So you want to hear more information about this thing they call “cloud computing,” huh? Well many companies are moving business information and computing into a cloud environment, should law firms be there too? This ABA TechShow presentation covers some basic cloud computing concepts and certain risks and concerns that lawyers should consider before moving their law practice into the cloud.
For additional information on this presentation, please contact Antigone Peyton (antigone.peyton@cloudigylaw.com).
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Taking Your Practice Into the Cloud (2011)
1. April 11-13, 2011
www.techshow.com
Taking Your Practice
Session Title
Into the Cloud
Presenters
Presenters
Antigone{Name}
Peyton
John Simek
{Name}
PRESENTED BY THE
April 11-13, 2011
www.techshow.com
3. Cloud Computing 101
for Lawyers
• Cloud Computing-NIST Definition
(Jan. 2011)
– A computing model for enabling
convenient, on-demand network
access to a shared pool of computing
resources (e.g., networks, servers,
storage, applications, and services)
– Resources can be consumed w/
minimal management effort or service
provider interaction
April 11-13, 2011
www.techshow.com
4. Cloud Computing 101
for Lawyers
• Cloud Computing-NIST Definition
(Jan. 2011)
– This cloud model is composed of five
essential characteristics, three
service models, and four
deployment models
• NIST Definition of Cloud Computing (Draft), Peter Mell and
Tim Grance, available at
http://csrc.nist.gov/publications/drafts/800-145/Draft-SP-800-
145_cloud-definition.pdf
April 11-13, 2011
www.techshow.com
5. So What Does This
Mean?
• You pay for what you use (economic
model)
– Per user/per month
– Amount of space or computing power used
in a given unit
– Number of uploads/downloads
• Someone else takes care of the IT
hardware and software
• Outsourcing computing infrastructure
April 11-13, 2011
www.techshow.com
6. 5 Essential Characteristics
• On demand self-
service
• Broad network access
• Resource sharing with
others (multi-tenancy)
• Rapid elasticity
• Measured service
April 11-13, 2011
www.techshow.com
7. Service Models
• SaaS-“Software-as-a-Service”
– Common service model for lawyers
– Interact with the software that you
bought the rights to use to consume
computing power
– Clio, Rocket Matter,
NetDocuments,
Google Apps
April 11-13, 2011
www.techshow.com
8. Deployment Models
• Private-I want my own data island
that you or I manage
• Community-I will share with
others of like needs and interests
• Public-I will share the servers,
applications, and computing
resources with others
• Hybrid-A little bit of both choices
April 11-13, 2011
www.techshow.com
9. Reliability
• Network Technology
• DNS
• Redundancy-data in more than
one location
• Elasticity-reacts to ebb and flow of
data usage
• Risk assessment-cyberthreats and
Internet infrastructure attacks
April 11-13, 2011
www.techshow.com
10. Reliability
• Cyberattacks on the rise
– Symantec annual threat review found
# of Web attacks rose 93% in 2010
– Expected increase in attacks on
social networks
– Shift to mobile devices
April 11-13, 2011
www.techshow.com
11. Internet Access
• Centralized storage and
accessibility over the Internet gives
rise to good accessibility
• Good mobility
• Platform indifferent-
Windows/Mac/Linux
• iPad/Netbooks
• Smartphones
April 11-13, 2011
www.techshow.com
12. Client Access
• Internet
• Dedicated circuit
• Browser
• Client app
– 2 Factor
April 11-13, 2011
www.techshow.com
13. Confidentiality
• Systems built with access security
measures
• Data structure protects different
users data from intermingling
• Reasonable measures to protect
information
• Similar considerations to third
party vendor situations
April 11-13, 2011
www.techshow.com
14. Data Security
• Encryption on servers
• Enterprise style user security
• Lack of local storage can protect
data (reduced risk of lost laptop
problem if local data not
encrypted)
April 11-13, 2011
www.techshow.com
15. Data Security
• Security certifications and
approved security protocols
• Physical security
• Technical/virtual security
• Beware of compromised security
certificates (e.g., Comodo SSL
certificates compromised)
April 11-13, 2011
www.techshow.com
16. The Ethics of Cloud
Computing
• More detail on this in later panel
discussions-hot topic!
