Cloud Computing for Lawyers: Practical and Ethical Uses of the Cloud
1. Cloud Computing for Lawyers
Practical and Ethical Uses of the Cloud
Rhode Island Bar Association
June 15, 2012
Robert J. Ambrogi, Esq.
2. What we’ll cover
What is cloud computing?
What advantages does it offer?
How can lawyers use the cloud?
Is it ethical for you to use the cloud?
What precautions should you take?
What’s ahead for lawyers in the cloud?
3. What is cloud computing?
A method of
harnessing
computer power
over the Internet.
Access files or
applications
online rather than
on a local device.
4. Like turning on a tap
• Once, everyone
had to find and
Cloud maintain their own
computing supply of water.
is like the
public • Now, we simply
water turn on a tap when
supply: we need water
and turn it off
when we’re done.
—Vivek Kundra, former CTO of the United States
5. Three types of cloud computing
Platform as a
Service Infrastructure
Software as a as a Service
Service
Customer
deploys its Customer
Customer own rents
uses the cloud applications processing
provider’s using a cloud power,
applications provider’s storage space
via the operating and
network. system and networking
computing capacity.
platform.
6. Advantages of cloud computing
Lower costs. No up-front outlays or ongoing
maintenance and upgrades.
On-demand self-service. Services available whenever
you need them.
Universal access. Access from any device and from
anywhere in the world.
Scalable computing power. As much or as little
processing power and storage as you need.
Better reliability and security. Systems always up to
date and have high degree of security and redundancy.
Pay only for what you use. Costs are clear and
transparent, licensing is simplified.
7. Disadvantages of cloud computing
Network dependence. Use
depends on reliable and
continuously available network.
Lack of data portability. It may
not always be easy to export and
import data.
Browser vulnerability. If your
browser becomes compromised,
it could compromise your data.
8. How lawyers use cloud computing
Law practice management.
Document management and collaboration.
Time and billing.
Accounting.
Project management.
Office suites (email, calendar, documents)
Electronic discovery.
Virtual lawyering.
Back-up and storage.
9. Practice management example: Clio
Client and matter management.
Calendar and reminders.
Time tracking.
Billing.
Trust accounting.
Document management.
Document assembly.
Client collaboration.
$49/month per lawyer.
20. Document storage: Box
Store, manage and synchronize documents
and files.
Share large files securely.
Sync files with desktop.
Mobile access.
Online workspaces.
Administrative controls.
Free for personal use; $15 per user per month
for businesses.
21. Get Extra Security
SecretSync, TrueCrypt, SugarSync,
getsecretsync.com www.truecrypt.org www.sugarsync.com
Client-side A cross between
encryption. Evernote and
Mozy – back up
and sync.
Works with any
online Free, open-source
synchronization disk encryption.
site.
Encrypted file
From $0 to transfers.
$60/year.
24. Document management example: NetDocuments
Organize, store and search
all company documents.
Features include:
• Concurrency control.
• Version control.
• Document history.
• Full-text searching.
• Document collaboration.
• Mobile access.
• Office integration
Starts at $20/month per user.
25.
26. E-Discovery example: Catalyst
One of the
• Early case assessment.
first cloud- • Analytics and data reduction.
based e- • Multi-language search &
discovery review.
providers. • Production and trial support.
• Unified corporate
Features repositories.
include:
27. Covers Right Side of the EDRM
Electronic Discovery Reference Model
Partners/Clients CATALYST
Processing
Preservation
Records
Identification Analysis Production Trial/Hearing
Management
Collection
Review
Data Volume (Actual) Relevance (% of Total)
Forrester: “Seventy percent of e-discovery costs are spent on
processing, analysis, review, and production.”
28.
29.
30. Benefits for E-discovery
Secure cloud delivery for rapid deploy
at lower cost
Central platform allows teams to work
together anytime, from anywhere
Automation for speed, control and
fewer mistakes
Grid-based speed and scalability to
handle any matter
31. Ethics and cloud computing
The ethical issues at stake:
• Lawyers have duty to
safeguard confidential
client information.
• Lawyers have duty to
protect client property,
including client files, from
loss.
