Security: how to ensure your software vendor is securing your information “in the cloud”. What to look for

By on October 9, 2011

I recently read an article on cloud computing security and implementation. Always considering moving legal “enterprise software” to the cloud, it reminded me how important it is to insure the utmost security for clients. The subject of security in a cloud environment is expansive, but here are a few things to look for in a cloud provider:

  1. Access Control
    It makes a user feel secure when asked for passwords, etc., but how secure is your provider’s routine maintenance and other back-end and front-end performance controls? This leads me to the next point…
  2. Internal Management Control
    In other words, who in the “cloud” organization is authorized to view your information?  Most cloud vendors have secure procedures in place.  One of the benefits of cloud computing is it circumvents storage of information on the in-house server; less risk of information leaking.  Very few cloud companies have had problems with internal “leakage,” and those that have are probably, newer. When dealing with a cloud vendor, just make sure the internal process is secure and proven.
  3. Internal Security
    A quality cloud software provider will have a secure authentication and authorization process in place, but not to the point of being annoying (of course). IP addresses should be checked and security breaches should be easily flagged. 
  4. Encryption
    This is kind of a no-brainer. Again, most cloud vendors honor this obvious requirement, yet some vendors either do not or cannot have encrypted information within the cloud. Internal encryption is the best case scenario and it’s something you ask for from the cloud software vendor. Additionally, the Federal Information Processing Standards (FIPS)-140 security standard specifies the requirements for cryptology modules.
  5. Internal/External Audits
    Even with all of the security red tape, intrusions still occur. How does your vendor detect a breach? The vendor should be capable of monitoring and measuring any breach of information and how will they communicate that to you? These are very important things to keep in mind when signing a service agreement.
  6. Disaster Recovery
    This is a must; every cloud vendor needs to have a back-up plan. They should be able to communicate this plan to you. This plan should be as solid as the back-up plan they have for the software itself. Also, any impending disasters should be communicated to you, in addition to how the disaster will be handled. All data should be protected at every level – no ifs ands or buts.

Cloud computing is a brave new frontier and there are many things to learn. What do you look for in a SaaS vendor?

 

Comments (0)
Categories: Best Practices, Going Green, Management, Productivity, Technology, Uncategorized

Rent vs. Buy – The SaaS Decision – part 2

By on March 13, 2011

Some people, me included, have always been “buy” type people, maybe it’s just old fashion. We buy, we just don’t like to rent or even borrow most things. Many businesses face the same decision as they review their options for implementing internal software. There are compelling reasons for both software models, in-house licensing and cloud based SaaS.

 In my previous blog posting I covered SaaS benefits; here are a few of my thoughts on traditional in-house software licensing.

 In-house traditional software.

  1. In most cases today, full enterprise level software, especially utilizing database management like financial management systems are best kept in-house. Primarily because there are not any viable SaaS options for mid-large size firms. In addition, firms need tight integrations among many other software systems that are already in-house.
  2.  There is a big difference in processor and memory requirements for enterprise financial management systems vs. other applications like document management. Hosting a DM system off-site is more about file storage sizing and access. In general, lower transactional processing applications not involving complex data structures are fine in a SaaS environment. The economies of SaaS disappear quickly when a large amount of computing power is needed for multiple users.
  3. I’m always concerned about the ease and control of data retrieval. In some SaaS applications it is quite easy to export out all of your data, in case, for example, you’d like to move to a different arrangement. However, with more complex applications where large amounts of data are stored in equally complex databases, extracting it from a “multi-tenant system is a real issue.
  4. The SaaS world is built, for the most part around a “multi-tenant” software model. Your data is actually mixed in with everyone else’s data and the application knows how to get it out. But you can’t. If you had an in-house financial management system and wanted to change vendors, you could conceivable extract the data yourself (or hire a consultant) and move to a new system without notifying your existing vendor until you thought it was proper. However, in a SaaS system, you don’t have a lot of choice. You are at the mercy of your SaaS provider. I’m always concerned about the uncertainty and costs of asking a SaaS provider for help converting to another system.
  5. I have a little bit of experience with the above issue of moving data from a SaaS vendor. In 2010 we decided to leave our long time, big name, on-line CRM system for an in-house Microsoft Dynamics CRM system. So we just called up the big name SaaS provider, explained our intentions and asked for help extracting millions of entries from the last 10 years or so from their system. It was amazing how little help they were and how crude their extraction tools were, if you wanted to leave their system. Of course, we had to licenses some SaaS type extraction tools just to do the all the work ourselves.
  6. Many times, the costs for SaaS only look attractive in the short-term. I recently saw some pricing for a legal market SaaS offering for a “practice management” system. On the surface it looked attractive, then I calculated the total cost of ownership over say, a 8-10 year lifecycle with 100 users and I was astounded. It no longer looked like a bargain at all. Some analysis indicates that SaaS pricing is based on a 28 – 36 month amortization of what an in-house enterprise software license would likely cost. If you keep it for 10 years you may end up paying 3-4 times as much money.
  7. The sales pitch for SaaS often includes the; you don’t need hardware, you don’t need to manage the system, and other similar claims to help justify the pricing model. The fact is that, most mid-large size law firms need to maintain a full IT infrastructure of networks, servers and desktops anyhow. The extra burden and costs of adding one or more virtual servers to this infrastructure may not be a big deal.

