Cloud computing changes the way we do business. This presentation explains how to ethically move to the cloud and take advantage of cost savings and anytime availability. Besides cloud based programs, we talk about virtual offices, VOiP Systems, and Cloud Encryption.
Douglas Adams: http://www.amazon.com/exec/obidos/ASIN/0345455290/farnamstreet-20
Back in the stone age, (2007) your only option would be to buy a server and put in your office. All of your data and applications would be installed on the server and you would use your computer in the office to access that data.
There were several limitations to this:
If your office lost power or it burned down, you would be unable to work.
If there was a disaster like a hurricane, you would need to pack up the entire server if you wanted to evacuate.
Remote access is reliant on your location have power and internet.
Cloud Computing means different things to different people but the common denominator is to have your data that is accessible from any device at any time. Most of the time when people refer to cloud computing, they are talking about products like DropBox, Clio, Gmail where your data is stored along with everyone else’s on the companies servers. However there is another option where you own a server that is either in your office or stored somewhere else.
Now-a-days we have options multiple options
Private
You own your equipment. It resides in your office or a data center
You are responsible for the backup / maintenance / security.
You are the legal of owner for service of process, legal disputes, etc.
Public
You pay monthly for hosted services (SaaS)
You are not responsible for the back up / maintenance / security.
You are not the legal of owner for service of process, legal disputes, etc.
Hybrid
You own some equipment. It resides in your office or a data center
You pay monthly for certain hosted services like email.
You own the hardware and the software has a web portal option:
Tabs 3 Connect
Amicus Mobile
Worldox Web
PCLaw Mobility
TimeMatters Mobility
You own the hardware but use a method to connect to it. This is also referred to as a hosted virtual desktop:
Citrix
Remote Desktop Terminal Services
You rent the hardware for someone that hosts it for you:
Rackspace
You are paying a monthly fee for the certain services.
Email:
Microsoft 365
Google Apps
Practice Management
Clio: http://goo.gl/gZ7DQu
Advologix
Amicus Cloud
RocketMatter
Firm Manager
Document Management
NetDocuments
Google Drive
DropBox
Chrome is usually the fastest, but not all SaaS is browser agnostic, some programs like NetDocs work better then IE.
http://goo.gl/T6X0f7
Issues for both Public and Private Cloud
Rules and Ethics
Cloud Checklist
Your Client’s Data
Access
Communications in the Cloud
Legal Specific Software
Everyone seems to want to look at Ethics Opinions by the State Bars and that is part of the equation, but there are other forces at work. We really need to talk about the following:
Ethics Opinions
Protective Orders
HIPPA
Image from: socialmediaworld.com
All the Ethics Opinions that have been released have been favorable as long as you are using “Reasonable Care”. That can be a little vague.
List of states with ethics opinions: http://goo.gl/Dh0tP
In the BP Case Judge Barbie that DropBox violated his Protective Order and that the Plaintiff’s Attorneys needed to use a private cloud solution to share data.
This can also be common in domestic cases.
Obviously from above, Dropbox is not HIPPA compliant. Therefore be careful if you are dealing with Medical Records.
http://goo.gl/effNcL
These are the five things you should check before you sign up with a service provider.
Redundant Locations
SaS 70 Type II Certification
Data Escrow
Privacy Seals
Client Data Protection
Download our Cloud Computing Checklist: http://goo.gl/cf2thH
You want your data in at least two separate locations. Just because your data is in the cloud does not mean that it is in 2 separate locations. A lot of Cloud Companies are only in one location. Ask where the redundant data center is and what is the fail over process.
Ideal Criteria:
2 or more Locations
Different Geographical Areas
Stay in the United States
Square Space: http://tinyurl.com/ak5j8xl The picture on the bottom right was taken at a data center in New York during Hurricane Sandy. They had to bring fuel to the 17th floor for several days to keep the data center working.
SaS 70 is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants that validates that a service organization has been through an in-depth audit of its control activities, and demonstrates that they have adequate controls and safeguards when they host or process data belonging to their customers. This means that a 3rd party has review the cloud provider and verified that they are legit.
These are like deadbolts on your doors. You just need to make sure that you see one of these on your website.TRUSTeVeriSign SecuriedMcAfee SecuredDigiCertNorton Secured
There are 3 Important Questions you need to ask when using the public cloud:Where does your data physically reside?Does the company claim ownership to that data?Can the companies employees view your data?There are also 2 things you can do to make that data more safe:Encrypt your dataUse a password manager
If you are an attorney in Louisiana and have your data in another state that you are not licensed to practice in does that raise a question of authorized practice of Law?This is scare tactic, not something to worry about, but something to be aware of. Know the states that have your data.What if you have a client that restricts where the data resides? Government Agency's, Large Corporations especially defense work. If the company work gets sold, will they move that data?
