taking your practice into the cloud (2011)
DESCRIPTION
So you want to hear more information about this thing they call “cloud computing,” huh? Well many companies are moving business information and computing into a cloud environment, should law firms be there too? This ABA TechShow presentation covers some basic cloud computing concepts and certain risks and concerns that lawyers should consider before moving their law practice into the cloud.For additional information on this presentation, please contact Antigone Peyton ([email protected]).TRANSCRIPT
April 11-13, 2011www.techshow.com
Session Title
Presenters{Name}{Name}
April 11-13, 2011April 11-13, 2011www.techshow.comwww.techshow.com
PRESENTED BY THE
Taking Your PracticeTaking Your PracticeInto the Cloud Into the Cloud
PresentersPresentersAntigone PeytonAntigone Peyton
John SimekJohn Simek
April 11-13, 2011www.techshow.com
Lawyers in the Cloud: A Brave New World
© Copyright, Museum of Science, Boston, reprinted with permission.
April 11-13, 2011www.techshow.com
Cloud Computing 101 for Lawyers
• Cloud Computing-NIST Definition (Jan. 2011)– A computing model for enabling
convenient, on-demand network access to a shared pool of computing resources (e.g., networks, servers, storage, applications, and services)
– Resources can be consumed w/ minimal management effort or service provider interaction
April 11-13, 2011www.techshow.com
Cloud Computing 101 for Lawyers
• Cloud Computing-NIST Definition (Jan. 2011)– This cloud model is composed of five
essential characteristics, three service models, and four deployment models
• NIST Definition of Cloud Computing (Draft), Peter Mell and Tim Grance, available at http://csrc.nist.gov/publications/drafts/800-145/Draft-SP-800-145_cloud-definition.pdf
April 11-13, 2011www.techshow.com
So What Does This Mean?
• You pay for what you use (economic model)– Per user/per month– Amount of space or computing power used
in a given unit– Number of uploads/downloads
• Someone else takes care of the IT hardware and software
• Outsourcing computing infrastructure
April 11-13, 2011www.techshow.com
5 Essential Characteristics• On demand self-
service• Broad network access• Resource sharing with
others (multi-tenancy)• Rapid elasticity• Measured service
April 11-13, 2011www.techshow.com
Service Models
• SaaS-“Software-as-a-Service”– Common service model for lawyers– Interact with the software that you
bought the rights to use to consume computing power
– Clio, Rocket Matter,NetDocuments,Google Apps
April 11-13, 2011www.techshow.com
Deployment Models• Private-I want my own data island
that you or I manage• Community-I will share with
others of like needs and interests• Public-I will share the servers,
applications, and computing resources with others
• Hybrid-A little bit of both choices
April 11-13, 2011www.techshow.com
Reliability
• Network Technology• DNS• Redundancy-data in more than
one location• Elasticity-reacts to ebb and flow of
data usage• Risk assessment-cyberthreats and
Internet infrastructure attacks
April 11-13, 2011www.techshow.com
Reliability
• Cyberattacks on the rise– Symantec annual threat review found
# of Web attacks rose 93% in 2010– Expected increase in attacks on
social networks– Shift to mobile devices
April 11-13, 2011www.techshow.com
Internet Access
• Centralized storage and accessibility over the Internet gives rise to good accessibility
• Good mobility• Platform indifferent-
Windows/Mac/Linux• iPad/Netbooks• Smartphones
April 11-13, 2011www.techshow.com
Client Access• Internet• Dedicated circuit• Browser• Client app
– 2 Factor
April 11-13, 2011www.techshow.com
Confidentiality
• Systems built with access security measures
• Data structure protects different users data from intermingling
• Reasonable measures to protect information
• Similar considerations to third party vendor situations
April 11-13, 2011www.techshow.com
Data Security
• Encryption on servers• Enterprise style user security• Lack of local storage can protect
data (reduced risk of lost laptop problem if local data not encrypted)
April 11-13, 2011www.techshow.com
Data Security
• Security certifications and approved security protocols
• Physical security• Technical/virtual security• Beware of compromised security
certificates (e.g., Comodo SSL certificates compromised)
April 11-13, 2011www.techshow.com
The Ethics of Cloud Computing
• More detail on this in later panel discussions-hot topic!
• Bottom line of opinions:– Understand the technology & how it works– Take reasonable steps to protect the
information• At this point, not per se violation of ethics
rules to put client data in the cloud
April 11-13, 2011www.techshow.com
Data Privacy• Encryption• Export restrictions• Processing
restrictions• Who can look under
the hood?• Patchwork of federal
& state laws
April 11-13, 2011www.techshow.com
Cross-Border Considerations
• EU Directives and member state implementation and enforcement mechanisms
• Canadian federal laws (PIPEDA, Privacy Act) and province-specific restrictions and protections
• Export control• Always consider server locations &
application of local laws
April 11-13, 2011www.techshow.com
Implementation
• Private vs. public cloud• Outsourced private cloud
– Federal Government– City of LA “Gov Cloud”
• Hybrid cloud
April 11-13, 2011www.techshow.com
Other Considerations
• Financial stability of cloud provider• Bankruptcy backup plan?• Data ownership/possession/control
are divided between the firm and the provider(s)
• FRE 34-”Control” read broadly by most circuit courts
April 11-13, 2011www.techshow.com
Other Considerations• Data backup
– Local or remote & encrypted
• Backup includes a fully functional alternative if the primary provider encounters issues?
• Who are you contracting with?• What are the contractual duties regarding data
access, transfer, guaranteed minimum downtime
April 11-13, 2011www.techshow.com
Read The Contract!
• The contract (TOS, SLA, Privacy Policy) governs the parties rights and obligations
• Is it updated regularly and applied nunc pro tunc to existing customers
• What are the cloud provider’s obligations?
April 11-13, 2011www.techshow.com
Read The Contract!• A real cloud contract (TOS)• (1) The Service is provided on an “as is”, “as available” basis
and CoX expressly disclaims all warranties, including the warranties of merchantability and fitness for a particular purpose.(2) CoX and its …. affiliates does not warrant that:(a) the Service will meet any specific requirements; (b) the Service will be uninterrupted, timely, secure, or error-free; (c) the results that may be obtained from the use of the Service will be accurate or reliable; (d) the quality of any products, services, information, or other material purchased or obtained through the Service will meet any expectations; and (e) any errors in the Service will be corrected.
April 11-13, 2011www.techshow.com
Upgrades• Ability to control?• Cost• Latest version(s) integrated• Customization options vs. provider
driven software changes
April 11-13, 2011www.techshow.com
Exit Strategy
• Data export options– Quicken Online
• File formats• Data conversion or re-creation of
native environment
April 11-13, 2011www.techshow.com
Information Governance / Records Management
• Migration of data into/out of the cloud• Identification and application of data
retention requirements• Impose company retention/destruction
needs on providers
April 11-13, 2011www.techshow.com
E-Discovery & Legal Compliance
• Subpoenas• Government investigations• Ability to provide discovery of
particular custodians’ data?– No such thing?
• What if you are anon-party?
April 11-13, 2011www.techshow.com
E-Discovery & Legal Compliance
• Specific bar association opinions on duties (e.g., Arizona opinion)
• HIPAA• Data breach notification
– Who is required to notify?– Who do they notify?
April 11-13, 2011www.techshow.com
Save the Date Save the Date
ABA TECHSHOW 2012ABA TECHSHOW 2012
March 29-31, 2012March 29-31, 2012
Hilton ChicagoHilton Chicago