The Cost of Cloud Computing

I have long maintained that over the long run (say, 5 years), cloud computing — SaaS programs – will cost more than doing the same thing in-house. The analogy that makes most sense to me is that of leasing a car:  over time, it will cost you more, but the fixed cost and peace of mind may make it worth it. There are a number of advantages to cloud computing, but cost is not one of them.

Therefore I was interested to see the same analysis in the recent Law Technology News article on cost concerns in law firms by Alan Cohen. The article was based on an LTN survey of 86 of the AmLaw 200 firms. He notes:

“Many of cloud computing’s savings are negated – and then some – by monthly subscription fees. Indeed 30% of respondents said savings from cloud computing haven’t been what they expected. ‘With some cloud offerings you can pay five to 10 times the amount of money it takes to do it internally,” says one CIO, “especially with those vendors that have discontinued their traditional offerings and moved everything to the cloud, making it the only way to use them.’”

So while there are a number of reasons to “go to the cloud” you should do a very careful analysis to see whether the convenience and security of the cloud, as well as the low monthly payment (think of it as a car lease) make up for the higher cost over a period of time.

Happy Winter Solstice

The Winter Solstice has traditionally been celebrated in all cultures for at least 5,000 years as marking the point where the days start getting longer. Maes Howe in Orkney (north of Scotland) is a very large chambered cairn (about 100 feet in diameter and 22 feet high on the outside: the interior chamber is about 14 feet square and about the same height). The 45 foot long entrance way is constructed so that the setting sun shines directly through the passageway onto the back wall of the cairn on the shortest day of the year, setting directly over a stone (the Barnhouse Stone) placed a half-mile or so from the entrance. And of course a similar setup at Stonehenge is even more well-known.

Pre-historic/neolithic peoples were acute astronomers – their existence depended on crops and seasons. The Mayan long calender is more accurate than our current calender with its leap years every four years and “super leap years” at the turn of the century once every 400 years. Other calendars (in India and Mesopotamia – Omar Khayyam was a much better mathematician and astronomer than he was a poet) were also more accurate than our current one.

The early Puritans in New England outlawed the celebration of Christmas between 1659 and 1681 due to its pagan roots, as well as the fact that the lower classes used it as an excuse for “rowdy public displays of excessive eating and drinking, the mockery of established authority, aggressive begging (often involving the thread of doing harm), and even the invasion of wealthy homes.” (Stephen Nissenbaum, “The Battle for Christmas”).

Subsequent year-end religious myths were manifestly modeled on the celebration of the Winter Solstice.  So during this winter holiday season, I wish you all a Happy Winter Solstice. Spring is coming.

Installing and Configuring Worldox

Like many consultants, I have a check list for installing and configuring various programs. Also like many people, it is largely in my head, which inevitably leads to oversights, and incomplete configurations.

So I recently thought I would assemble all the little snippets and notes I have made at various times into a cohesive document on Installing and Configuring Worldox.

The document covers things that clients need to know/decide before the installation; some typical configurations that I use, and lastly some of the tradeoffs involved in when choosing between options.

The document can be downloaded from the cheatsheet section of my Web Site.

Wikileaks and Social Media

Phil Zimmerman first wrote the PGP encryption program in 1991. Great uproar. Individuals would be able to protect their data from outside spying! Horrors!!  In 1993 the US Government made itself a laughing stock by launching a criminal investigation of Zimmerman for “munitions export without a license.”  Charges were quietly dropped after several years of attempting to intimidate Zimmerman.

Today, PGP is a standard part of the corporate security arsenal and was recently purchased by Symantec.

With the meteoric rise of social networking, security has largely fallen by the wayside. Every once in a while there is an uproar – Google is invading people’s private space with its street cam, etc. – but by and large security concerns are ignored. Trying to obtain any privacy on Facebook is an adventure. And the government, including the Obama administration, still insists on being able to spy at will on anyone it doesn’t like (“warrentless wiretaps”).

This has given rise to a lot of pseudo debates – if someone posts nude pictures of themselves on Facebook, can a potential employer use them in evaluating job candidates?  Can lawyers “friend” adversaries (or get someone to do it for them) to find out information?  I call these are pseudo debates because the obvious answer is that if it can be done, it will be done.  It is the inverse of the warnings on a wide variety of products, all of which are structurally identical: “We will not be responsible if you do anything incredibly stupid that nobody in their right mind would do.”

So there is a delicious irony on the government being hoist on its own petard, so to speak. Sharon’s Nelson’s Ride the Lightning blog has an extensive analysis of how it came to be that some Private could download all those files, entitled “WikiLeaks: How Bad is U.S. Cybersecurity? (Bad - Really, Really Bad)”

    “How did a mere private gain access to so much data and then copy and transport it? Regrettably, it was child's play.
    He brought in a CD-RW labeled something like "Lady Gaga," erased the music and wrote a compressed split file. Private Manning rather accurately observed the total absence of security noting that there were "weak servers, weak logging, weak physical security, weak counter-intelligence, inattentive signal analysis... a perfect storm."

