Several months ago I was asked by a partner to review the privacy policies and terms of service for a number of consumer cloud storage providers and to rank them according to how well they met his requirements based on firm policies, ABA missives, and a handful of other relevant opinions about client confidentiality and the cloud.  Long story short, they all failed miserably.  None of them came close to meeting the “requirements”.  

The partner was hoping to be able to tell his fellow attorneys that the firm doesn’t approve of consumer cloud storage for client related information, however, if you are going to use a consumer solution for “personal information” we recommend provider X.  My pessimistic report made even that a difficult statement.  Still hoping to salvage something from this conversation he asked a follow-up question. 

“Do any of these services provide anything close to the level of security we have in email?”

Had I sipped my coffee a second earlier I surely would have showered my office with stale joe.

“Excuse me”, I said, “Could you ask that again?”

“Attorneys send client confidential information all the time via email, so do any of these services come close to meeting the standards for email security?”

That’s what I thought he meant.  I broke the news to him slowly, explaining it this way. “I wouldn’t put anything in consumer cloud storage that I wouldn’t leave in a file folder on the front seat of my locked car.  But, I wouldn’t put anything in an email that I wouldn’t write on the back of a postcard and hand to a stranger on the street to mail for me.  The least secure of these consumer cloud storage solutions is many, many times more secure than a standard unencrypted email.  In fact, some of them have much better security protocols than your average law firm.”

The partner was flummoxed.  “Then what’s the big deal about this cloud thing?”

I was reminded of this incident when I attended the ILTA conference a couple of weeks ago.  In the vendor hall I saw a lot of vendors pushing their cloud-based SaaS solutions and a lot of firms saying, “Sorry, we have to host all of our own data.”  Typically the vendor went on to explain the value of allowing them to host the data. The product is constantly monitored, backed up, and securely encrypted in transit and at rest.  The product and mobile apps are updated multiple times a day. They simply can’t provide such a high level of service if you insist on hosting the product behind your firewall.  

These conversations went back and forth for a long while.  I never once heard a cloud vendor acquiesce and say, “Well, OK. We’ll let you host it yourself.”   Chances are good that if you host their service, you will have a less than ideal experience.  And if you have a less than ideal experience, they will have to spend a lot of time and money to make you happy, which will eat into their profits.  They would rather not have you as a customer at all, than to have you be a less-than-completely-satisfied customer.  It seems some vendors have learned a lesson that many law firm’s have not: not all revenue is profitable. 
Taken together I think these incidents are representative of a larger paradigm shift. Traditional IT services, even the big traditional Legal software vendors, are moving to the cloud.  Attorneys will eventually figure out how to work with the cloud and still meet their ethical obligations, or they will just get used to the risks and ignore them like they have with email in the last 20 years.  The ABA will eventually make some coherent and unambiguous statements about the acceptable use of cloud services. And all of these will come together at the same time that firms begin to realize the economic benefits of not supporting an entire service infrastructure in-house.

Once that happens law firms will look back on all of the sturm und drang surrounding the Cloud, Software as a Service, and the Consumerization of IT, and they’ll wonder what all the fuss was about.  They’ll probably also wonder what all those nice people who used to run their network are doing now.

Balancing out my post this week on some less-than favorable news from Texas, I wanted to share some very good news from the Lone Star State.

Onit, a Houston-based legal technology company, obtained a healthy injection of capital this week. Eric Elfman, a founder and the CEO of the company, has been working tirelessly for months to secure this funding. I know this because he has cancelled lunch with me numerous times.
Onit is doing some very interesting things with technology. Their original focus on legal project management has evolved a bit to focus more on process automation. Process is something every legal department and law firm has, but are just coming to recognize. So an application that automates process is going to have significant value. If you look at the process mapping Seyfarth, Reed Smith and other firms are pursuing and the impact this is having, you will start to fully appreciate the value of such a tool.
The other unique aspect of Onit is its SaaS model. Process automation can be very painful due to the time and investment required in enterprise infrastructure. Onit removes that pain.
I’m guessing the $4.1m in funding from Austin Ventures is going to vault Onit deep into the market. Watch for great things coming from Eric and the team over the coming year.
Congratulations Onit!

