YourABA: April 2014
YourABA April 2014 Masthead

Flipping the switch on ‘the cloud’:
Cloud computing 101

The cloud computing process was simplified during a conversation by cloud computing legal experts in an American Bar Association webinar that defined the basics of cloud computing and explored some of the legal challenges and possible strategies to address them.

An electrical utility model was used to explain the essentials of cloud computing. David Bodenheimer, a partner at Crowell & Moring in Washington, D.C., equated the process of “cloud on-demand self-service” as routine as turning on a light switch. “You demand service — just flip the switch,” Bodenheimer said. He added that the measured service component of cloud services was similar to a person’s electric bill. “The more you use, the more you pay.”

The three basic service models for the cloud are software, platform and infrastructure. According to Joe Pennell, an associate at Mayer Brown LLP in Chicago, “software as a service is far and away the most popular cloud service model adopted today in the market for cloud services.”

During the webinar, Pennell said although the software service model represents the greatest loss of responsibility and control by the customer, it could generate a better cost savings.

“The more [control and responsibility] the customer is willing to give up, the greater the cost savings the customer can potentially receive in the cloud,” Pennell said.

The conversation spanned to discuss the deployment models of cloud computing. Pennell said that although the cost savings may be significant in a public cloud, there is more risk involved verses when information is stored in a private cloud. He said public cloud providers are less willing to accommodate concerns involving data security and audits as opposed to a customized solution one would find in private cloud services.

Budget pressures and potential cost savings of 25 percent to 90 percent are driving federal government agencies to the cloud, said Bodenheimer, who handles government contracts. In an effort to “be able to cover current tasks with a shrinking budget,” Bodenheimer said the federal “cloud first” policy is also a major driver to require more agencies to seek cloud solutions. Various public surveys also point to an increase in cloud services nationally and globally.

“The cloud is the future, according to the economic projections as well as federal policy,” Bodenheimer said. “We should expect these issues that we’re covering today to be increasingly at the center of IT services.”

Pennell said that businesses will have to make a switch to the cloud if they want to remain competitive. “It is simply economically more feasible to buy computerization services from other specialized providers than it is in many cases to develop it yourself,” he said. “It’s interesting to watch that starting to spread.”

The experts agreed that a prevailing question about the cloud is, How secure is it? Bodenheimer mentioned a survey done by the Government Accounting Office that found that 22 out of 24 of the major federal agencies were concerned about the risks associated with information security in the cloud. It’s a growing global concern, Bodenheimer added.

Knowing your security needs and building those needs within your cloud-service agreement is imperative, Bodenheimer said. The debate as to whether the cloud is more secure centers on the execution of the agreement, he added.

Some security considerations include:

  • Vendor management;
  • Audits of the cloud provider’s security controls;
  • Revised security policies;
  • Comprehensive data inventory and classification; and
  • Business continuity planning.

“Most of us (lawyers) are not security experts,” said Bennett Bordon, partner at Drinker Biddle & Reath LLP, in Washington, D.C. “What we can do is help the client understand what it is they are trying to accomplish by moving to the cloud.”

Bordon said where he has seen clients struggle is when they have left the cloud-computing decision as an information technology decision — but it is not. “While it is a highly technical component to the cloud computing model, it is not strictly an IT decision,” Bordon said.

“Information technology is really an infrastructure mindset … access, security. It’s the plumbing, the framework. They could care less about what’s in the pipes. But there are other aspects of this that are terribly important to consider,” Bordon said.

The experts also agreed that an informational governance framework should be considered when weighing whether to seek and secure cloud services. Consider questions such as what is the business objective you’re trying to accomplish? What are the legal ramifications of that data being in the cloud, both positive and negative? Also, understanding the basic steps to access information in the cloud should be considered.

The program “101 Cloud Computing: Legal Challenges and How to Address Them” was co-sponsored by the American Bar Association Center for Professional Development, Section of International Law, Law Practice Division, Section of Science & Technology Law, Solo, Small Firm and General Practice Division.

Back to top


Shades of Rashomon II: Client billing


Legal technology tips from Law Technology Today


A primer on making partner


Marketing and sales tips
to help build your book
of business

Top 5 keys to getting paid

Are you on the road to your true destination?

Finding your voice
as a new lawyer

Conflicting state and federal marijuana laws create ethical complications for lawyers

What every business lawyer should know about the final Volcker rule

Flipping the switch
on ‘the cloud’:
Cloud computing 101

3 tips for better
slide presentations

In wake of ‘U.S. v. Jones,’ 4th Amendment concerns with law enforcement’s high-tech capabilities emerge


Tell your colleagues — there’s added value in ABA membership


Make your practice
more productive