Putting your practice on cloud 9

368 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
368
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Putting your practice on cloud 9

  1. 1. Putting Your Practice on Cloud 9
  2. 2. Web Application Cloud  Compu*ng ASP So.ware-­‐as-­‐a-­‐Service 2
  3. 3. 3
  4. 4. 4
  5. 5. 5
  6. 6. tradi*onal  compu*ng  model The  Internet Local  Area  Network
  7. 7. so.ware-­‐as-­‐a-­‐service  model The  Internet Local  Area  Network
  8. 8. typical  small  law  office
  9. 9. tradi/onal  so1ware  distribu*on
  10. 10. cloud  compu/ng
  11. 11. why cloud computing?
  12. 12. You need to deliver a better experience to your clients
  13. 13. We’re screwed. 13
  14. 14. There is a profound message here for lawyers—when thinking IT and the Internet, the challenge is not to automate current working practices that are not efficient. The challenge is to innovate, to practice law in ways that we could not have done in the past. 14
  15. 15. It’s not just what you sell 47% 53% It’s how you sell it
  16. 16. Deliver a cloud experience to your clients
  17. 17. laggards 16% late majority 34% early majority 34% early adopters 13.5% innovators 2.5%
  18. 18. up  and  running  fast 21
  19. 19. save  money 22
  20. 20. cash  flow 23
  21. 21. ethics of cloud computing
  22. 22. North  Carolina  State  Bar   Ethics  Inquiry •2011  FEO  6  "Subscribing  to  So.ware  as  a  Service  While  Fulfilling   Confiden*ality  and  Preserva*on  of  Client  Property" •First  ethics  opinion  in  North  America  specifically  focused  on  use   of  cloud  compu*ng  in  a  law  firm
  23. 23. Inquiry  #1 Is  it  within  the  Rules  of  Professional  Conduct  for  an   attorney/law  7irm  to  use  online  ("cloud  computing")   practice  management  programs  (e.g.,  the  Clio  program)   as  part  of  the  practice  of  law?    These  are  instances  where   the  software  program  is  accessed  online  with  a  password   and  is  not  software  installed  on  a  computer  within  the   5irm's  of5ice.
  24. 24. North  Carolina  Proposed  Formal  Ethics  Opinion Yes,  provided  steps  are  taken  effectively  to  minimize  the  risk  of   inadvertent  or  unauthorized  disclosure  of  con5idential  client   information  and  to  protect  client  property,  including  5ile  information,   from  risk  of  loss.
  25. 25. Other  States  Following  Suit • Pennsylvania  Formal  Opinion  2011-­‐200 • California  Formal  Opinion  No.  2010-­‐179 • Alabama  State  Bar  Ethics  Opinion  2010-­‐02 • Arizona  State  Bar  Formal  Opinion  09-­‐04 • Nevada  State  Bar  Formal  Opinion  No.  33 • New  York  State  Bar  Associa*on  Opinion  842  of  2010 • Iowa  Op.  11-­‐01 • Oregon  Formal  Op.  2011-­‐188 • Vermont  Advisory  Ethics  Op.  2010-­‐6 • Massachuse[s  MBA  Ethics  Opinion  12-­‐03   29
  26. 26. ABA  20/20  Ethics  Commission •Examining  how  a  lawyer’s  ethical  responsibili*es  apply  to  cloud   compu*ng •Recommenda*ons  adopted  in  August  2012 30
  27. 27. ABA  20/20  Ethics  Commission •The  development  of  a  centralized,  user-­‐friendly  website  that   contains  con*nuously  updated  and  detailed  informa*on  about   confiden*ality-­‐related  ethics  issues  arising  from  lawyer’s  use  of   technology,  including  the  latest  data  security  standards. •Amendments  to  several  Model  Rules  of  Professional  Conduct   and  their  Comments  to  offer  specific  guidance  and  expecta*ons   rela*ng  to  technology. 31
  28. 28. ABA  20/20  Ethics  Commission The  Commission  concluded  that  competent  lawyers  must  have  some   awareness  of  basic  features  of  technology.  To  make  this  point,  the   Commission  is  recommending  an  amendment  to  Comment  [6]  of  Model   Rule  1.1  (Competence)  that  would  emphasize  that,  in  order  to  stay  abreast   of  changes  in  the  law  and  its  practice,  lawyers  need  to  have  a  basic   understanding  of  technology’s  bene5its  and  risks. 32
  29. 29. ABA  20/20  Ethics  Commission Proposed  new  Model  Rule  1.6(c)  would  make  clear  that  a  lawyer  has  an   ethical  duty  to  take  reasonable  measures  to  protect  a  client’s   con7idential  information  from  inadvertent  disclosure  and   unauthorized  access.  This  duty  is  already  implicit  in  Model  Rule  1.6  and  is   described  in  several  existing  comments,  but  the  Commission  concluded  that,   in  light  of  the  pervasive  use  of  technology  to  store  and  transmit  con5idential   client  information,  this  obligation  should  be  stated  explicitly  in  the  black   letter  of  Model  Rule  1.6. 33