[Guest Blogger Ryan McClead brings us part II of the End of Corporate IT]

Despite what may have been a slightly overstated prognosis of doom and gloom, no one has (as of this writing) stepped up to refute my scenario.  We may quibble about the details of the CorpTech-pocalypse (CTP) , but no one has suggested that it won’t happen at all.   So…where do we go from here?

Well, we have two options:

Option 1:  Ignore it, maintain the status quo, stick your fingers in your ears and la la la la…

IT departments that maintain the status quo will be the first to collapse under the weight of the CTP.   Chances are good that a favorite topic of conversation for your CEO is currently “my IT department doesn’t understand what we do.”  I am friends with educators, doctors, accountants, business people, and even a few lawyers, and they have all at one time or another expressed to me their displeasure with their own IT department using a variation on that phrase. It’s probably the most common IT related phrase ever spoken by professionals, with the possible exception of “why do I have to reboot again?”.  Eventually your CEO will be lamenting your general un-helpfulness while seated across the table from a salesperson for a major technology services provider who will helpfully explain that they can offer all of the services that you currently provide for a quarter of the cost.  At that point it’s too late to change.  So, ultimately, option 1 isn’t really an option.

Option 2:  Change the way you operate now, learn the business your company is actually in, prepare your company to transition into the post-IT environment, and develop the skills that will be useful in your next career.

Change the way you operate now.

This is less a practical suggestion, than an exhortation that you need to change sooner rather than later.  Change is never easy, but it’s not going to magically be easier in a few years.  In fact, it’s never going to be easier than it is right now.

Learn the business your company is actually in.  (Hint: it’s probably not IT services.).

IT departments were created because management recognized the need for someone with special knowledge to maintain and support the technology needs of their business.  As technology needs have exploded, IT has too.  IT policies originally set in place to make it easier for IT to provide services, have evolved into de facto Company Policies with IT as the enforcer.  This has created an antagonistic relationship between the IT department and the company at large.  When someone finds a new or better way of using technology to do their job, the last people they want to tell is IT because IT will shut it down. We’ve become obstructionists standing in the way of innovation.  A company within the company, but fundamentally disconnected from the primary business.

Your value as a technologist isn’t in your general understanding of technology, but in your understanding of how technology can improve business practices.  If you don’t understand those business practices, you are providing minimal value to your company.

Prepare your company to transition into the Post-IT environment

First and foremost, stop habitually saying “No” to non-standard technology requests.  If you don’t know about a particular technology that is being requested, ask the user to explain it to you.  How do they want to use it?  What service will it provide them that they don’t currently have?  You may already have a system in place to provide the service the user is looking for and if you don’t it might be a valuable addition to your network.  If you’ve already reviewed, evaluated and rejected the technology, give the user an explanation for why it was rejected in language that they can understand.  Rattling off a string of techno-babble is tantamount to just saying “no”.

Develop processes to quickly review, evaluate and adopt (when possible) popular consumer technologies and services. You should have a small group whose job it is to review new technologies, see how they work in your environment, discuss the value of the service with business management and present a report with risks and benefits clearly defined so that management can weigh the options and make decisions about technologies that will be allowed.

Develop an End Point Agnostic network. Once upon a time, mobile computing devices were the province of corporate IT.  That ship has sailed.  Mobile computing is a wing of the fashion industry, and people are passionate about their fashion accessories.  Let them use whatever device they want.  Blackberries, iPhones, Androids are all capable machines and there are ways to connect them to your network safely.  Experiment and document acceptable usage of all devices,  If you provide an acceptable way to use the devices people want to use, they will most likely use them correctly.  Most people understand the issues of security and compliance.  They will try to comply right up until you tell them they can’t use their pretty pink phone, then they will figure out how to connect said pink phone to your network in a way that isn’t secure.

End Point Agnosticism is a first step toward Cloud Computing, Telecommuting and SaaS adoption.  Each of these become easier if your network is already EPA.

Develop the skills that will be useful in your next career.

This is not to say that your next career will not be in technology, just that it probably won’t be in a non-tech corporation, unless you are consulting on using technology to enhance business practices.  Step 2 above, learn the business your company is actually in, will help your company now and enhance your personal value in the future.

Most of us originally got into corporate IT because we had a deep interest in technology.  Redevelop, or in some cases develop, that interest!  Don’t just know how you do things in your company, study how other companies accomplish the same tasks, learn new technologies, and explore new solutions.  We are living in the most exciting technological period in history, revel in it.