 At the end of the day there are all business decisions and for each decision the buyer needs to ask, am I a “renter or a buyer”?

Comments (0)
Categories: Best Practices, Financial Management, Law firm billing, Practice Management, Technology

Rent vs. Buy – The SaaS Decision – part 1

By on March 6, 2011

Some people, me included, have always been “buy” type people, maybe it’s just old fashion. We buy things, we just don’t like to rent or even borrow. Many businesses face the same decision as they review their options for implementing internal software. There are compelling reasons for both software models, in-house licensing and cloud based SaaS. Here are a few of my thoughts.

In the SaaS Camp:

  1. Cloud based SaaS applications look particularly attractive when they are “specialty” type products that are not “enterprise” level of usage. For example, we use such products as ExactTarget for email marketing and SurveyMonkey™ for client surveys. These are highly specialized services, used infrequently, and not worth the costs to bring in-house and manage. SaaS is the obvious choice.
  2.  In the example above, the amount of data and confidentially of that data is not of utmost concern. Confidentiality is important in this case but not to the extent that we don’t want the information outside our facilities.
  3. Another issue is getting data back, if we needed it. I’m not too concerned that the data we store on these sites within their applications is so crucial to our business that we would be damaged if we couldn’t easily retrieve it.
  4. Costs may be a major benefit in the SaaS camp, depending on the type of application needed. The convenience and small cost of a monthly fee on a credit card is a definite convenience.
  5. We use Chrome River for on-line expense reporting. The justification in this case is that, it is a “best of breed” specialty product, attractively priced, used somewhat infrequently and other than manual spreadsheets we didn’t have a better way of managing this process. An easy decision.

 As you can see there are some real benefits to having the right SaaS tools. In my next blog posting I’ll cover why I think in-house enterprise software looks good.

Comments (0)
Categories: Best Practices, Financial Management, Law firm billing, Practice Management, Productivity, Technology

Streamline Your Way to Bigger Margins – #2 – Virtual Law Firms Ride the Cloud

By on September 25, 2010

This ongoing series will visit small (and large) overlooked ways firms can save money that can add up to big dividends.

 In 2001 one of the first legal services websites, Legalzoom.com, was launched. Legalzoom.com enables laypersons to fill out a simple form online to generate legal documents cheaply and easily. Fast-forward seven years and we are introduced to the full-service virtual law office. Technically, the virtual law office was introduced in 1996, but it has taken off over the past couple of years thanks mainly to Software-as-a-Service (SaaS) and some good old-fashioned ingenuity.

The term ‘Cloud computing’ has become somewhat of a technical buzz term. Basically, Cloud computing does away with in-house server-based software loaded on a desktop PC. Software programs are instead accessible via the web (aka, The Cloud).  Software-as-a-Service is another way of putting it. This concept has enabled virtual law offices to thrive since all members of the firm can be on the same application in different locations. Not to mention, these firms are saving oodles of dollars utilizing this technology. Of course, we have all heard about the economic situation, but just to state the obvious – in these times – saving matters, especially when passed along to the client.

Although not every firm is ready to move to the totally virtual model, utilizing Cloud-based software, in lieu of local server-based software can save a lot of money and help firms to realize many new efficiencies that translate to savings of time and costs. How? :

  • Cloud computing saves firms money on hardware. Firms need not invest in servers and software since it is all maintained on the provider’s end.
  • Since the software is maintained on the provider’s end, IT staff need not spend the time maintaining servers and updating the software since this is all provided by the SaaS vendor. In addition, this frees up time for IT to focus on other core areas.
  • SaaS increases mobility and maximizes time. Partners and/or staff can have full access to applications while on the road.
  • Many SaaS providers take a “pay-as-you-go” approach which may help a firm mitigate risks by providing time to try a program before making a huge investment. And, as aforementioned, there is no need to invest in servers, etc. This, of course, is not the approach most enterprise software providers would take, but for more proprietary software, it works. 
  • Without launching into a technical diatribe, the development of Cloud computing enables clients to more easily integrate with other applications. The very infrastructure is set-up much differently than traditional software and it lends itself to working hand-in-hand with other SaaS models and data sources. Instead of building programs from scratch, as in the old days, Cloud models are often open and ready to integrate with other cloud-based applications.

Whether you follow a virtual model or a little of both, your firm can benefit greatly by riding the SaaS cloud.

Comments (0)
Categories: Best Practices, Financial Management, Productivity, Technology, The Legal Market
Gallery
ist2_7730216-library-tables ist2_5516813-business-people-joining-their-hands ist2_11425109-business-woman-with-colleagues-at-the-back
Follow RainMaker