online prescription solutions
online discount medstore
pills online
buy lorazepam without prescription
xanax for sale
buy xanax without prescription
buy ambien without prescription
ambien for sale
buy modafinil without prescription
buy phentermine without prescription
modafinil for sale
phentermine for sale
lorazepam for sale
buy lexotan without prescription
bromazepam for sale
xenical for sale
buy stilnox without prescription
valium for sale
buy prosom without prescription
buy mefenorex without prescription
buy sildenafil citrate without prescription
buy adipex-p without prescription
librium for sale
buy restoril without prescription
buy halazepam without prescription
cephalexin for sale
buy zoloft without prescription
buy renova without prescription
renova for sale
terbinafine for sale
dalmane for sale
buy lormetazepam without prescription
nobrium for sale
buy klonopin without prescription
priligy dapoxetine for sale
buy prednisone without prescription
buy aleram without prescription
buy flomax without prescription
imovane for sale
adipex-p for sale
buy niravam without prescription
seroquel for sale
carisoprodol for sale
buy deltasone without prescription
buy diazepam without prescription
zopiclone for sale
buy imitrex without prescription
testosterone anadoil for sale
buy provigil without prescription
sonata for sale
nimetazepam for sale
buy temazepam without prescription
buy xenical without prescription
buy famvir without prescription
buy seroquel without prescription
rivotril for sale
acyclovir for sale
loprazolam for sale
buy nimetazepam without prescription
buy prozac without prescription
mogadon for sale
viagra for sale
buy valium without prescription
lamisil for sale
camazepam for sale
zithromax for sale
buy clobazam without prescription
buy diflucan without prescription
modalert for sale
diflucan for sale
buy alertec without prescription
buy zyban without prescription
buy serax without prescription
buy medazepam without prescription
buy imovane without prescription
mefenorex for sale
lormetazepam for sale
prednisone for sale
ativan for sale
buy alprazolam without prescription
buy camazepam without prescription
buy nobrium without prescription
mazindol for sale
buy mazindol without prescription
buy mogadon without prescription
buy terbinafine without prescription
diazepam for sale
buy topamax without prescription
cialis for sale
buy tafil-xanor without prescription
buy librium without prescription
buy zithromax without prescription
retin-a for sale
buy lunesta without prescription
serax for sale
restoril for sale
stilnox for sale
lamotrigine for sale

RE: Cloud Science, Dropbox, and Behavioral Economics

What is a cloud?  I’m no meteorologist. In fact I can hardly spell the word (I mean, I have troubling spelling “meteorologist”; I can spell “cloud”). But I know what I see – and that’s that clouds are externally opaque.  Still we assume they work. In the context of cloud computing, this much is true as well.

What is cloud computing? The National Institute for Science and Technology defines cloud computing in richly technical NIST-speak. For reference: “a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” That’s all pretty inaccessible. What it reduces to, essentially, are the principles of “scaled economics” – that is, law firms outsourcing their data storage needs to avoid expensive hardware upgrades and skim a little from their IT budgets.  One such public warehouse is DropBox; more on Dropbox later.

There it is, then. Law firms have adopted this as a fit cost-cutting strategy and they have done so en masse. The purposes range from e-mail archiving and document management (NetDocuments) to, among other things, payroll processing (ADP). The snowball has been tossed and has already gained formidable velocity. So much for tradition and so much for excess preoccupation with ABA/federal rules; now it’s okay for all to play ball. In a certain respect, law firms are just doing as businesses do. They only think about security in the context of security breach – when a golden laptop goes conspicuously missing, when a staff attorney discovers a keystroke logger, when server data gets compromised and there’s glaring signs of data leakage.  Then, we talk security.

DropBox was highly, highly touted as recently as last year; folks with technical know-how said DropBox was safe for use by law firms handling sensitive legal data. A year ago, this lawyer gave thunderous support for integrating DropBox into legal work. As did this guy: Why DropBox Rocks for Legal Offices. And then, on June 19th 2011, there was a security breach. For four hours on that fateful Sunday, anyone with a modem could access DropBox-hosted documents; the systems would accept any password. Let that digest for a moment.

A well-credentialed acquaintance of mine once approached me for idea leads on a talk he scheduled to do at a conference entitled “Security in the Cloud.” I was speechless. After having done a bit of diligence, here’s what I’ve got. There is no security—none. The 1s and 0s are tossed off haplessly along in cyberspace. And beyond security, there is additional concern:

  • there is, first and foremost, the worst case scenario of the loss of client data, which in turn would damage a firm’s professional reputation and expose it to malpractice liability;
  • the bare inability to see or touch documents on a piece of hardware you own;
  • the mere fact of having to interface with a third party at all, which represents a barrier between attorneys and their IT department;
  • the indirect (and often) limited control of available bandwidth;
  • the risk of becoming inadvertently subject to the laws of a foreign jurisdiction, where document storage might be ultimately maintained;
  • and finally, waiving the privilege.

What do YOU think? In the humble view of this post’s author: the same principles of “scaled economics” that compel firms to outsource administrative responsibilities are what compel further outsourcing (and cost-cutting) on behalf of these third parties, with little additional accountability. Institutional inertia is a two-way process, and I feel firms ought to be vigilant of ongoing trends in the realm of cloud security – and withhold. At a minimum, whatever auditing standards a firm applies to its policy in-house ought to be extended and applied out-of-house as
well.

In terms of understanding the cloud’s topology, cumulonimbus may just as well be cumulo-“nebulous.” And if DropBox repeats itself soon – you’ll pardon the forced pun – the size of the fallout will just as well be a computational disaster.

About the Author

STLR

blog comments powered by Disqus