What do you really know about the cloud? Sure, your IT department probably knows plenty, but what do you really know? While many corporate legal professionals may think they have a firm grasp on the nebulous topic of cloud computing, perhaps they don’t fully comprehend as many of the wisps and details as they may think.
As a concept, cloud computing tends to evoke a multitude of responses from legal professionals. While still definitely a groan-inducing buzzword, cloud also seems to elicit deep-seeded emotional reactions and often confusion. But those reactions and bewilderment are typically related to a common problem—that in-house counsel don’t really understand what it is, how and where they’re using it and the extent to which it can potentially improve their daily lives.
When it comes down to it, much of the technology, software and applications used in legal departments today are already running in the cloud. From email to voicemail to online data backup and storage, and more robust applications such as e-discovery solutions and enterprise content management (ECM) systems, there are a substantial number of technologies, possibly already cloud-based, that most users take for granted. Still, confusion and a hesitance to entertain further cloud-based opportunities often reign.
The best way to dispel any lingering questions or doubt about cloud is to truly understand what it actually is. But even that can be a rather daunting task.
In an effort to inform the public debate on cloud computing, the National Institute of Standards and Technology (NIST) in January issued an “informal” definition of cloud computing that has become widely accepted and adopted.
“Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction,” NIST states. “This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.”
DLA Piper Partner Victoria Lee translates the definition’s latter points. Service offerings in this context are platform as-a-service, software-as-a-service and infrastructure-as-a-service, Lee explains. The deployment models—meaning where the cloud customer is using the service—is defined in terms of private, public or middle-end hybrid or community clouds. And the essential characteristics include broad network and on-demand access, measured service and resource pooling.
Because of this complex definition, myriad misconceptions about the cloud hang low over in-house counsel’s heads. Chief among them for companies is the fallacy that data placed in the cloud is no longer in their control.
“[In-house lawyers] have this interesting notion that they’re in control of their data if they collect it, put it on a removable media device and FedEx it to their outside counsel,” says Steven d’Alençon, chief marketing officer of software and services provider Case Central. Large law firms, he explains, tend to have decent security procedures, but smaller law firms may have no security procedures at all. When companies send out their data, it is often copied numerous times, left unencrypted and sent to multiple law firms in different places—all outside the firewall. “So the notion of corporations staying in control of their data really has no foundation in reality whatsoever,” d’Alençon says.
Instead of taking this risk, corporate legal departments can house their data in a centralized, cloud-based repository. In this scenario, when in-house counsel conduct a data collection, they can load the data into the repository and grant or deny access to outside counsel at will for particular cases. That way there only is ever one copy of the data, and it always stays underthe department’s control.
Another misconception is that any data stored in the cloud is insecure.
D’Alençon wholeheartedly refutes the notion. “Many people think, ‘Gee, the cloud is insecure.’ To that I say, ‘caveat emptor.’ There are many vendors in the cloud that invest large sums of money in enterprise-class security for their data centers. And many data centers pass yearly audits and rigorous testing from their clients.” Because of this, he assures that the security of data housed with service providers simply should not be a concern.
Hogan Lovells’ Chief Technology Officer Michael Lucas agrees, but recognizes that it’s still a hurdle to overcome depending on company stakeholders’ risk appetite. However, he believes they will eventually capitulate.
“It’s inevitable,” he says. “Cost savings are going to drive the adoption of cloud. If people are still hesitant, they eventually will move to this model simply to gain the cost savings.”
Once in-house counsel’s misconceptions about cloud have finally dissipated, the benefits can begin to gather. One of the biggest opportunities for corporate legal departments is in the document management space where many web-based offerings have emerged for running ECM applications in the cloud.
“Document management systems in most environments are pretty much a bread-and-butter application,” Lucas says. “You can significantly reduce your infrastructure, your footprint and maybe even support personnel by housing that system in the cloud. There is an opportunity to reduce facilities costs as well. About 70 percent of IT’s costs are based around maintaining current infrastructure, so if you reduce that infrastructure, there are big savings to be had.”
But in the end, when it comes to storing data, especially in corporate legal departments, security is always the most important factor.
“Our clients expect that we’re going to protect their data, and that no one will look at it or that it will leak outside the firm,” Lucas says. “That requires vast amounts of expertise and resources. When you realize that providers can cost-effectively do that, there’s a lot of appeal. Frankly, there probably aren’t many legal departments that can get enough security personnel to properly secure that data. But there are organizations out there set up to do just that.”