Since the rise of the Internet, there have been two revolutionary advances in computing that are shaping the creation and delivery of software today. The first is the rise of open source software. The second is the delivery of software through public cloud computing. One changed the way software was created, bringing thousands of developers together to create amazing programs, given away for free. The other dramatically reduced the costs of maintaining and delivering software. This page is about both parts of the revolution.
Open Source Software
During the early days of computing, software came free with hardware. In later years, companies began charging separately for software and a multi-billion dollar market emerged. With the advent of Software as a Service (“SaaS”), one-time fees became yearly subscriptions, which continue in perpetuity. In each case, the source code for the software being licensed remained with the publisher. Some called it “closed source” software.
In the nineties, a Finnish data scientist by the name of Linus Torvalds released an alternative to the UNIX operating system which he called Linux. He did so under the free GNU Public License, which made the underlying source code available for other developers to extend and improve on a collaborative basis. Within a matter of years, Linux became the leading operating system used across the Internet.
People soon began calling this practice “open source” to emphasize that the software was not only free, but included the program source code, modifiable by the recipient. This was a big step. Suddenly volunteer developers located anywhere in the world could collaborate on new releases, or even branch the code into different versions. As we moved into the twenty-first century, this open collaboration became a key part of software development. In the case of Linux, to pick one example, more than 15,600 developers collaborated over the years to extend and enhance its code base.
Today more than 80% of the world’s Internet web servers run on open source software. Many programs use open source databases such as MySQL (now owned by Oracle) or PostgreSQL to manage program data. For full-text search, they use Lucene, or its offspring: ElasticSearch and Solr. The programming languages they use to develop these applications and many other proprietary programs are open source as well. Even the browser you are using to review this article is likely to be open source. Firefox is a product of the Mozilla Organization. Google’s Chrome browser came from its Chromium open source project. Microsoft’s new Edge browser, is based on Chromium as well.
Why Open Source?
Why might a legal department or law firm use open source software? There are several reasons.
1. The Right Software for the Job
In many cases, the open source product is the best choice available. How could this be? The answer lies in the power of worldwide collaboration. Talented and committed developers from around the world regularly get involved in open source projects and work to make the code better and more feature rich than small proprietary teams can match. Law firms and legal departments are starting to share software through open source licenses as a service to the profession and because they expect to benefit as others make improvements. Legal departments and academic organizations are looking to open source projects that don’t go to the core of their business but solve problems that other organizations face as well.
A second advantage is that open source software can be modified to fit specific needs. Once you download the source code, it can be a simple matter to extend or enhance the code. These new features are often contributed back to the original project which is what makes open source so vibrant and feature rich.
Licensing costs can add up quickly, especially for larger computing needs. Open source applications are licensed for free. To be clear, free does not mean without costs. All software has to be installed, configured, managed and supported. But at the least, there are no license fees to be paid.
Are these applications secure? Yes. Properly developed open source software can be just as secure as commercial software. In many cases it can be more secure because it has been reviewed and tested by a broad group of individuals who also have an interest in secure code. Open source software that has come from reputable developers or a well-established collaboration project has proven to be just as secure as proprietary software.
5. Enterprise Versions
Some companies offer paid “enterprise” versions of open source software, which may alleviate concerns about security and reliability. Red Hat, for example, charges for its distribution of Linux, offering support, bug fixes, customization and enhanced security. (IBM recently bought the company for $54 billion.) Likewise, many open source database and search providers offer enterprise versions that include support, security checking, customization and even hosting services. Companies pay a monthly or yearly fee for enterprise services, but get an added level of support and comfort in return.
Ultimately, many of the largest technology companies in the world have joined the open source movement. Google, for example, has placed over 2000 of its software projects into the open source community. Microsoft has also gotten active in the open source community, making thousands of its software projects open. Amazon is also a part of the community contributing hundreds of open source projects over the past decade.
