Taking Your Practice Into the Cloud (2011)
-
Upload
antigone-peyton -
Category
Technology
-
view
880 -
download
1
description
Transcript of Taking Your Practice Into the Cloud (2011)
April 11-13, 2011www.techshow.com
Session Title
Presenters{Name}{Name}
April 11-13, 2011April 11-13, 2011www.techshow.comwww.techshow.com
PRESENTED BY THE
Taking Your PracticeTaking Your PracticeInto the Cloud Into the Cloud
PresentersPresentersAntigone PeytonAntigone Peyton
John SimekJohn Simek
April 11-13, 2011www.techshow.com
Lawyers in the Cloud: A Brave New World
© Copyright, Museum of Science, Boston, reprinted with permission.
April 11-13, 2011www.techshow.com
Cloud Computing 101 for Lawyers
• Cloud Computing-NIST Definition (Jan. 2011)– A computing model for enabling
convenient, on-demand network access to a shared pool of computing resources (e.g., networks, servers, storage, applications, and services)
– Resources can be consumed w/ minimal management effort or service provider interaction
April 11-13, 2011www.techshow.com
Cloud Computing 101 for Lawyers
• Cloud Computing-NIST Definition (Jan. 2011)– This cloud model is composed of five
essential characteristics, three service models, and four deployment models
• NIST Definition of Cloud Computing (Draft), Peter Mell and Tim Grance, available at http://csrc.nist.gov/publications/drafts/800-145/Draft-SP-800-145_cloud-definition.pdf
April 11-13, 2011www.techshow.com
So What Does This Mean?
• You pay for what you use (economic model)– Per user/per month– Amount of space or computing power used
in a given unit– Number of uploads/downloads
• Someone else takes care of the IT hardware and software
• Outsourcing computing infrastructure
April 11-13, 2011www.techshow.com
5 Essential Characteristics• On demand self-
service• Broad network access• Resource sharing with
others (multi-tenancy)• Rapid elasticity• Measured service
April 11-13, 2011www.techshow.com
Service Models
• SaaS-“Software-as-a-Service”– Common service model for lawyers– Interact with the software that you
bought the rights to use to consume computing power
– Clio, Rocket Matter,NetDocuments,Google Apps
April 11-13, 2011www.techshow.com
Deployment Models• Private-I want my own data island
that you or I manage• Community-I will share with
others of like needs and interests• Public-I will share the servers,
applications, and computing resources with others
• Hybrid-A little bit of both choices
April 11-13, 2011www.techshow.com
Reliability
• Network Technology• DNS• Redundancy-data in more than
one location• Elasticity-reacts to ebb and flow of
data usage• Risk assessment-cyberthreats and
Internet infrastructure attacks
April 11-13, 2011www.techshow.com
Reliability
• Cyberattacks on the rise– Symantec annual threat review found
# of Web attacks rose 93% in 2010– Expected increase in attacks on
social networks– Shift to mobile devices
April 11-13, 2011www.techshow.com
Internet Access
• Centralized storage and accessibility over the Internet gives rise to good accessibility
• Good mobility• Platform indifferent-
Windows/Mac/Linux• iPad/Netbooks• Smartphones
April 11-13, 2011www.techshow.com
Client Access• Internet• Dedicated circuit• Browser• Client app
– 2 Factor
April 11-13, 2011www.techshow.com
Confidentiality
• Systems built with access security measures
• Data structure protects different users data from intermingling
• Reasonable measures to protect information
• Similar considerations to third party vendor situations
April 11-13, 2011www.techshow.com
Data Security
• Encryption on servers• Enterprise style user security• Lack of local storage can protect
data (reduced risk of lost laptop problem if local data not encrypted)
April 11-13, 2011www.techshow.com
Data Security
• Security certifications and approved security protocols
• Physical security• Technical/virtual security• Beware of compromised security
certificates (e.g., Comodo SSL certificates compromised)
April 11-13, 2011www.techshow.com
The Ethics of Cloud Computing
• More detail on this in later panel discussions-hot topic!
• Bottom line of opinions:– Understand the technology & how it works– Take reasonable steps to protect the
information• At this point, not per se violation of ethics
rules to put client data in the cloud
April 11-13, 2011www.techshow.com
Data Privacy• Encryption• Export restrictions• Processing
restrictions• Who can look under
the hood?• Patchwork of federal
& state laws
April 11-13, 2011www.techshow.com
Cross-Border Considerations
• EU Directives and member state implementation and enforcement mechanisms
• Canadian federal laws (PIPEDA, Privacy Act) and province-specific restrictions and protections
• Export control• Always consider server locations &
application of local laws
April 11-13, 2011www.techshow.com
Implementation
• Private vs. public cloud• Outsourced private cloud
– Federal Government– City of LA “Gov Cloud”
• Hybrid cloud
April 11-13, 2011www.techshow.com
Other Considerations
• Financial stability of cloud provider• Bankruptcy backup plan?• Data ownership/possession/control
are divided between the firm and the provider(s)
• FRE 34-”Control” read broadly by most circuit courts
April 11-13, 2011www.techshow.com
Other Considerations• Data backup
– Local or remote & encrypted
• Backup includes a fully functional alternative if the primary provider encounters issues?
• Who are you contracting with?• What are the contractual duties regarding data
access, transfer, guaranteed minimum downtime
April 11-13, 2011www.techshow.com
Read The Contract!
• The contract (TOS, SLA, Privacy Policy) governs the parties rights and obligations
• Is it updated regularly and applied nunc pro tunc to existing customers
• What are the cloud provider’s obligations?
April 11-13, 2011www.techshow.com
Read The Contract!• A real cloud contract (TOS)• (1) The Service is provided on an “as is”, “as available” basis
and CoX expressly disclaims all warranties, including the warranties of merchantability and fitness for a particular purpose.(2) CoX and its …. affiliates does not warrant that:(a) the Service will meet any specific requirements; (b) the Service will be uninterrupted, timely, secure, or error-free; (c) the results that may be obtained from the use of the Service will be accurate or reliable; (d) the quality of any products, services, information, or other material purchased or obtained through the Service will meet any expectations; and (e) any errors in the Service will be corrected.
April 11-13, 2011www.techshow.com
Upgrades• Ability to control?• Cost• Latest version(s) integrated• Customization options vs. provider
driven software changes
April 11-13, 2011www.techshow.com
Exit Strategy
• Data export options– Quicken Online
• File formats• Data conversion or re-creation of
native environment
April 11-13, 2011www.techshow.com
Information Governance / Records Management
• Migration of data into/out of the cloud• Identification and application of data
retention requirements• Impose company retention/destruction
needs on providers
April 11-13, 2011www.techshow.com
E-Discovery & Legal Compliance
• Subpoenas• Government investigations• Ability to provide discovery of
particular custodians’ data?– No such thing?
• What if you are anon-party?
April 11-13, 2011www.techshow.com
E-Discovery & Legal Compliance
• Specific bar association opinions on duties (e.g., Arizona opinion)
• HIPAA• Data breach notification
– Who is required to notify?– Who do they notify?
April 11-13, 2011www.techshow.com
Save the Date Save the Date
ABA TECHSHOW 2012ABA TECHSHOW 2012
March 29-31, 2012March 29-31, 2012
Hilton ChicagoHilton Chicago