♫ Humpty Dumpty sat on a wall,
Humpty Dumpty had a great fall.
All the king’s horses and all the king’s men
Couldn’t put Humpty together again…♫
Nursery Rhyme, composer unknown.
Channel Insider on their Blog reported this week on how Intuit/Quicken has shut down their cloud-based users in an article entitled: Cloud Fears: Quicken Online Users Shut Down.
As of August 29, Inuit cut off the cloud-based users with this message:
No action is required on your part. Your account and all the data stored in it will be deleted and securely removed from all Intuit databases. If maintaining a record of your data is important to you, you can export it to a CSV file before August 29.
If maintaining a record of your data is important to you! Imagine if these were legal accounting records!
Now Quicken has also acquired Mint.com, another cloud-based provider. Intuit wants their users to move to Mint.com. However, there is just a tiny problem.
While you could export your Intuit Online data to a CSV (comma separated value) file, there was no easy way to upload or migrate that data into Mint (or any other online or desktop solution, for that matter). You have data but no real way of using it. You need the application and *ahem* the application has vanished.
If you used Intuit’s Quicken in the cloud for both business and personal accounts, according to Channel Insider, you are no longer able to integrate your on-line accounts, since Mint is only a personal finance solution.
This situation illustrates some of the concerns with cloud-based solutions:
One, you are locked to a single vendor. Your options to move your data are severely limited, since you need a migration tool to move data from one application to another. Having a CSV file is great if you want to look at your data in Excel, for example, but that is about it.
Two, there is no guarantee that your application will be around tomorrow, no matter which cloud-based vendor you choose. Intuit is not, by any means, a small vendor.
Three, if you are a law firm, your ethics rules may require you to store your records at your place of business. There may not be any allowance in those rules to store records ‘in the cloud’, particularly if the cloud storage may be outside of the jurisdiction where you practice (and in fact, may be in a different country entirely and thereby subject to the laws of that other jurisdiction). These other laws may provide for government access to the data without any notice being given to the owner.
Four, you have no control over how the cloud provider complies with your local privacy and personal information laws and regulations, yet lawyers must practice in compliance with these laws.
Five, lawyers must meet minimum record retention requirements. Your cloud provider may have retention periods for data that are shorter than a lawyer’s minimum record retention periods. They also may not make provision for storage of data for much longer periods that may be required in special cases.
Six, confidentiality and privilege are sacred to a lawyer’s professional practice. Many cloud applications may not have been developed specifically with lawyers in mind and may build in ways to share data (say with other cloud based applications) that may jeopardize confidentiality and privilege. Not everyone reads those ‘click through’ agreements carefully looking for possible problems with how the cloud provider could and does, share your data.
Seven, the ethics of your jurisdiction may require that you seek the consent of your client before you place their data in the cloud. If your office is premised on using cloud-based applications, you may have to turn away work in the event that your client does not provide the requisite consent.
By far the biggest practical risk with any cloud-based provider is that, once your data is up sitting on their cloud-based wall, if the wall should crumble and the data should fall, all the king’s horses and all the king’s men may not be able to put your practice together again.
This entry was posted on Friday, September 3rd, 2010 at 3:44 pm and is filed under Issues facing Law Firms, Law Firm Strategy, Technology, Trends. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.One Response to “Turbulence in the Cloud…”
September 9th, 2010 at 9:36 am
Heya David, good post.
Some thoughts in same order as your list:
1) single vendor lock in is a problem that the SaaS vendor must address with portable and flexible export tools that are easy to use. If they don’t, they cannot be taken seriously in the market. Ideally, the tools should export to the ‘heavy’ traditional and locally installed version of the same application from the same vendor.
2) See #1; sufficient export to a fully documented standard and/or the availability of a compatible traditional desktop application address this issue.
3) Great point, and would be interested in specific examples in the Canadian jurisdictions of which you’re aware.
4) You should be able to obtain the details of the procedures undertaken by the provider to maintain compliance; if the provider has documented SAS 70 procedures and has completed such an audit, then inherently these controls are in place.
5) See #4. Clearly there are checklist items that must be provided by all cloud providers in an automated fashion. See http://www.cloudaudit.org/
6) See #4. A provider would be on very thin ice if they disclosed any information without the consent of their clients. If they did and the breach was ever discovered, they’d be sunk. But it’s a valid point.
7) Do you have examples of this?
Thanks, Andrew