that delivers little operational value. Users feel no benefit. Leaders wonder why costs have increased, with little operational gains.
If cloud adoption doesn’t coincide with process redesign, behavioural change and clear governance, it can become an expensive hosting decision rather than a transformation.
Disaster Recovery: Not Solved by Default
A surprising number of firms assume disaster recovery is “handled” once systems are cloud-based. In reality, resilience still depends on how your environment is designed, how data is backed up, how dependencies are mapped, and how people are trained to respond when something fails.
Key questions often go unanswered:
- What happens if identity services are unavailable?
- How quickly can critical legal systems be restored?
- Do we hold a copy of our data independently?
- Do partners and fee-earners know what to do during a live incident?
Cloud gives you tools. It does not give you a tested, firm-wide recovery plan. That still needs to be designed, exercised and owned.
Risk and Control Don’t Migrate Themselves
Law firms operate in a high-trust, high-risk environment. Client confidentiality, regulatory compliance and operational control are non-negotiable.
Cloud platforms introduce shared responsibility models, new access paradigms and different audit trails. If firms don’t rethink risk and control frameworks alongside migration, gaps emerge quickly:
- Over-permissioned users
- Inconsistent data classification
- Shadow IT flourishing faster than ever
- Limited clarity on who owns what – vendor, firm or individual
Moving to the cloud without updating governance is like changing aircraft without retraining the pilots.
Security is Behavioural, Not Just Technical
Cloud security is often described as “stronger by design”. That may be true at platform level. But most breaches don’t occur because a data centre was weak – they occur because people clicked, shared, reused or bypassed controls.
Cloud environments amplify this risk if adoption is poor. MFA fatigue, insecure integrations, unmanaged devices and rushed implementations can all undermine security posture.
Without clear policies, training and accountability, the cloud simply gives attackers a more efficient route to the same destination.
Adoption Evaporation
Perhaps the most overlooked risk is low adoption.
If lawyers don’t trust new systems, don’t understand them, or don’t see personal benefit, they will work around them – cloud or not. Productivity stalls. Data quality erodes. Reporting becomes unreliable.
Successful firms treat cloud programmes as change initiatives, not IT projects. They invest in communication, design around real working practices, and measure adoption rigorously. Because technology only delivers value when people actually use it.
Cloud as an Enabler – Transformation as the Outcome
None of this is an argument against the cloud. Quite the opposite.
Cloud can be a powerful foundation for modernisation: enabling flexible working, better data use, scalable platforms and faster change. But only when it is aligned to a clear operational vision.
The firms that succeed ask different questions:
- What do we want our lawyers and staff to do differently?
- Which processes genuinely need redesign?
- What risks are we prepared to carry – and which are we not?
- How will we measure success beyond “go-live”?
IT Project Management – Migration to Cloud
At Lights-On Consulting, we’ve spent years helping law firms navigate IT transformations that extend well beyond migration – shaping operating models, governance and behaviour so the technology actually delivers. If you’re planning a move to the cloud and want to make sure it lifts the business, not just the servers, the Lights-On team would be happy to talk.