In short, the military/state department or whatever has zero security.  This is not new. Government agencies (including Homeland Security) have gotten very poor grades on security for a number of years. Yet they act surprised and outraged when somebody exploits the weaknesses.
 
When addressing law firm security needs, I typically advise clients that there are three levels of types security. First (and most simple), security against intrusion by disgruntled employees. Second, protection from random hackers. Last, and most complex, protection against organized, targeted intrusion.  It would appear that downloading the files falls into the first category, and that there was not even the most elemental protection against it. Is it any wonder that trust in the government is probably at an all-time low?

Law Technology News Awards

It’s that time of the year when various awards are given.  Law Technology News has just released its vendor awards for “best products.”

In the past, these awards have been of dubious accuracy for two main reasons. First, as products added more and more features, they sometimes “won” in categories that had little to do with the main function of the program. More important, many if not most vendors indulged in rampant ballot stuffing, so that the accuracy of the “popularity” was seriously open to question.

This year, LTN went over to a more “objective” rating. Firms were asked to rate various vendors according to a series of criteria. So the results are all measured against a single set of criteria, not as a popularity poll rating programs against each. At least this system has a fighting chance of a better degree of accuracy.

The results are very interesting and confirm how many people currently see various programs as faring.

Both Worldox and Tabs3/Practice Master were among the four products with a “Gold” rating. Time Matters, which had dominated awards in recent years, sunk to a level of “Bronze.”  Amicus Attorney isn’t even on the list any more.  Similarly, iManage achieved only a “Bronze” rating and DocsOpen/Open Text isn’t even in the rankings any more.

Integration Key to SaaS Success

John Heckman’s Small Law column on Integration in the Cloud was published by Technolawyer last week. It is available on the technolawyer Small Law Blog:

Frank Rivera, developer of HoudiniEsq, sent me an email noting an omission in the column:

You only mention that Advologix, Rocket Matter and Clio provide a web app when in fact we have had a web based app for HoudiniESQ for nearly a year now. iT actually looks and feels like a iPhone app on the android and iPhone as well as the iPad. We also have native apps in development now but that is another story.
    1. We have one of the most robust Client Access options in the marketplace, bar none, with very fine grained control over what is made available and to whom.
    BTW, We have the tightest MS Office integration currently in the marketplace, we sync everything and create folders in outlook for easy management of email.

Thanks for the update, Frank.

Since the column was written, I found out that Google has launched a plug-in that integrates Microsoft Office with Google Apps, as reported by TechCrunch:

Apparently the plugin synchs any changes you make to a local Word document with the version on Google Apps every time you hit the “Save” key. In the event there is a conflict, you get a popup message offering to show the conflicts and asking which version you would like to keep. Apparently the demand was so great, Google has stopped accepting volunteers (i.e., beta testers) but you can sign up to be notified when it is available.

This is typical of the kind of integration that will have to happen for SaaS programs to really take hold.

Kindle's Bait & Switch Getting Worse

When I first got my Kindle a year and a half ago, all books were $9.99. The number of books I purchased shot way up.

Then Amazon has a fight with the publishers and let the publishers set the price.  So now new books are usually $14.99.  The new Ken Follett is $19.99. The same hardcover book is only $18.00 from Amazon.

In looking around, I discovered that a significant number of books are now more expensive to buy on Kindle than buying the physical book on Amazon.  This makes no sense.  Some other prices I checked:

Amazon $7.99; Kindle $14.99
Amazon $10.80; Kindle $12.99

Now the Kindle does have one advantage: impulse buying.  If you want a new book and want it NOW, that’s the only way.  But I for one am cutting way down on my Kindle usage, which is too bad, because otherwise it is really convenient. In the year and a half I have had it, My Kindle orders have dropped from 8-10 books a month to 2-3 most recently after the price increases.  Amazon: this is not in your interest.

Strong Passwords - Again

Two recent articles indicate that the new standard for a “strong” password is 12 characters (up from 8).

See the article by Sharon Nelson and John Simek in the ABA Law Practice magazine
Also see the commentary by Jim Calloway in his blog.

Apparently an 8-character password can now be broken in about 2 hours (with the right equipment). A 10-character password takes 180 years, and a 12 character password takes 17,134 years.

The question is, is all this really necessary?  This question can only be answered by asking a second question: who or what are you protecting against? 

There are three levels of answer to this question: (1) casual mischief by employees; (2) random breakins by bored hackers; and (3) targeted breakins by hackers actively looking to steal passwords, credit card numbers, Social Security Numbers, etc.

With some exceptions, lawfirms need to deal with the first category. However, as more and more people go to the cloud, the possibility that valuable data can be stolen by random hackers increases significantly.  The exceptions in the legal area largely deal with things that fall into the general category of industrial espionage. For example, intellectual property firms, firms negotiating major deals, takeovers, etc.

While most firms may not need to move to 12-character passwords immediately, they should certainly dump the obvious passwords many firms use (the most common password is “password;” another common one is the user’s initials), especially if they plan to use any SaaS or cloud applications.

For examples, see The 500 Worst Passwords of All Time

The top 10 worst passwords include (in order):
123456;  password; 12345678; 01234; pussy; 12345; dragon; qwerty; 696969; mustang