CircleID has a post entitled Survey: Cloud Computing ‘No Hype’, But Fear of Security and Control Slowing Adoption which talks about a survey of IT executives on cloud computing.   The survey found that they feel the concept has advantages, but they are not keen to adopt it in the short term because they are concerned about the lack of control and security issues.

Not really a big surprise.   The post is a good summary of the business advantages and issues arisong from cloud computing.

That’s the title of my post on Slaw today.

It reads as follows:

We see the term “cloud computing” a lot these days. Its a term that’s hard to define – like Web 2.0. It essentially means having your software work “out there” somewhere, and/or your data reside “out there” somewhere – rather than on a computer in your own home or office. Think of it as commoditized outsourcing. The term is sometimes used to include SAAS and other concepts, and sometimes in a much more limited way. From a legal point of view, the issues and risks for using any flavour of cloud computing are the same – although the size of the risk and what one can do about it varies.

It is a popular topic, and hailed as the wave of the future and the beginning of the end of the desktop computer. On the other hand, Richard Stallman says cloud computing is a “trap” that is “worse than stupidity”, and Larry Ellison of Oracle says “It’s complete gibberish. It’s insane.” Of course, they both come at the topic with particular viewpoints and agendas.

It does offer some compelling business models. For a sole practictioner or small law office or mobile professional, it offers the possibility of always available computing resources and access to files at a fairly low cost. You don’t have to have a large IT infrastructure to support your practice. It lets others worry about things like hardware, software updates, security issues, and backup. The idea is that those “others” can do those things a lot better than you can, because its their business to deal with it.

On the other hand, we lose control over all that. That means we are dependant on others to ensure our data is secure, private, confidential, backed up and available. The consequences of losing all of one’s data because of some vendor issue can be massive.

Frankly, I have mixed feelings about it. The advantages are compelling. While it is a bit of the flavour of the month now, it is not going away, and will continue to mature. I have some control and trust issues over the cloud. To me it depends on what you are using it for, how mission critical it is, how sensitive the information is, who has it, and whether you can keep local copies.

My own blog is hosted on a third party site, but it is by nature public, so there is no confidential information to be concerned about. And it is set up to automatically send backup copies to me on a regular basis so if something goes wrong at the host, I can take it and set it up somewhere. And its not a mission critical system that prevents me from carrying on business or compromises client service if its not available for short periods.

If lawyers use the cloud to do mission critical work, we should go through the same diligence and documentation review we would do for a client entering an outsource deal. In other words, look at the reputation, history and health of the vendor. Ask about their service level promises, back-up, security, confidentiality safeguards. Ask if you can keep a local backup. And see what their agreement says. To the extent these are low cost commoditized services, it often won’t be worth the vendor’s time to negotiate changes to an agreement – but you can vote with your feet.

Here’s some things to read on the subject.

CBA National article including links to ABA articles on the topic. The National article takes a balanced approach to the issue.

My Free Press article from this week talking about the Ontario Privacy Commissioner’s thoughts on the cloud.

A CNET news article on Oracle’s Larry Ellison’s negative thoughts on the hype. Make sure you watch the video in that article that does a good job explaining what the cloud is and is not.

My blog post from yesterday referring to a Guardian article about Richard Stallman’s (founder of the Free Software foundation) negative thoughts on cloud computing.

An earlier post of mine on the pros and cons of cloud computing including links to a Gigaom post entitled 10 Reasons Enterprises Aren’t Ready to Trust the Cloud and Ernie the Attorney’s thoughts on his goal to operate in “ATM mode”. He wants to keep as much as possible in the cloud – largely based on his Katrina disruptions.

The Guardian published an article entitled Cloud computing is a trap, warns GNU founder Richard Stallman coincidentally on the same day as my Free Press article from yesterday on the topic.

Stallman is quoted as bluntly saying: “It’s stupidity. It’s worse than stupidity: it’s a marketing hype campaign.”

“One reason you should not use web applications to do your computing is that you lose control,” he said. “It’s just as bad as using a proprietary program. Do your own computing on your own computer with your copy of a freedom-respecting program. If you use a proprietary program or somebody else’s web server, you’re defenceless. You’re putty in the hands of whoever developed that software.”

I admit to having some control and trust issues over the cloud.  To me it depends on what you are using it for, how mission critical it is, how sensitive the information is, who has it, and whether you can keep local copies. 

For the London Free Press – September 29, 2008

Read this on Canoe

We are moving into “cloud” computing, where users increasingly rely on data and software residing somewhere out there on the Internet.

That means we have little direct knowledge of, involvement with or control over the data or its location. And since that data inevitably includes personal information, it raises information security and privacy issues.

Use of the cloud has moved beyond e-mail such as Hotmail to include applications such as Google Apps for word-processing and social networking sites such as Facebook. And increasingly, it means our data is not only processed, but stored in cyberspace.

This is true for business as well as personal applications.

Cloud computing promises flexibility, better reliability and security, enhanced collaboration, portability and simpler devices. It lets Internet users use servers, storage systems and computing power in multiple locations.

But it also means leaving digital footprints all over the Internet, in places where we have no idea how information is policed.

Ontario Privacy Commissioner Ann Cavoukian weighed in on this issue in the recent white paper, Privacy in the Clouds.

“It will not be possible to realize the full potential of the next generation of the Internet or Cloud Computing without developing better ways of establishing digital identity and protecting privacy,” she wrote.

Cavoukian believes the answer is a flexible, user-centric identity management system with open standards and community-driven interoperability.

In other words, a system where we can log on to a tool that establishes who we are, then use it to identify us to services. We could then use services anonymously, or control how much the service knows about us to minimize risk of identity theft or fraud.

It would help eliminate the many logins and passwords that plague us today. A flexible system would take in any device reaching the Internet, such as Blackberries or game consoles.

A standard approach would also make it easier and cheaper for cloud service providers to authenticate its users, build trust in its privacy and security promises, and cut the risk of security breaches by limiting the personal information they keep.

Such services are starting to appear, but are not yet universally accepted.

Cloud computing – where we store or data, and/or run our apps out there somewhere – has some compelling advantages.  I’m nervous about depending on it though.  Maybe I just like control, but trusting your data and its reliability, security and confidentiality to others in the cloud gives me pause.  And if for some reason one can’t get to their data – either temporarily or permanently …   Then again, perhaps those are issues to be sorted out, not a full stop.

Take a look at this post from Gigaom entitled 10 Reasons Enterprises Aren’t Ready to Trust the Cloud.

But contrast that with Ernie the Attorney’s recent posts  (and here and here) on his goal to operate in “ATM mode”.  He wants to keep as much as possible in the cloud – largely based on his Katrina disruptions. 

And by the way, the proposed Canadian copyright bill C-61 gets in the way of the cloud computing mode for storing your media.