In the Clouds
On March 6, 2012 by Admin
Law firms are now backing up data on storage clouds
By Kevin Woo California Lawyer May 2010
Like the larger business world, the legal industry is full of overused clichés: phrases such as “take it to the next level,” “think outside the box,” and “win-win situation.” Conduct a Google search for another worn-out phrase—”do more with less”—and you’ll be served up more than five million hits. One approach to doing more with less is the increasingly popular practice of cloud computing, where users abandon the computing power of their own internal servers in favor of software and storage that run online, or “in the cloud.” Instead of investing in costly hardware, software, and data-center infrastructure, a law firm simply pays an outside vendor to serve its computing needs as needed. Not only do firms save on costs, they also don’t have to manage computer networks, keep up with the latest software, or become instant experts on data storage and security.
Cloud computing advocates say that law firms are particularly well suited to take advantage of these services because the practice of law is so data intensive. Moving IT operations to the cloud can especially benefit small and medium-size law firms, which have limited resources to invest capital in hardware and software. Byron Attridge Jr., an executive vice president at ClubDrive Systems based in Atlanta, says that 90 percent of law practices he sees don’t want to manage their own IT infrastructure.
Instead, cloud services such as his company provides allow them to focus on practicing law. Clearly, the most pressing concern about cloud computing is loss of control. Law firms rightly guard their data jealously, since they’re in the business of ensuring that confidential information stays private. When client information leaks from a law firm, it isn’t just embarrassing; it’s potentially disastrous.
But cloud enthusiasts argue that the principles that guide information security in the cloud aren’t much different from those followed by traditional information technology infrastructures—the same threats, controls, and compliance issues apply. In fact, advocates say, the cloud approach presents the computer security field with a rare opportunity to make security cheaper, more efficient, and less intrusive than it’s been in the past.
The Public Option
Clouds come in many shapes and sizes, but there are two major types: internal and external (often called private and public). In an internal cloud virtualized servers, storage, networks, and applications are administered solely for one organization or enterprise. The organization doesn’t have to physically own or operate the hardware and software that form its private cloud; some IT assets can be outsourced or leased from cloud providers, such as computing capacity leased from an outside data center. But while the company may not own its IT infrastructure, the organization still effectively “owns” its private cloud by controlling and setting policies governing how its virtual IT assets are used.
Private cloud providers typically customize hardware, software, and service offerings for their clients and enable end users to operate behind a firewall that protects data from intruders. They can also serve up virtually any type of application—whether it’s off-the-shelf software such as Microsoft Office or customized software designed for specific legal needs.
Public clouds, on the other hand, host computing power and applications for their customers via high-speed Internet connections, and the policies controlling the data are not defined or enforced by customers. Companies that use a public cloud for business purposes don’t control how the cloud is operated, accessed, or secured. Sometimes the applications available to customers are exactly like those the general public uses, apps such as Google Docs, Gmail, or Google Talk. Other times, the software hosted by the cloud provider is specific to the industry, such as Time Matters from LexisNexis, the project and time-management application used by many law firms. Popular examples of public clouds include Amazon’s Elastic Compute Cloud (EC2), Google Apps, Microsoft Windows Azure, and Salesforce.com.
Cloud providers generally charge customers in one of three ways: a flat monthly fee for “all you can eat” computing and storage services; metering, where customers are charged by the hour based on their CPU usage (usually starting around 10 cents per hour) or data storage (about 15 cents per gigabyte); or “by instance,” which can work particularly well for law firms that might need extra computing power or storage for a short period of time for a specific project.
External clouds are generally cheaper than their internal counterparts because customers share the hosting services with hundreds, if not thousands, of other companies. As a result, small and medium-size businesses are migrating to cloud services faster than any other group, since it gives them access to services that would normally be out of their price range. Cloud vendor Salesforce.com, for example, charges $50 to $75 a month per user to deliver custom business and sales applications to a company. Google hosts a variety of cloud applications through its Google Apps Premier Edition service for $50 per user per year.
Determining Value
Though these public clouds are cheaper, private cloud vendors say that you get what you pay for. When evaluating the private versus public option, firms need to look at the opportunity costs associated with hiring a full-time employee to manage IT, says Sainath Nagarajan, managing director of Obvious Ideas, a Boston-area IT consulting firm. “Today, firms spend time on a mix of internal organization activities and external delivery work,” he says. Instead of spending $65,000 on a salaried IT professional to keep your firm’s systems up and running, he adds, you could use that money to hire a legal professional who can create $100,000 of value for the firm.
“Cloud services are relatively inexpensive, but some companies have little understanding of the professional standards governing information in the legal industry,” Nagarajan warns. “If you go to the cloud without due diligence, it can be very expensive.”
Kevin Woo is a San Francisco–based technology writer.