  30. 30. ABA  Model   Rules  of  Professional  Conduct “ When transmitting a communication that includes information relating to the representation of a client, the lawyer must take reasonable precautions to prevent the information from coming into the hands of unintended recipients. This duty, however, does not require that the lawyer use special security measures if the method of communication affords a reasonable expectation of privacy.” (Emphasis added) Comment 17, Rule 1.6 34
  31. 31. security of cloud computing
  32. 32. Encryption Terms of Service Security Data Privacy Data Availability 36
  33. 33. encryption
  34. 34. terminology •Secure  Sockets  Layer  (SSL) ØIndustry  standard  protocol  for  securing   Internet  communica*ons ØBanks,  e-­‐commerce  sites  (Amazon.com,   etc.)  all  use  SSL  for  secure  communica*ons
  35. 35. without  ssl Informa*on  exchanged  is  insecure Please  give  me  my  bank  account  balance $2,031.34 Your  Computer Your  Bank’s  Server
  36. 36. with  ssl Informa*on  exchanged  is  encrypted  for  security 01101010001010110101010100101010 11010001110 Your  Computer Your  Bank’s  Server
  37. 37. verifying  ssl  connec*ons A  sealed  lock  icon  indicates  a  secure  connec*on Internet  Explorer: Firefox: Safari:
  38. 38. server  security Are  third-­‐party  audits  being  performed?
  39. 39. server  security
  40. 40. server  security
  41. 41. endpoint  security
  42. 42. HIPAA 47
  43. 43. password  security joe@smithlaw.com 07121954 smithlaw password
  44. 44. 49
  45. 45. 50
  46. 46. privacy
  47. 47. privacy •Does  the  SaaS  provider  have  a  published  privacy  policy? •Need  to  ensure  you  own  your  data •The  private  client  informa*on  stored  with  your  SaaS  provider   cannot  be  used  for  any  other  purposes
  48. 48. facebook  privacy  policy You hereby grant Facebook an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to (a) use, copy, publish, stream, store, retain, publicly perform or display, transmit, scan, reformat, modify, edit, frame, translate, excerpt, adapt, create derivative works and distribute (through multiple tiers), any User Content you (i) Post on or in connection with the Facebook Service or the promotion thereof subject only to your privacy settings. You may remove your User Content from the Site at any time. If you choose to remove your User Content, the license granted above will automatically expire, however you acknowledge that the Company may retain archived copies of your User Content.
  49. 49. TRUSTe How  is  sensi*ve  informa*on  being  handled? “TRUSTe’s   program   requirements   are   based   upon   the   Fair   Informa*on   Principles   and   OCED   Guidelines   around   no*ce,   choice,   access,   security,   and   redress   -­‐   the   core   founda*ons   of   privacy   and  building  trust.    Sealholders  are  required  to  undergo  a   rigorous   review   process   to   assess   the   accuracy   of   privacy   disclosures   and  compliance   with   TRUSTe’s   requirements   in  order   to  obtain  cer*fica*on.”
  50. 50. data availability
  51. 51. 56
  52. 52. 57
  53. 53. 58
  54. 54. 59
  55. 55. Data  Loca/on •Where  is  main  data  center(s) •Is  data  backed  up  to  mul*ple  offsite  loca*ons?
  56. 56. external  backup  provisions •Can  you  perform  an  export  of  your  data? Comma  Separated  Values  (CSV) Extensible  Markup  Language  (XML) Microso1  Excel  (XLS)
  57. 57. business  con*nuity What  if  the  SaaS  provider  goes  out  of  business?
  58. 58. op*on  1:  data  export Comma  Separated  Values  (CSV) Extensible  Markup  Language  (XML) Microso1  Excel  (XLS) Cross  your  fingers  and  hope  you’re  up  to  date…
  59. 59. If  it  isn’t   automated  you’ll   forget  to  do  it
  60. 60. op*on  2:  data  escrow saas  provider escrow  provider saas  user
  61. 61. terms of service / service level agreement
  62. 62. terms  of  service •Easily  accessible,  published  ToS? •Outlines  the  condi*ons  under  which  you   agree  to  use  the  service   •Ensure  you’ve  reviewed  and  accepted   your  provider’s  terms  of  service
  63. 63. service  level  agreement •SLA •Outlines  guaranteed  up*me  percentages •E.g.  99.9% •Usually  providers  for  some  kind  of  compensa*on  if   down*me  exceeds  SLA  guarantee
  64. 64. data center security
  65. 65. 70
  66. 66. 71
  67. 67. 72
  68. 68. Thank You

×