Law.com Subscribers SAVE 30%
Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
The Nice-to-Haves and Need-to-Haves of Cloud Computing
Employees are increasingly using the cloud to access their personal email, documents, music and other data from anywhere at any time. They expect their employers' digital data will be similarly accessible. Beyond user experience, cost and complexity provide compelling reasons for moving your law firm's technology operations to cloud providers. This article discusses what to look for in a cloud service provider and other issues that will help determine if moving to the cloud is the right move for your firm.
Challenges for SMBs
The growth of technology has created many challenges for small- to medium-size businesses (SMBs), including law firms: continually upgrading hardware, staying abreast of the latest in security developments and hiring multiple staff members with different skills.
First, SMBs typically purchase server hardware with the expectation it will last for years. A year or two later, they discover they need to double the capacity of that system in order to meet technology needs. These costs are often not budgeted.
Additionally, security has moved from a simple firewall and anti-virus software to very expensive, hard-to-manage security systems, including log review and correlation (SIEM) systems, next-generation firewalls, host intrusion detection systems and sandboxing of all incoming files. Your IT department can no longer consist of one person wearing many hats, including maintaining infrastructure, ensuring data security and providing end-user support. To reduce this complexity and its associated costs, many firms are moving to the cloud.
Kinds of Cloud
Cloud services can be broken down into three major categories: software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS).
Software As a Service
SaaS requires the least amount of technical knowledge and, as a result, allows for the least amount of IT administrative control. In the SaaS model, a cloud provider is responsible for everything from the hardware to the application. These types of services are all run primarily from a Web browser and require nothing to be downloaded or installed on the client's workstation. Examples of SaaS solutions include Dropbox, Salesforce, GoToMeeting and Office 365.
Platform As a Service
PaaS allows for more control but requires more technical knowledge than SaaS solutions. PaaS cloud solutions take care of the hardware and the operating system, allowing the user to focus on the applications. This is an ideal solution for application developers, who don't need knowledge of the underlying OS or hardware. Examples of PaaS solutions are Force.com, Apache Stratos and OpenShift.
Infrastructure As a Service
IaaS requires the greatest amount of technical knowledge and grants administrators the most control. IaaS cloud providers are responsible for the underlying hardware or infrastructure through a host of virtual devices, including firewalls, networks and virtual servers and workstations. The company is responsible for managing the OS and the applications. This is the most flexible cloud-computing model and is highly scalable. Examples of IaaS are Amazon AWS, Microsoft Azure and Google Compute Engine.
Security Considerations
Security considerations are still paramount when migrating to a cloud solution. Maintaining good security and operational practices is a critical and nonnegotiable factor. In fact, these policies, standards and procedures are more important than ever to ensure that you are appropriately protecting your cloud implementation. Since cloud solutions are Internet accessible, if they are not appropriately secured, malicious actors can sometimes get in more easily than if the equipment is on your own premises.
Vendor Risk Management Plan and Business Continuity Plan
When an IT service provider proposes that you use a cloud system implemented by that vendor, it's critical you also implement a vendor risk management plan (VRMP) so you can make sure your managed service provider is following appropriate security procedures to protect your data. A VRMP will also let you assess whether the cloud solution you are considering is appropriately secure as well. And, finally, it is important you have a business continuity plan in place so your employees and your managed service provider know what to do if your cloud system fails, suffers a hacking attack or has otherwise been rendered unavailable.
Making the Move
Moving to the cloud by yourself is not a simple process, and any organization should carefully consider the pros and cons of such a shift. Determining if moving to the cloud is right for your organization can be broken down into several steps:
- Clearly define the problem which you are trying to resolve. Are you facing heavy infrastructure and maintenance costs associated with running a proper data center? Are there business continuity issues which need to be addressed, such as utilizing multiple locations to protect against specific regional natural disasters like earthquakes? Are there certain controls or customizations the organization currently has that may not be feasible in a cloud-based solution? All these questions need to be answered to ensure the cloud solution you choose is appropriate.
- Determine if your organization must adhere to specific compliance requirements, standards or regulations. These could range from the Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry (PCI) standards to the new California Consumer Privacy Act (CCPA) and many other statutes. While a number of these compliance regulations have overlapping requirements, not adhering to specific ones can result in hefty fines. Don't forget to ensure protections are in place for personally identifiable information, if it is present on your network — and it likely is.
- Ensure your IT provider understands its technical capabilities and what it's willing to manage. Ensure managed service providers and cloud service providers have clear delineations on management responsibility. Some solutions only require users to understand how to employ a specific web application while the cloud provider supports the balance of the platform. Other solutions may provide virtual infrastructure, meaning someone besides the cloud provider must be able to support all aspects of the OS and applications.
- The organization must understand the total costs involved in moving to the cloud so it can budget accordingly. If your IT provider is setting this up for you, ask for a total cost of ownership for the cloud operations to make an effective decision. Charges can add up, so understanding the costs upfront will allow for proper budgeting. Many organizations have dived headfirst into the cloud only to realize the services exceeded their initial of cost assumptions.
Cloud Service Providers
Migrating IT services to a client service provider (CSP) benefits law firms by reducing their technology infrastructure's physical footprint in their offices, including built-in redundancy, easy scalability with better physical security and access to advanced security features. Ultimately, this all results in lower IT capital expenditures.
This premium content is locked for Entertainment Law & Finance subscribers only
ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
- Stay current on the latest information, rulings, regulations, and trends
- Includes practical, must-have information on copyrights, royalties, AI, and more
- Tap into expert guidance from top entertainment lawyers and experts
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
Major Differences In UK, U.S. Copyright Laws
This article highlights how copyright law in the United Kingdom differs from U.S. copyright law, and points out differences that may be crucial to entertainment and media businesses familiar with U.S law that are interested in operating in the United Kingdom or under UK law. The article also briefly addresses contrasts in UK and U.S. trademark law.
The Article 8 Opt In
The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.
Strategy vs. Tactics: Two Sides of a Difficult Coin
With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.
Removing Restrictive Covenants In New York
In Rockwell v. Despart, the New York Supreme Court, Third Department, recently revisited a recurring question: When may a landowner seek judicial removal of a covenant restricting use of her land?
Legal Possession: What Does It Mean?
Possession of real property is a matter of physical fact. Having the right or legal entitlement to possession is not "possession," possession is "the fact of having or holding property in one's power." That power means having physical dominion and control over the property.