| « Computer Forensics is Not For the Faint of Skill | Gmail users report yet another outage » |
Software as a Service Arrives?
Link: http://www.abanet.org/lpm/ltt/articles/vol2/is5/litigation-saas-arrives.shtml
I was reading thru my online copy of "Law Technology Today" and as anybody who reads this blog knows Software as a Service (SaaS) is a particular interest area of mine. There's an article in the July 2008 issue by Gene Albert which gives a fairly comprehensive review of Software as a Service as it relates to Litigation Support and, more generally, law office software.
Mr. Albert does a pretty good job of covering the topic and pointing out the advantages of SaaS (of which there certainly are some) but I was surprised that he barely mentioned the potential negatives of it. I thus wasn't that surprised, after reading the article, to discover that he's a principal in a company that offers web-based legal software. That doesn't invalidate his article, simply explains why he tends to view SaaS in a very positive light.
Since he has nicely outlined the advantages of SaaS I'll simply remind my readers of a few of the downsides:
1. Availability. As we've seen, it's not just Internet outages (which certainly occur) but also provider outages. Even the mighty Google has had issues with their web apps going offline for periods of time.
2. Security. Mr. Albert states matter-of-factly that only authorized technicians should have access to the datacenter where your SaaS vendor stores your data. Yes, that's certainly true, but how do you know that's the case? Are you going to go to Texas or Minnesota or Indonesia (or all of the above!) or wherever it is that your SaaS vendor's datacenter(s) are located and verify that their physical security is in place? How do you know who these "authorized technicians" are? How many "authorized technicians" do you suppose Google employs for instance? Are their servers encrypted? What is their disposal policy with regards to old servers? Are communications between your site and theirs encrypted?
3. Backups. Yes, hopefully your SaaS vendor does backups of their servers. How do their backups align with your document retention policies? Would be rather unfortunate if in the course of litigation the other side were to demand documents that should be expired in your policy, but which your SaaS vendor has conveniently held onto.
Those are the first three that come to mind. My bottom-line with Saas: Yes, it does have some advantages. Yes, it may be appropriate for your firm. But there are a lot of potential issues with it, especially if you're trusting them to host your mission critical apps and confidential client work product.
-B-