Most of the SaaS companies initial claim ownership to your data, get a lot of blowback in the media and then change their policies. Watch them like a hawk. http://www.zdnet.com/blog/btl/how-far-do-google-drives-terms-go-in-owning-your-files/75228Even if they initially state they don’t own your data, check the new EULA’s that appear every so often.
The big concern here is if someone has access to your data, do you waive attorney client privilege. To be more specific, if multiple employees at the “cloud company” have access to your data, have you waived attorney client privileges. IT companies are usually required to sign confidentiality agreements when working with Law Firms, can you get your SaaS company to sign the same agreement. The best thing to do is to print the EULA and treat it like a legal document. DLA Piper was going to use Google for hosting, they their attorneys review the EULA and decided to look else where. You need to be vigilant because these EULA’s frequently change.
This is a solution for the public cloud. To get around all these three problems, if you encrypt your own data on your computers, you render these questions moot. The above image is my DropBox Account. If you were to log into DropBox’s website, you cannot read any data because its encrypted. The only way you can read the data is to be on a Computer\Tablet\Phone with the encryption software installed. BoxCryptor: https://www.boxcryptor.com/Sookasa : https://www.sookasa.com/
Regardless if you are using a public or private cloud, you need to have a strong password. The best solution is to use a Password Manager like Last Pass or RoboForm. These products automatically create random complex passwords that are not your cat’s birthday. Password ManagersRoboForm LastPass1Password
You need to do a couple of thingsPassword lock your phone/tabletHave remote wipe capabilities for your phone/tablet
Having data in a private or public cloud brings up access issues. What happens if your internet goes out is the biggest one.
Public outages usually don’t last very long. However this is not much you can do if there is one. You have to wait for the company to fix the issue. http://www.zdnet.com/microsoft-hit-by-second-office-365-email-outage-in-five-days-7000007342/http://techcrunch.com/2012/12/10/gmail-experiences-a-widespread-outage-most-users-affected/
Outage ChecklistUse a program like Outlook or Apple’s Mail and Calendar. That way a copy of your Email, Contacts, and Calendar reside on your local computer \ tablet \ phone incase you lose internet access. Have a backup email account. Have your all or your most recently used docs synced to your computer.Use a Laptop instead of a Desktop. That way you can move to a location that has internet. Have a MiFi.
These devices cost between $40-$60 a month and usually allow you to connect up to 5 devices to them. They are secure and a great backup if you lose internet at the office. They are also a lot more secure then using a public wifi.
There are several services we can host in the cloudVOIP PhoneCall ServiceHosted Email
VOIP stands for Voice Over the Internet Protocol. Instead of plugging your phone into a phone jack, you plug it into the internet. There is no need for a PBX at the office. The advantages are:Portable, you could bring the physical phone anywhere, hook it up to the internet, and it would work.Cheaper then traditional land lines.Web Portals that allow you to forward lines from anywhere to anywhere.Smartphone AppsSoft Phones.8 x 8:866-655-3176 (toll free)Ask for Jonny ManakBusiness Solutions Specialistjmanak@8x8.com8x8, Inc has been offering Business-Class Solutions since 1987 All operations are handled domestically and directly by 8x8, Inc.
There are millions of email providers out there, but when it comes to it, you are either going to use Microsoft Exchange or Google Apps.
If you are comfortable with Gmail stick with this. You can use the Gmail web interface or link it to Apple Mail or Microsoft Outlook to view your email.Price $50/User/Year
If you are an Outlook user, stick with this. You can use the Outlook Web interface or link it to Apple Mail or Microsoft Outlook to view your email.Price $48/User/Year
Practice Management SoftwareDocument Management SoftwareWord ProcessingIntegrationsLit Support
All of these software programs have web portals that allow you to connect remotely. You own the software and the data they reside on. From either a web browser or an app on a smartphone or tablet, you can access the data.
These are all public cloud practice management software products. Clio: http://goo.gl/mDbZ9There is a discount on Clio for members of the LSBA
All of these software programs have web portals that allow you to connect remotely. You own the software and the data. They can either be in your office or a data center that you control.
NetDocuments is a legal specific software, the rest are made for the general public.
No Google Docs, but remember Google Drive and Google Docs are different products. Use Word or WordPerfect. Microsoft does have a web based version of Word, which looks promising, but I would stick with the regular version for now.
When choosing legal specific software check to see what it integrates with. If you are using a practice management software, you want to make sure you can export your time entries. You want them to be able to link with Outlook or Gmail. Also, a link to DropBox, Google Drive, NetDocs is a must.
Summation and Concordance If you have an old version you cant migrate easily. SummationConcordanceDigital War Room
RelativityiCONECTCatalyst
The State of Louisiana will reimburse your training costsFifty or fewer employees. In business in the state for at least three years, contributing and in full compliance with state UI tax laws. Training costs cannot exceed $3,000 per trainee per state fiscal year (July 1 - June 30). http://bit.ly/zJ7FZf or Google: IWTP
Your firm is going to have data in the cloud.Private Cloud is more secure / more expensive.There are reasonable steps to take to protect your clients data.