Cloud Computing for Lawyers: Practical and Ethical Uses of the Cloud
Cloud Computing for LawyersPractical and Ethical Uses of the Cloud Rhode Island Bar Association June 15, 2012 Robert J. Ambrogi, Esq.
What we’ll cover What is cloud computing? What advantages does it offer? How can lawyers use the cloud? Is it ethical for you to use the cloud? What precautions should you take? What’s ahead for lawyers in the cloud?
What is cloud computing? A method of harnessing computer power over the Internet. Access files or applications online rather than on a local device.
Like turning on a tap • Once, everyone had to find and Cloud maintain their own computing supply of water. is like the public • Now, we simply water turn on a tap when supply: we need water and turn it off when we’re done. —Vivek Kundra, former CTO of the United States
Three types of cloud computing Platform as a Service Infrastructure Software as a as a Service Service Customer deploys its Customer Customer own rents uses the cloud applications processing provider’s using a cloud power, applications provider’s storage space via the operating and network. system and networking computing capacity. platform.
Advantages of cloud computingLower costs. No up-front outlays or ongoingmaintenance and upgrades.On-demand self-service. Services available wheneveryou need them.Universal access. Access from any device and fromanywhere in the world.Scalable computing power. As much or as littleprocessing power and storage as you need.Better reliability and security. Systems always up todate and have high degree of security and redundancy.Pay only for what you use. Costs are clear andtransparent, licensing is simplified.
Disadvantages of cloud computing Network dependence. Use depends on reliable and continuously available network. Lack of data portability. It may not always be easy to export and import data. Browser vulnerability. If your browser becomes compromised, it could compromise your data.
How lawyers use cloud computingLaw practice management.Document management and collaboration.Time and billing.Accounting.Project management.Office suites (email, calendar, documents)Electronic discovery.Virtual lawyering.Back-up and storage.
Practice management example: ClioClient and matter management.Calendar and reminders.Time tracking.Billing.Trust accounting.Document management.Document assembly.Client collaboration.$49/month per lawyer.
Document storage: BoxStore, manage and synchronize documentsand files.Share large files securely.Sync files with desktop.Mobile access.Online workspaces.Administrative controls.Free for personal use; $15 per user per monthfor businesses.
Get Extra Security SecretSync, TrueCrypt, SugarSync, getsecretsync.com www.truecrypt.org www.sugarsync.com Client-side A cross between encryption. Evernote and Mozy – back up and sync. Works with any online Free, open-source synchronization disk encryption. site. Encrypted file From $0 to transfers. $60/year.
Document management example: NetDocuments Organize, store and search all company documents. Features include: • Concurrency control. • Version control. • Document history. • Full-text searching. • Document collaboration. • Mobile access. • Office integration Starts at $20/month per user.
E-Discovery example: Catalyst One of the • Early case assessment. first cloud- • Analytics and data reduction. based e- • Multi-language search & discovery review. providers. • Production and trial support. • Unified corporate Features repositories. include:
Covers Right Side of the EDRM Electronic Discovery Reference Model Partners/Clients CATALYST Processing Preservation Records Identification Analysis Production Trial/HearingManagement Collection ReviewData Volume (Actual) Relevance (% of Total) Forrester: “Seventy percent of e-discovery costs are spent on processing, analysis, review, and production.”
Benefits for E-discovery Secure cloud delivery for rapid deploy at lower cost Central platform allows teams to work together anytime, from anywhere Automation for speed, control and fewer mistakes Grid-based speed and scalability to handle any matter
Ethics and cloud computing The ethical issues at stake:• Lawyers have duty to safeguard confidential client information.• Lawyers have duty to protect client property, including client files, from loss.
Rulings by state ethics panels The seven state ethics panels that have considered the ethics of cloud computing all agree. 1. Lawyers may use the cloud. 2. Must take reasonable steps to minimize risk to confidential information and client files.
Seven state ethics panels agree it is ethical North Carolina Pennsylvania California, 2011 Formal Formal Opinion Formal Opinion Ethics Opinion 2011-200. No. 2010-179. 6. Alabama State Arizona State Nevada State Bar, Ethics Bar Formal Bar Formal Opinion 2010- Opinion 09-04. Opinion No. 33. 02. New York State Bar Association Opinion 842 of 2010.
North Carolina 2011 “A law firm may use SaaS if reasonable care is taken to minimize the risks of inadvertent disclosure of confidential information and to protect the security of client information and client files. “A lawyer must fulfill the duties to protect confidential client information and to safeguard client files by applying the same diligence and competency to manage the risks of SaaS that the lawyer is required to apply when representing clients.”
North Carolina Recommends Agreement on how the vendor will handle confidential client information in keeping with the lawyer’s professional responsibilities. In the event the lawyer terminates use of the product or the vendor goes out of business, the law firm should have a method for retrieving the data. The data should be available in a non-proprietary format that the law firm can access, or the firm should have access to the vendor’s software or source code. Carefully review of the terms of the law firm’s user or license agreement with the vendor including the security policy. Evaluate the vendor’s measures for safeguarding the security and confidentiality of stored data, including firewalls, encryption, socket security features, and intrusion- detection systems. Evaluate the extent to which the vendor backs up hosted data.
Protect your clients—and yourselfWork with a reputable provider, one with a history of dealing withconfidential information.Have an express NDA with the cloud provider.Understand the physical and electronic security procedures followed by theprovider.Understand the provider’s practices for backup and disaster recovery.Spell out in writing data ownership so that others cannot claim it in theevent of financial adversity.Know where the data is housed and who has access.Make sure the provider offers the functionality and services you need withrespect to your data.
LexisNexis Firm Manager: Data Ownership “At LexisNexis webelieve strongly that • Your application administrator can export all your firm data at any time. the data you place • If for any reason you decide to cancel your in LexisNexis Firm LexisNexis Firm Manager subscription, weManager belongs to maintain your data online for 6 months in caseyou! To provide you you decide to return to the service. At any time you can decide to purge your data, removing it with the comfort from LexisNexis systems. that you retain • If you decide to purge your data – an option control of your available to application administrator – your client critical client- privileged work product is removed from our systems. We manage a process to remove that privileged data from our backup tapes as well, which can information and take up to 45 days.” work product:
LexisNexis Firm Manager: Data Protection“We know the • Providing easy to use and sophisticated controls of who in privacy of your firm has access to specific privileged information. Restrict access to sensitive information such as key documents to only your those attorneys and staff members working on specific matters. Keep personal appointments private. Restrict access attorney- to “need-to-know” information for temporary employees or contractors. • Encrypting all the communication between us using 128-bit client SSL encryption • 24×7 monitoring of the security infrastructure protecting privileged LexisNexis Firm Manager • Confirmation to application administrator of account changesinformation is to help prevent unauthorized account hijacking • Automatic account log-outs after 1 hour of inactivity to prevent critical to users from leaving accounts open on public access devices • Monitoring of account usage for indications of you. We suspicious activity • Regular third party security audits to identify possible security protect that issues and allow for aggressive mitigation and correction activities” privacy by:
The future for lawyers in the cloudIncreasingly, data will becomedissociated from a particular device,platform or operating system.Our digital hub will move from ourdesktops to the cloud.We will access and work with our datafrom multiple devices.Our data will be synchronized across allour devices.Our data will be available to us anytime,anywhere.
Further reading … Cloud Computing Synopsis and Recommendations, National Institute of Standards and Technology, Published May 29, 2012, www.nist.gov/manuscript-publication-search.cfm?pub_id=911075