Lastly, throw out old biases.  PC vs. Mac vs. Linux, Blackberry vs. iPhone, Google vs. Yahoo. It doesn’t matter anymore.  You need to know them all.  Embrace it.  The more you know, the more valuable you are.  The more focused you are on a single technology, the more easily you are replaced.

The CorpTechPocalypse is going to happen, but it doesn’t need to be painful for you or for your company.  In the end, you might both be better off going your separate ways and seeing other people, having grown for the experience.  And if you do it right, you can still be friends.

[Guest Blogger – Ryan McClead

I have seen the future and there is no IT. Oh, there will be people called IT personnel and there will be external IT corporations, but the corporate IT operations and development departments as we know them today, will cease to exist…and soon. A few wise souls may realize that the end is out there in some amorphous distant future, but in the meantime they slog away at the daily minutiae, oblivious to the quickly approaching cliff off of which they are about to plummet. I predict it will happen suddenly and within the next few years.
There are a number of factors leading to this inevitable demise of corporate IT, but three in particular will be sufficient to bring on the end:
•             The corporate acceptance of SaaS.
•             The explosion of consumer technology.
•             The US economy.
Software as a Service, or SaaS, is software made available through the web for which corporations or individuals contract with an outside provider. The benefits of this are ease of use, ubiquitous access, continual maintenance and backup, and single, budget-able cost of “ownership”. Most of the concerns against using SaaS can be summed up as Security Fears. Many companies are not ready to put their proprietary data up in the cloud for fear that others will be able to access it. Most SaaS data is fully encrypted and unavailable to anyone other than the contracted company. Encryption schemes are only getting stronger and the security argument will largely fade within a few years. I believe SaaS is now where online banking was in 1995. A few people were starting to do it, but it was not widely adopted due to security fears. Eventually, the cost of not doing it will greatly outweigh the security concerns. Today online banking is a necessity because the cost of not doing it is significantly greater than the risk. This is true to the point that even after a major financial security breach occurs, corporations and consumers might change their methods, but they would never consider discontinuing their usage of online banking altogether.
Consumer technology and services have exploded in recent years. With the development of powerful smart phones and the ubiquity of network access, consumers are now connected to the internet all the time, in a way that they used to be connected only at work. This has given rise to all kinds of tools and services designed for consumers to make their lives easier. Social networking, knowledge transfer, contact management, document management, storage, and backup, are all services that corporations provide to their employees at work, but that employees use for themselves at home without the need of an IT department. Consumer services provide all of these services faster, better and cheaper than corporate IT, meanwhile, corporate IT stands in the way of employees adopting consumer technologies in the enterprise, ostensibly to protect the corporation, but the perception is quickly emerging, that we’re actually protecting ourselves. We are becoming obstructionists, preventing people from using the tools that they are familiar with, and forcing them to use outdated tools that we can control. Furthermore, as the older generation of employees retire, the younger employees will require less assistance with technology, and will insist on using the newer technologies that they already use for their personal information management.
The two factors above will continue apace and eventually lead to the downfall of corporate IT on their own, however, they are being helped along by an increasingly poor US economy, in which corporations are cutting back on every conceivable extraneous expense. Many SaaS providers are currently perceived to be more expensive than their internally hosted counterparts. However, that is only because IT personnel and internal infrastructure are still considered requirements. If you remove those requirements, suddenly SaaS is a bargain. As prices of SaaS come down, this will only become more apparent. Economic pressures also come to bear on the enterprise adoption of consumer technologies. Consumer services like social networking (LinkedIn) are free to use and provide much greater functionality than many similar internal services like contact and relationship management applications (InterAction).

Today the office building pays an electrician to walk around changing light bulbs. That is the future of corporate IT. Gone are the sys admins, help desk personnel, and developers. They will all work for external companies. In the future, the corporate IT department is a guy who unwraps a new interface module when one breaks and plugs it into the network conduit, and if the network goes down, he places the emergency call to the ISP. If he’s lucky he will also serve as an integrator for the corporation, a go-between who can speak techno-babble with the companies who provide the actual services, but eventually even that function will go away, as Google and Amazon and Microsoft all provide their one stop plug-n-play IT solutions for enterprise, fully accessible via consumer devices and integrated with consumer services and all available for the price of a handful of IT personnel.