Public Cloud Computing
The second revolution in computing began with Jeff Bezos realized that Amazon was not only good at selling books, but also at computing infrastructure. In the mid-2000s, Amazon launched what it called Amazon Web Services (“AWS”) to offer cloud computing in a new kind of way.
What is the cloud?" Originally it was a term for the Internet, which consisted of millions of servers spread across the world. It originated from the cloud symbol used in flow charts and diagrams to symbolize the Internet. The notion was that any Web-connected computer has access to a pool of computing power, applications and files.
Private Cloud: In the beginning, companies offered space in colocation facilities which could be used to house computers and networking equipment. The colocation facilities offered secure cabinets or cages to hold hardware along with cooling, lights, fire suppression and one or more pipes to the Internet. Companies and law firms alike saw the benefits in housing their servers at a colocation facility, rather than try to build their own facilities. This became known as private cloud computing.
SaaS: As a next step in the evolution of cloud computing, companies began offering what became known as Software as a Service (SaaS). Under this model, a software or services company host the software at their facilities (typically a colocation center) instead of sending a CD-ROM for a local install. In exchange for a monthly subscription fee, clients got computing services without having to install, manage or support the software itself. Office 365 is SaaS software, for example. Most e-discovery software is also offered on a SaaS basis as well.
Public Cloud: With AWS, Amazon turned the hosting paradigm upside down, inventing what many call the public cloud. As an alternative to colocation facilities, Amazon offered storage networks and computing power directly to the consumer—at rock bottom prices. Suddenly, users could securely store gigabytes of data for pennies a month. They could also call up one or hundreds of servers to run their programs. Equally important, they could turn off the servers when they were finished, reducing costs. And all of it could be done with a credit card, no long-term leases to sign.
Rise of the Public Cloud
Public cloud computing immediately became popular with developers and researches. More than 150,000 customers signed up with Amazon when it opened for business. Computing happened in secure but absolutely private AWS data centers which increasingly were located around the world. As of Fall 2019, for example, there were 69 AWS data center zones in 23 geographic regions with announced plans for three more regions in Cape Town, Jakarta and Milan. These centers, all networked together, hold millions of servers, with virtually unlimited processing and storage capacity.
As Amazon built data centers around the world, it also started adding services you could use to support or supplement your computing needs. Along with computing and storage services, AWS began adding ready to use databases, AI and analytics tools, developer tools, deployment management, email services and a lot more. As of 2019, AWS offered at least 165 different services which developers can integrate into their applications. These typically run for a fraction of the cost of building and provisioning separate software and they are integrated into the AWS offering.
Recently Amazon announced that it had a million active customers in 190 countries, including nearly 2,000 government agencies, 5,000 education institutions and more than 17,500 nonprofits.
Other Public Clouds: While Amazon paved the way for public cloud computing, the other major technology companies eventually followed suit. Google, for example, has jumped into public cloud computing by offering infrastructure, storage and compute services through the Google Cloud. Likewise, Microsoft jumped into the fray with Azure, a public cloud computing platform that integrates with Office 365. Lesser players in the market include IBM with its own public cloud offering, the Oracle Cloud, and a few others. AWS, Microsoft and Google make up the big three.
Is the public cloud secure?
Initially, many organizations were leery about using the public cloud due to security concerns. Today, an increasing number of organizations including state agencies and the U.S. government have realized that public cloud facilities maintained by the likes of Amazon, Google and Microsoft provide equal or even greater security than most private facilities. Here is why.
1. Physical Security
Like their colocation counterparts, public cloud providers maintain highly-secure facilities which are locked and monitored at all times. Arguably public cloud facilities are more secure than private cloud providers because their locations are not publicly disclosed and customers are not allowed to enter the facilities. Only well-screened employees are allowed to enter and then only on a strict need to access basis.
