We see the term “cloud computing” a lot these days. Its a term that’s hard to define – like Web 2.0. It essentially means having your software work “out there” somewhere, and/or your data reside “out there” somewhere – rather than on a computer in your own home or office. Think of it as commoditized outsourcing. The term is sometimes used to include SAAS and other concepts, and sometimes in a much more limited way. From a legal point of view, the issues and risks for using any flavour of cloud computing are the same – although the size of the risk and what one can do about it varies.
It is a popular topic, and hailed as the wave of the future and the beginning of the end of the desktop computer. On the other hand, Richard Stallman says cloud computing is a “trap” that is “worse than stupidity”, and Larry Ellison of Oracle says “It’s complete gibberish. It’s insane.” Of course, they both come at the topic with particular viewpoints and agendas.
It does offer some compelling business models. For a sole practictioner or small law office or mobile professional, it offers the possibility of always available computing resources and access to files at a fairly low cost. You don’t have to have a large IT infrastructure to support your practice. It lets others worry about things like hardware, software updates, security issues, and backup. The idea is that those “others” can do those things a lot better than you can, because its their business to deal with it.
On the other hand, we lose control over all that. That means we are dependant on others to ensure our data is secure, private, confidential, backed up and available. The consequences of losing all of one’s data because of some vendor issue can be massive.
Frankly, I have mixed feelings about it. The advantages are compelling. While it is a bit of the flavour of the month now, it is not going away, and will continue to mature. I have some control and trust issues over the cloud. To me it depends on what you are using it for, how mission critical it is, how sensitive the information is, who has it, and whether you can keep local copies.
My own blog is hosted on a third party site, but it is by nature public, so there is no confidential information to be concerned about. And it is set up to automatically send backup copies to me on a regular basis so if something goes wrong at the host, I can take it and set it up somewhere. And its not a mission critical system that prevents me from carrying on business or compromises client service if its not available for short periods.
If lawyers use the cloud to do mission critical work, we should go through the same diligence and documentation review we would do for a client entering an outsource deal. In other words, look at the reputation, history and health of the vendor. Ask about their service level promises, back-up, security, confidentiality safeguards. Ask if you can keep a local backup. And see what their agreement says. To the extent these are low cost commoditized services, it often won’t be worth the vendor’s time to negotiate changes to an agreement – but you can vote with your feet.
Here’s some things to read on the subject.
CBA National article including links to ABA articles on the topic. The National article takes a balanced approach to the issue.
My Free Press article from this week talking about the Ontario Privacy Commissioner’s thoughts on the cloud.
A CNET news article on Oracle’s Larry Ellison’s negative thoughts on the hype. Make sure you watch the video in that article that does a good job explaining what the cloud is and is not.
An earlier post of mine on the pros and cons of cloud computing including links to a Gigaom post entitled 10 Reasons Enterprises Aren’t Ready to Trust the Cloud and Ernie the Attorney’s thoughts on his goal to operate in “ATM mode”. He wants to keep as much as possible in the cloud – largely based on his Katrina disruptions.