|« How Good Are Your Procedures?||Jurors and Technology »|
Hello? Is This Thing On?
Just when I think I can stop talking about Cloud Computing and Security somebody goes and writes an article like the one linked above. With all due respect to Mr. Nolan I have to say that it's just about one of the most irresponsible things I've ever seen written on the subject of law office technology.
I'm not in any way disputing that Mr. Nolan has had positive results (so far) with his Cloud Computing initiative. But what I see in this article is an unabashed, and totally one-sided, review of what Cloud Computing can do. Not once in this article does he even mention the potential risks or costs of Cloud Computing for law firms; many of which have been detailed in this space repeatedly. Instead he breathlessly encourages EVERYBODY to rush to the Cloud themselves, without even a suggestion that they carefully evaluate the pros and cons for their firm. He even describes getting your firm in the Cloud as a "mission"!
To make matters worse, two of the key benefits that Mr. Nolan cites are, I'm afraid, at least somewhat illusory.
First he says that he no longer has to worry about his server going down, now that he's in the Cloud. But many, if not all, of the big Cloud providers have had outages. If you're a Blackberry user I don't have to tell you that - they've spent much of this week dealing with outages. Google has had outages. So have Twitter, Facebook and just about everybody else. Add to that when your data is at arm's length, in the Cloud, you are now wholly dependant upon your Internet Service Provider to access it. Comcast, Time Warner, AT&T....all of them have had outages from time to time.
Second he says he no longer has to worry about backups. The fact is we should ALWAYS worry about backups. I don't trust a backup that I can't personally verify. Ask users of Microsoft's "Danger" service or Ma.gnolia's shared links service about how reliable Cloud backups are. Just because your data is stored somewhere else does NOT mean it is guaranteed to be more reliably protected.
Good grief people. I know the Cloud is a shiny thing. I know the promised cost savings are intoxicating. (later we can have a discussion about price versus cost, by the way) But really, before you hoist your sword and charge off on a crusade that will radically change how your firm stores and processes mission-critical and oft-confidential information that you should do some due diligence and ask some questions?
So What Do We Do?
The disclaimer that was missing from Mr. Nolan's call to arms was "Your mileage may vary." The Cloud CAN BE a positive move for your firm, either in whole or in part. In fact for many, if not most, firms I daresay there are at least some elements of your information technology that would be improved in the Cloud. But you need to do your OWN analysis.
Each firm is different. If you practice securities or medical malpractice law you have different privacy considerations than if you do immigration or real estate transactional work. The laws in different jurisdictions are different. The privacy and ethics requirements in different Bar associations can vary. If you have clients in the EU you may have different privacy requirements. You may or may not have to be concerned with Sarbanes-Oxley or HIPAA. What is expected of you from your clients may vary widely as well. Some clients will NOT welcome the news that you've chosen to store their confidential work product with a third-party vendor whose servers you cannot identify or locate. Some will be fine with it. One size most definitely does NOT fit all.
Here are a few questions you NEED to ask:
1. Is my data encrypted not only in transit but in storage? Who has the ability to decrypt it?
2. WHERE is my data physically stored. Can you guarantee me that it will not leave the United States? Yes, backups too.
3. Can I get a local copy of my data anytime that I want to, at no extra charge?
4. What, if any, limits are imposed upon me with regards to storage and access? If I exceed those limits is it simply an extra charge or will you throttle or suspend my service?
5. What monitoring tools do you provide so that I can check on my usage? Can I get a report that verifies that backups of my data are successfully occuring?
6. How many other subscribers do you have? May I speak with 3 of them about your service?
7. If I decide to no longer use your service, how do I get my data back from you?
8. How will you respect my document retention policies?
Make it your "mission" to soberly evaluate the facts; the pros AND the cons. Don't just take one fellow's success story and run to the Cloud without concern or care. It may be that the Cloud is a good solution for you too. It may be that it's not. Ask the questions.
Mr. Nolan says "Second, as an IT person in your firm, your most important mission is to get your firm to move to the cloud."
NO! As an IT person in your firm, your most important mission is to make sure that your firm's technology (Cloud or otherwise) is effective and appropriate and that your data and your client's data is properly protected. A projected reduction in our operational budget is NOT a license to abandon any and all concern for the integrity of our firm's data or our clients.