Major public cloud providers deal with government agencies and other large entities around the world. As a result, they need to carry an extensive list of security certifications from multiple ISO badges, to fedramp (U.S. government required), to PCI, HIPAA, SOC and dozens of others. AWS, for example, carries over 25 U.S and international audit certifications. Google carries a similar number of badges, many of which require extensive third-party audits to ensure the companies are following security best practices. Microsoft’s Azure public cloud matches up on security practices as well.
Most colocation facilities are audited and carry a range of security certifications as well. However, few can match the depth and breadth of security measures provided by public cloud companies. By this measure, public cloud computing is at least as, if not more, secure than the alternatives.
All three of the major public cloud providers offer encryption in transit and at rest standard. Encryption protects against physical incursion as well as employee malfeasance. Even if an intruder or employee manages to access an encrypted hard drive, nothing will come of it because the encrypted data is unreadable.
Amazon, for example, allows you to encrypt data when it is stored using the same advanced encryption methods that are used by the U.S. government. The data is encrypted before it is saved to disk and decrypted when downloaded by an authorized user. Encryption keys can be maintained by the client rather than the cloud provider. The other members of the big three, Microsoft and Google, offer similar encryption options.
In contrast, colocation providers leave it to their customers to determine whether data is encrypted on their servers. If you are using a colocation provider, you will have to encrypt your own data if you want to match the security offered in a public cloud environment.
5. Security Services
The big three public cloud providers each offer a host of other security services to help protect data. AWS, for instance offers dozens of services that can be used to protect data. Microsoft and Google offer similar levels of protection.
Most colocation providers, while undoubtedly secure, don’t have the size or scale to match these kinds of offerings. Once again, the conclusion has to be that the public cloud provides equal or more security than equivalent colocation providers.
Thus, the answer to the question is yes. Public cloud platforms are as secure or more secure than colocation facilities.
why cloud for legal?
Many legal organizations are moving to the public cloud because of the advantages it offers for their systems.
Speed: Public cloud providers link their data centers with dedicated fiber, while provisioning each with multiple connections to the Internet itself. AWS also provides edge servers for local access to ensure the highest-speed connection possible.
Scalability: Applications can be scaled from one computer to thousands with a click of a mouse. And scaled back down when the need has been met.
Simplicity: Using the public cloud eliminates the need to buy, configure and manage hardware, storage and many software services.
Security: Major public cloud providers are the leaders in physical security, best practices and security certifications.
Redundancy: Documents and data can be stored multiple times within a region or across regions. The entire application environment can be mirrored to different regions for high availability performance as well.
Geography: Cloud providers can initiate programs from and store data in any of their centers. This allows clients to store EU data in the EU, Australian data in Australia, Chinese data in China and U.S. data in the United States.
Reduced Costs: In most cases, cloud providers offer lower costs for their services than you can get at a colocation facility, particularly if your computing needs are variable and you don’t want to do your own staffing and network support.
The advantages are sufficiently strong that many SaaS providers use the public cloud in lieu of provisioning their own servers. Netflix, for example, stores massive amounts of data with AWS, and runs billions of transaction. Over 5,000 public agencies use the AWS as well. Google cloud customers include the megabank HSBC, Target, Twitter, Bloomberg, and eBay, to name a few. And Microsoft boasts many thousands of customers (outside Office 365) including Adobe, HP, Presence Health, and NBC News.
According to IDC, “worldwide spending on public cloud services and infrastructure will more than double over the 2019-2023 forecast period.” IDC predicts public cloud spending will grow from $229 billion in 2019 to nearly $500 billion in 2023, a a five-year growth rate of 22.3%.
Powering the Future
Open source software and public cloud computing have had a huge impact on modern computing. The open source revolution changed how we create software. The public cloud revolution changed how we deliver it. We link the two because open source software became the driving force that powered the public cloud. Together they are fueling a breakthrough in efficiency and cost effectiveness that looks to sweep across the legal profession next. The Merlin Foundation’s mission is to fan the flames and support the revolution.