32. Rulings by state ethics panels
The seven state ethics
panels that have
considered the ethics of
cloud computing all
agree.
1. Lawyers may use the
cloud.
2. Must take reasonable
steps to minimize risk to
confidential information
and client files.
33. Seven state ethics panels agree it is ethical
North Carolina
Pennsylvania California,
2011 Formal
Formal Opinion Formal Opinion
Ethics Opinion
2011-200. No. 2010-179.
6.
Alabama State
Arizona State Nevada State
Bar, Ethics
Bar Formal Bar Formal
Opinion 2010-
Opinion 09-04. Opinion No. 33.
02.
New York State
Bar Association
Opinion 842 of
2010.
34. North Carolina 2011
“A law firm may use SaaS if reasonable care is taken
to minimize the risks of inadvertent disclosure of
confidential information and to protect the security of
client information and client files.
“A lawyer must fulfill the duties to protect confidential
client information and to safeguard client files by
applying the same diligence and competency to
manage the risks of SaaS that the lawyer is required
to apply when representing clients.”
35. North Carolina Recommends
Agreement on how the vendor will handle confidential client information in keeping
with the lawyer’s professional responsibilities.
In the event the lawyer terminates use of the product or the vendor goes out of
business, the law firm should have a method for retrieving the data.
The data should be available in a non-proprietary format that the law firm can
access, or the firm should have access to the vendor’s software or source code.
Carefully review of the terms of the law firm’s user or license agreement with the
vendor including the security policy.
Evaluate the vendor’s measures for safeguarding the security and confidentiality of
stored data, including firewalls, encryption, socket security features, and intrusion-
detection systems.
Evaluate the extent to which the vendor backs up hosted data.
36. Protect your clients—and yourself
Work with a reputable provider, one with a history of dealing with
confidential information.
Have an express NDA with the cloud provider.
Understand the physical and electronic security procedures followed by the
provider.
Understand the provider’s practices for backup and disaster recovery.
Spell out in writing data ownership so that others cannot claim it in the
event of financial adversity.
Know where the data is housed and who has access.
Make sure the provider offers the functionality and services you need with
respect to your data.
37. LexisNexis Firm Manager: Data Ownership
“At LexisNexis we
believe strongly that • Your application administrator can export all your
firm data at any time.
the data you place • If for any reason you decide to cancel your
in LexisNexis Firm LexisNexis Firm Manager subscription, we
Manager belongs to maintain your data online for 6 months in case
you! To provide you you decide to return to the service. At any time
you can decide to purge your data, removing it
with the comfort from LexisNexis systems.
that you retain • If you decide to purge your data – an option
control of your available to application administrator – your client
critical client- privileged work product is removed from our
systems. We manage a process to remove that
privileged data from our backup tapes as well, which can
information and take up to 45 days.”
work product:
38. LexisNexis Firm Manager: Data Protection
“We know the • Providing easy to use and sophisticated controls of who in
privacy of your firm has access to specific privileged information. Restrict
access to sensitive information such as key documents to only
your those attorneys and staff members working on specific
matters. Keep personal appointments private. Restrict access
attorney- to “need-to-know” information for temporary employees or
contractors.
• Encrypting all the communication between us using 128-bit
client SSL encryption
• 24×7 monitoring of the security infrastructure protecting
privileged LexisNexis Firm Manager
• Confirmation to application administrator of account changes
information is to help prevent unauthorized account hijacking
• Automatic account log-outs after 1 hour of inactivity to prevent
critical to users from leaving accounts open on public access devices
• Monitoring of account usage for indications of
you. We suspicious activity
• Regular third party security audits to identify possible security
protect that issues and allow for aggressive mitigation and correction
activities”
privacy by:
39. The future for lawyers in the cloud
Increasingly, data will become
dissociated from a particular device,
platform or operating system.
Our digital hub will move from our
desktops to the cloud.
We will access and work with our data
from multiple devices.
Our data will be synchronized across all
our devices.
Our data will be available to us anytime,
anywhere.
40. Further reading …
Cloud Computing Synopsis and Recommendations, National
Institute of Standards and Technology, Published May 29, 2012,
www.nist.gov/manuscript-publication-search.cfm?pub_id=911075