That is not necessarily true and more a subjective than objective statement. There are laptop configurations where getting the data off that device would be a lot more difficult than from a cloud service. It really depends on how you manage your devices, and the security of the cloud service provider. All of which should be assessed by competent and qualified security teams.

-mike.

So far as multiple SaaS application integration is concerned, the issue is not one of access — no question this is solved through any multi-tab browser as you rightly point out — but rather data and document sharing among them, as well as unified authentication. As mentioned, SaaS applications have the potential to add tremendous value and are can certainly still serve as part of a total solution in the hosted desktop model.

With respect to what exactly constitutes "the cloud" – noting that it is an evolving concept and a topic of current debate.

To log back into the office on a remote desktop to manage things is not "the cloud". Remote desktops are just that, your desktop and not the cloud. The fact you can access it over the internet doesn't mean you're using the cloud.

I do think that the security aspect is being downplayed when it comes to cloud computing, laptop security, and pda security.

Cloud computing brings with it many new security issues that law firms will have to address. You indicated a 'private' cloud, an option being considered by many lately. While it offers the benefit of 100% control, it also offers the increased security risk. Do you have a security team that can keep up with all the latest security risks in the cloud at the same level as Amazon or Google? Most likely not, in which case one can argue that using Google or Amazon from a security perspective is a better choice.

Private cloud maintenance is another issue. Cloud computing is a 'new' technology (for purposes of this entry), does your law firm have the resources to pay to keep the cloud active and up-to-date? Again you are competing with the likes of Amazon and Google in this area.

With a laptop and your data on a private cloud, encryption and laptop security is not necessary. Yet if I was a person interested in obtaining information about a particular case, installation of a trojan that lets me capture keystrokes, screen shots would be all that is needed and there are many of those around today. Why attack Google or Amazons security, when chances are the laptop of the end user is the weakest link and will get me what I am interested in?

When you mention PDA security, you explain using security policy enforcement on iPhones and Blackberries. Currently the iPhone has very limited security. The password is easily bypassed and doing so is readily available on the Internet. Forensic imaging of the Iphone is easily done as well for later analysis. While the Blackberry currently offers a much more robust security and management architecture, wiping of the password remotely assumes the Blackberry is accessible even if stolen. If one is serious about obtaining data, simple use of a faraday bag, signal jammer, or going underground will neutralize any remote access attempt.

Security is risk assessment and needs to be decided by all firms as they decide and migrate to the cloud, remote access etc. It is important that you properly consult with security experts that can assist you to minimize your exposure and point out where you will be exposed in your new solutions. In this way, you can consciously manage the risk.