Microsoft Word was created to torment me and it doesn’t help that I work in the legal services industry which relies almost exclusively on this digital torture apparatus. As I pointed out over three years ago in my exasperated post titled “Word”:

Microsoft Word is going to land me in an asylum, muttering to myself and occasionally laughing hysterically while making mouse click gestures in the air.

I think of myself as being pretty geeky and able to do all sorts of technical things, but operating Word effectively seems to be beyond me. Unfortunately it is the default tool used by lawyers and their clients virtually everywhere. It is probably really good software for people who have mastered Word formatting styles. I’m just not one of them.

Because collaboration on legal documents usually happens through a series of Word document version exchanges, it is still necessary to be able to create and work with Word documents in a meaningful way. I have explored numerous alternatives to Word ranging from Scrivener, Apple’s Pages and LibreOffice (very close) to MultiMarkdown documents (I already do all my Web-based work in MultiMarkdown) and relatively convoluted workflows to emulate basic Word capabilities and none of them have taken me far enough to replace Word entirely.

All this may have changed with Google’s recent Google Docs upgrades. Until then Docs’ formatting options were far too simplistic for Docs to be a viable option as a word processor for legal documents. As I pointed out previously:

It largely comes down to multi-level paragraph numbering and how referencing works in many legal documents. The starting point is a paper paradigm where legal documents are created with the intention that they are going to be printed out and still need to be functional.

Of the options I have explored, only LibreOffice and Pages have been able to produce documents with complex multi-level numbered paragraphs with the same ease that Word permits. It isn’t enough to manually add the paragraph numbers. When you are working with a document that is largely taking shape dynamically, the paragraph numbering has to work automatically and consistently or you will find yourself wasting time fixing numbering instead of focusing on the content and shipping that off to the next person to review.

Another historical problem has been that few Word alternatives have offered a good equivalent for Word’s Track Changes function which is an essential feature for document reviews. Anyone who has negotiated a contract can attest to just how complex the comments and markups can be. The best Docs could do, until recently at least, was a feature comparing versions of a document but that wasn’t very practical.

I started using Google Drive for Work after this year’s Google I/O. At first I was experimenting with the capability to work with Microsoft Office documents in their native formats in Drive and when I discovered that Docs has been upgraded with a number of pretty helpful formatting options that make multi-level paragraph numbering very easy. The style formatting options in Docs are not as complex as Word’s but, in this case, less is definitely more. You can add spaces before and after paragraphs, change line spacing and select numbering options and still produce pretty attractive and functional documents. Another terrific addition is Suggested Edits which basically works like Word’s Track Changes function (LibreOffice has a similar feature).

These updates prompted me to wonder how much longer I’ll need Microsoft Word, LibreOffice and Pages on my Mac. Could my business be conducted in the cloud? This starts to become possible although the one obvious concern is how secure my data is in Google Drive and whether using Google Docs places my clients’ confidential information at risk?

One of the features of Google’s Drive for Work which caught my attention was Google’s point that data is encrypted in transit and at rest in Google’s servers. Google’s answer to the question “Does Google encrypt my data” on its support page is the following:

Yes. Data is encrypted at several levels. Google forces HTTPS (Hypertext Transfer Protocol Secure) when users access Google Apps and uses 256-bit encryption for all transmissions between users and Google Apps services.

Google has also implemented Perfect Forward Secrecy (PFS) for Gmail communications. Forward secrecy requires that the private keys for a connection are not kept in persistent storage. Anyone who breaks a single key can no longer decrypt months’ worth of connections; in fact, not even the server operator is able to retroactively decrypt HTTPS sessions.

In addition to encrypting end-user transmissions, Google also encrypts message transmissions with other mail servers using 256-bit Transport Layer Security (TLS). This protects message communications when client users send and receive emails with external parties also using TLS.

Google is constantly working to extend and strengthen encryption across more services and links.

Google Apps includes mobile device management for Android and iOS which supports features such as device activation, remote data wipe and policy-based encryption. MDM puts you in control and makes it easy to let your users use their own devices to access corporate information without compromising on security.

The downside here is that the data is stored in Google’s servers, which are almost certainly offshore and in multiple locations. In contrast, firms that manage their data themselves likely make use of in-house servers or local data centres. The Law Society of South Africa published information security guidelines in 2011 which contain fairly detailed recommendations for how law firms ought to secure confidential information under their control. In the foreword to the guidelines, the author, Mark Heyink, made the following observations:

While guidelines to the implementation of information security practice have been developed which may differ from one another in form and emphasis, according to the profession or industry for which these standards have been developed, all credible information security practices are based on the principles which have been established and are documented in the ISO Standards. Three ISO Standards will be referred to in this guideline (ISO27001, ISO27002 and ISO27003). Two of the Standards have been accepted as South African Standards SANS27001 and SANS27002. ISO27003 was published in February 2010 and has not yet been adopted by the South African Bureau of Standards as a South African National Standard. These standards are sufficient to provide guidelines and a framework for the information security required by South African attorneys. There are additional guidelines which may assist attorneys in specific issues, for example record retention, ITC governance and digitisation of records.

Google published a blog post titled “Google’s cloud is secure. But you don’t have to take our word for it” which includes the following information:

We’re proud to announce we have received an updated ISO 27001 certificate and SOC 2 and SOC 3 Type II audit report, which are the most widely recognized, internationally accepted independent security compliance reports. These audits refresh our coverage for Google Apps for Business and Education, as well Google Cloud Platform, and we’ve expanded the scope to include Google+ and Hangouts. To make it easier for everyone to verify our security, we’re now publishing our updated ISO 27001 certificate and new SOC3 audit report for the first time, on our Google Enterprise security page.

It’s also worth bearing in mind that while many law firms do their utmost to secure their clients’ information as the Law Society recommends, far more firms lack the budget for that sort of security infrastructure or are still very much reliant on paper files which are not easily backed-up. Physical files have to be physically secured both onsite and offsite and practices vary.

Assuming Google keeps its promises and maintains its information security infrastructure, it seems to me that Google’s cloud services are a fairly secure option, even for lawyers who may otherwise place their trust in their local ISP and IT guy who maintains their internal file server, assuming they have an infrastructure as advanced as that.

Circling back around to the software that sparked this little voyage through security infrastructures and cloud services, Word is beginning to seem less and less essential to me in my day to day work. I’ve been using Google Docs for the sorts of documents I would have tried to use Word for previously and its working pretty well. You may think that working in a browser is a pretty flaky way to work but if you enable the offline syncing option Google Drive offers you, you’ll be pleasantly surprised by how capable Google Docs is, even offline.

Google_Drive_-_offline_sync_option

My only major reservation about Docs as a collaboration tool is my inability to meaningfully restrict downloads of Docs files I am collaborating on by people I am working with. What this means is just that I may need to change how I share documents with some people if them being able to download fully editable versions is a problem.

Sure, Docs isn’t as robust as Word or LibreOffice just yet (or perhaps that is just a perception based on Docs being a browser app) but what I haven’t had with Docs are hours of wasted time praying to the MS Office fairies to let me format my paragraph styles so they just work (you can define paragraph styles in Docs too, by the way, and they work for the most part). When you add in Google Drive’s collaboration features, you have a very compelling alternative to Word.

Perhaps its time to show Microsoft Word the metaphorical door.