• Bottom line of opinions:
– Understand the technology & how it works
– Take reasonable steps to protect the
information
• At this point, not per se violation of ethics
rules to put client data in the cloud
April 11-13, 2011
www.techshow.com
17. Data Privacy
• Encryption
• Export restrictions
• Processing
restrictions
• Who can look under
the hood?
• Patchwork of federal
& state laws
April 11-13, 2011
www.techshow.com
18. Cross-Border
Considerations
• EU Directives and member state
implementation and enforcement
mechanisms
• Canadian federal laws (PIPEDA,
Privacy Act) and province-specific
restrictions and protections
• Export control
• Always consider server locations &
application of local laws
April 11-13, 2011
www.techshow.com
19. Implementation
• Private vs. public cloud
• Outsourced private cloud
– Federal Government
– City of LA “Gov Cloud”
• Hybrid cloud
April 11-13, 2011
www.techshow.com
20. Other Considerations
• Financial stability of cloud provider
• Bankruptcy backup plan?
• Data ownership/possession/control
are divided between the firm and
the provider(s)
• FRE 34-”Control” read broadly by
most circuit courts
April 11-13, 2011
www.techshow.com
21. Other Considerations
• Data backup
– Local or remote & encrypted
• Backup includes a fully functional alternative if
the primary provider encounters issues?
• Who are you contracting with?
• What are the contractual duties regarding data
access, transfer, guaranteed minimum
downtime
April 11-13, 2011
www.techshow.com
22. Read The Contract!
• The contract (TOS, SLA, Privacy
Policy) governs the parties rights
and obligations
• Is it updated regularly and applied
nunc pro tunc to existing
customers
• What are the cloud provider’s
obligations?
April 11-13, 2011
www.techshow.com
23. Read The Contract!
• A real cloud contract (TOS)
• (1) The Service is provided on an “as is”, “as available” basis
and CoX expressly disclaims all warranties, including the
warranties of merchantability and fitness for a particular
purpose.
(2) CoX and its …. affiliates does not warrant that:
(a) the Service will meet any specific requirements;
(b) the Service will be uninterrupted, timely, secure, or error-
free;
(c) the results that may be obtained from the use of the
Service will be accurate or reliable;
(d) the quality of any products, services, information, or other
material purchased or obtained through the Service will meet
any expectations; and
(e) any errors in the Service will be corrected.
April 11-13, 2011
www.techshow.com
24. Upgrades
• Ability to control?
• Cost
• Latest version(s) integrated
• Customization options vs. provider
driven software changes
April 11-13, 2011
www.techshow.com
25. Exit Strategy
• Data export options
– Quicken Online
• File formats
• Data conversion or re-creation of
native environment
April 11-13, 2011
www.techshow.com
26. Information Governance /
Records Management
• Migration of data into/out of the cloud
• Identification and application of data
retention requirements
• Impose company retention/destruction
needs on providers
April 11-13, 2011
www.techshow.com
27. E-Discovery & Legal
Compliance
• Subpoenas
• Government investigations
• Ability to provide discovery of
particular custodians’ data?
– No such thing?
• What if you are a
non-party?
April 11-13, 2011
www.techshow.com
28. E-Discovery & Legal
Compliance
• Specific bar association opinions
on duties (e.g., Arizona opinion)
• HIPAA
• Data breach notification
– Who is required to notify?
– Who do they notify?
April 11-13, 2011
www.techshow.com
29. Save the Date
ABA TECHSHOW 2012
March 29-31, 2012
Hilton Chicago
April 11-13, 2011
www.techshow.com