Cloud computing’s cost savings and quick return on investment is frequently making headlines in many sectors, including legal.[1] With litigation and e-discovery on the rise, it’s important to cut costs without sacrificing quality, and cloud computing is the new “go-to” solution. Yet some litigators are hesitant to switch e-discovery databases to the cloud for fear of risks such as security breaches or data loss. By understanding what cloud computing is, how it can benefit you and what to look for in a service provider, your corporation’s legal department can make the best decisions regarding the use of this powerful technology.

What is the cloud, and what does it do with your data? According to the National Institute of Standards and Technology (NIST), the definition of cloud computing is “on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”[2]  In other words, the cloud physically separates the user from hardware infrastructure and instead gives the user access to applications and data via the Internet. 

The cloud is made up of three service models:

1. Infrastructure as a service (IaaS) is the basis of the cloud and provides virtualized physical hardware that is accessible through the Internet. This hardware includes computers, processing, storage and servers. For example, Amazon Web Services offers a menu of different types of virtualized servers that customers can use just like a traditional physical server.
2. Platform as a service (PaaS) goes one step further than IaaS by providing a virtual toolkit in addition to hardware that allows developers to create software. Facebook is an example of PaaS that developers use to make apps specific to the social media site.
3. Software as a service (SaaS) gives the user on-demand access to a particular application and is the model you will most likely come in contact with. Think of SaaS as the final product software – built on IaaS and PaaS.

All three of these models are similar in that the consumer does not have to worry about maintaining the hardware of a physical computer. However, SaaS is the most beneficial to legal departments because it eliminates the cost and labor of data hosting as well as software installation and updates. SaaS offerings include a wide range of applications such as Microsoft’s Office 365, blogging platforms and e-discovery review platforms.

SaaS Is Efficient And Cost Effective – But Is It Safe?

The concept of tenancy is key to understanding cloud security. Think of a “tenant” as an individual person or an organization. Therefore, something that is single-tenant is used by only one organization, whereas a multi-tenant cloud is used by several organizations. However, it is crucial to note that multi-tenancy does not mean that these organizations have access to each other’s data. Providers block one tenant from seeing another tenant’s database as a standard precaution. For example, an online word processing application such as Google Docs uses multi-tenancy. Many different people use this product but do not have access to another individual’s documents. So how does the concept of tenancy fit into private and public clouds?

A private cloud is single-tenant[3]. Therefore, it’s unlikely that you would come across a SaaS application that offers you an entire cloud to yourself. Private clouds are more often used for a company’s internal work and software development. 

A public cloud is owned by a company that sells space or services in the cloud to multiple tenants. These different tenants are not sharing data; they’re just sharing space. Think of it as separate apartments within one building. Every apartment has its own key, but they are all housed within the same structure.

Although your data will have its own “apartment,” you still need to make sure that certain security measures are in place – both virtually and wherever the physical servers are located. A SaaS application that meets all of your security requirements is the best solution for e-discovery and case management because of its flexibility, efficiency and price point. To make sure you cover all security checkpoints, the end of this article provides sample questions to ask your service provider before signing a contract.

What Are The Benefits Of Using A SaaS Application?

Access Anytime, Anywhere

Clients can access their data across multiple forms of technology – such as cell phones, laptops, tablets – and from different geographic locations. Access is not limited to one physical machine, thus increasing an employee’s ability to do work. Or, for example, if outside counsel has teams in Washington, DC and New York, they can both review discovery and see each other’s progress as the case moves along.

Efficient Resource Use

In the cloud, resources can be pooled because multiple clients are using a provider’s storage, memory and network to access their data. This allows hardware and storage to be utilized more economically and efficiently and drives down costs. Because hardware is virtual and shared, unused capacity is reduced or redistributed, which illustrates the great elasticity of cloud-based solutions. If the amount of terabytes of e-discovery you review per year fluctuates, the cloud allows for easy scaling to meet capacity needs.

Accommodation at a Moment’s Notice

If you are adding more documents to your database, processing more data or bringing on more reviewers in order to meet a production deadline, SaaS uses its pooled resources to accommodate you. In other words, multiple pieces of technology act as one in an optimal manner to give your data the space it needs as the number of documents or reviewers grows or shrinks during the litigation lifecycle.

Quick Start-Up

The cloud’s agility is what separates cloud-based technology from traditional software. With an in-house solution run by IT, there’s often a delay in setting up new software or expanding storage for data needs. Each instance of a software program has to be set up individually, and if something goes wrong or there is a bug in the program, it must be addressed one computer at a time. In the cloud you can access a new program within a matter of minutes from wherever you are working. Any fixes or updates are taken care of by the SaaS provider, greatly cutting down on the labor-intensive IT work that was necessary in the past.[4] Another benefit is that you can send a service provider your discovery data as it is being collected. This way, when you’re ready to start reviewing discovery documents, everything is already in place.

Transparent Billing

SaaS is a measured service, meaning that resources are automatically controlled and optimized. This is a more effective way of analyzing expenditure and return on investment because you are billed monthly.[5]  Your procurement department and CFO can use this technology to more accurately manage and predict costs versus the depreciation of startup fees involved in purchasing your own hardware, software and labor.  Not only is spending more easily measurable, it is also more cost effective. Through economies of scale you get higher quality for lower cost, resulting in a smaller capital investment. The service provider’s expertise and efficient use of resources will also lower costs.

Team of Experts

Perhaps the most important benefit of SaaS is customer service. By purchasing SaaS you get robust and complementary services. The SaaS team is expert in their own product and takes the burden off your internal IT department. For example, your SaaS project manager will have data management expertise in industry standards, strategies, data processing and defensibility measures. Another benefit of SaaS is that it avoids potential in-house conflicts of interest. The service provider can even give advice about situations such as producing to opposing counsel or performing quality control on your productions. Additionally, the SaaS provider takes care of all software and hardware updates as well as other operational issues. They handle system maintenance, security and redundancy, so you never need worry about backups or disaster recovery.[6] This gives you the freedom to focus on your job.

Ask Before Signing

Now that you understand more about the cloud, it’s important to know what to look for when selecting a service provider. Here are some sample questions to build off of when going through the vetting process:

Data segregation:

• If your data is stored in pooled resources, what sort of encrypted multi-tenant deployment model does the company provide you with to ensure that your data remains segregated and protected?[7]

Recoverability:

• What redundancy, backup and disaster recovery plans does the provider have in place for both the data as well as the physical location of servers?

Information Security:

• If you need to share data with an expert witness, for example, can you safely grant limited access to the application?
• To what extent is your data encrypted during an online session as well as when in storage?[8]
• What sort of monitoring options does your service provider give you?
• Does your SaaS provider meet your corporation’s compliance, integrity and confidentiality needs?
• Does your provider have a secure and clean way to delete data if you request it?[9]
• Who has access to the hosting facility where the servers are housed?

Legal and regulatory:

• Will any of your data be stored or accessed outside of the U.S.?
• How will the provider store your data? Will it keep both pristine and culled copies of your documents?

Portability:

• How much of the Electronic Discovery Reference Model (EDRM)[10] spectrum does the system encompass?
• If the SaaS application does not include the entire litigation lifecycle, is your data easily portable to another cloud or application?
• How easy is it to get your data out of the cloud at any given time? Is there a situation where the provider would “hold your data hostage”?