Discussions around the cloud generally take one of two paths: complete drink-the-Kool-Aid support or trembling-in-their-boots fear. The reality is that there are some valid concerns that cloud computing can raise, especially if someone does not fully understand the risks and benefits of adopting that model. Rather than discount these concerns because of the upside of cloud adoption, let’s debunk the fears surrounding cloud adoption.
Is the cloud safe?
A major concern raised by the cloud naysayers is often data security. While concerns about both data security and global data privacy obligations are valid, assuming that because the data sits on-prem or behind your firewall it is somehow safer than in the cloud architecture of AWS, Azure, or other behemoth cloud providers is simply incorrect.
When dealing with high profile and highly confidential internal or client data, leveraging an established and massive cloud provider (or partnering with a technology provider that has) is often the safer option.
As anyone who has worked in a law firm can attest, budgets for IT and infrastructure are tight, and often the potential impact on profits per partner is weighted more heavily than a future vague threat posed by cybersecurity threats or disaster recovery. As a result, despite serving as a repository for top tier enterprise data, the business continuity and disaster recovery capabilities for many firms and consulting companies often lag far behind.
Compared to the over $1 billion spent annually by Microsoft to safeguard Azure from cyber attack and the $13+ billion spent on Amazon for IT, most law firm and even major enterprise spending is nominal. This delta in cybersecurity investment is highlighted in the recent finding that 73% of firms fail cybersecurity readiness tests.
The increasing frequency of large-scale cyber breaches at both law firms and large consulting providers highlights both the vulnerability and increased focus by bad actors on these targets. Rather than relying on an IT group that is already spread thin and hardware that may be missing patches or lacking the computational robustness necessary to handle large complex data sources, law firms often engage with external vendors using web-based SaaS cloud platforms.
Many providers leverage shared data centers or their own smaller data centers, but they certainly do not have the budget or reputational need to make data security a priority like AWS and Azure have. Given the choice, I’d prefer relying on the deep pockets and high profile of big players like Microsoft and Amazon rather than trusting a comparatively tiny ediscovery vendor to safeguard my data.
Can the cloud be GDPR compliant?
Global data privacy concerns are an increasingly central consideration for any ediscovery program. Whether you are dealing with data subject to GDPR, China’s state statutes, or the developing U.S.-based data privacy regulations like California’s CCPA, it is important to understand the impact on your data.
Some may worry that the decentralized nature of cloud computing makes compliance with these evolving and increasingly strict personal information policies a challenge. Thankfully, multi-billion dollar cloud providers have this covered. AWS, the cloud infrastructure which DISCO is built upon, is fully GDPR compliant and has a wealth of options to create in-country private and hybrid clouds to mitigate the data transfer concerns posed by the fluid nature of cloud data storage.
Because DISCO is enabled by an AWS infrastructure, we benefit from the infrastructure certifications Amazon has invested in and maintains (ISO 27001, SOC1, SOC2 & SOC3, ISO 27017 for cloud security and ISO 27018 for cloud privacy). DISCO has also invested in region-specific cloud deployments in countries with more aggressive data privacy regulations to further support compliance. In the case of GDPR, for example, we have a Dublin-based private cloud (AWC EU Availability Zone).
In many respects, a well-developed cloud deployment is more compliant with GDPR and other data privacy regulations than an on-premise solution playing catch up with these evolving obligations. If the cyber readiness gap is any indication of firms’ ability to comply with GDPR, you may want to encourage your outside counsel to embrace cloud-enabled partners.
Is cloud hosting difficult to manage?
An equally beneficial aspect of relying on the cloud for ediscovery is that updates, patching, and new capability rollouts are all handled by the SaaS provider, as opposed to wasting non-billable time pulling your system offline.
The provider also has dedicated staff ensuring that any critical infrastructure needs are monitored and managed, and that patches and updates are applied uniformly and in a timely fashion. Moving this to your SaaS provider reduces the strain on your firm’s internal IT team and ensures that you are always running on the best option of a platform/infrastructure.
That all sounds great, but cloud services are expensive right?
Cloud enables an organization to scale up in real time as needed to handle larger or more complex cases, meaning cloud computing allows organizations to reduce expense generally for infrastructure and personnel to support their ediscovery program. This does not mean that the cloud replaces the ediscovery program, merely that a firm or organization can focus on hiring talent to manage the case strategy in lieu of infrastructure support. For law firms, this can push their expenditure to roles and tasks that are billable.
Cloud infrastructure, because of the just-in-time scalability and reduction of infrastructure cost, brings down the net cost of running an ediscovery program and allows smaller entities to leverage tools and tech on par with larger competitors without breaking the bank.
Because cloud computing, in its most basic form, is merely resource sharing for computing and storage, the cost savings benefit in terms of cost to engage and savings over a solo on-prem solution is substantial. This allows larger firms to deploy resources more surgically and devote their spend to more client-focused solutions, while providing smaller firms with the opportunity to grow significantly sooner than their CAPEX expenditure might allow.
Bringing the cloud down to Earth
On the whole, moving ediscovery to the cloud offers substantial benefit in security, regulatory compliance, cost saving, and scalability at a fraction of the strain on spend and resources. Many of the “fears” around cloud are not fully informed, and the benefits are apparent once you dig deeper — which is why we are seeing such a rapid upswing in enterprise and ediscovery adoption in the last several years.
The recent IDC MarketScape report found that 45.7% of ediscovery software is now deployed via software as a service (SaaS/cloud), a percentage that IDC anticipates will continue to rise for the foreseeable future. This is a clear indicator that the future of discovery is decidedly cloud.
Who's Afraid of the Big Bad Cloud blog series:
- What is cloud and where did it come from?
- Flavors of the cloud
- Understanding why the cloud isn't actually scary