Public Cloud Computing
The second revolution in computing began with Jeff Bezos realized that Amazon was not only good at selling books, but also at computing infrastructure. In the mid-2000s, Amazon launched what it called Amazon Web Services (“AWS”) to offer cloud computing in a new kind of way.
What is the cloud?” Originally it was a term for the Internet, which consisted of millions of servers spread across the world. It originated from the cloud symbol used in flow charts and diagrams to symbolize the Internet. The notion was that any Web-connected computer has access to a pool of computing power, applications and files.
Private Cloud: In the beginning, companies offered space in colocation facilities which could be used to house computers and networking equipment. The colocation facilities offered secure cabinets or cages to hold hardware along with cooling, lights, fire suppression and one or more pipes to the Internet. Companies and law firms alike saw the benefits in housing their servers at a colocation facility, rather than try to build their own facilities. This became known as private cloud computing.
SaaS: As a next step in the evolution of cloud computing, companies began offering what became known as Software as a Service (SaaS). Under this model, a software or services company host the software at their facilities (typically a colocation center) instead of sending a CD-ROM for a local install. In exchange for a monthly subscription fee, clients got computing services without having to install, manage or support the software itself. Office 365 is SaaS software, for example. Most e-discovery software is also offered on a SaaS basis as well.
Public Cloud: With AWS, Amazon turned the hosting paradigm upside down, inventing what many call the public cloud. As an alternative to colocation facilities, Amazon offered storage networks and computing power directly to the consumer—at rock bottom prices. Suddenly, users could securely store gigabytes of data for pennies a month. They could also call up one or hundreds of servers to run their programs. Equally important, they could turn off the servers when they were finished, reducing costs. And all of it could be done with a credit card, no long-term leases to sign.
Rise of the Public Cloud
Public cloud computing immediately became popular with developers and researches. More than 150,000 customers signed up with Amazon when it opened for business. Computing happened in secure but absolutely private AWS data centers which increasingly were located around the world. As of Fall 2019, for example, there were 69 AWS data center zones in 23 geographic regions with announced plans for three more regions in Cape Town, Jakarta and Milan. These centers, all networked together, hold millions of servers, with virtually unlimited processing and storage capacity.
As Amazon built data centers around the world, it also started adding services you could use to support or supplement your computing needs. Along with computing and storage services, AWS began adding ready to use databases, AI and analytics tools, developer tools, deployment management, email services and a lot more. As of 2019, AWS offered at least 165 different services which developers can integrate into their applications. These typically run for a fraction of the cost of building and provisioning separate software and they are integrated into the AWS offering.
Recently Amazon announced that it had a million active customers in 190 countries, including nearly 2,000 government agencies, 5,000 education institutions and more than 17,500 nonprofits.
Other Public Clouds: While Amazon paved the way for public cloud computing, the other major technology companies eventually followed suit. Google, for example, has jumped into public cloud computing by offering infrastructure, storage and compute services through the Google Cloud. Likewise, Microsoft jumped into the fray with Azure, a public cloud computing platform that integrates with Office 365. Lesser players in the market include IBM with its own public cloud offering, the Oracle Cloud, and a few others. AWS, Microsoft and Google make up the big three.
Is the Public Cloud Secure?
Initially, many organizations were leery about using the public cloud due to security concerns. Today, an increasing number of organizations including state agencies and the U.S. government have realized that public cloud facilities maintained by the likes of Amazon, Google and Microsoft provide equal or even greater security than most private facilities. Here is why.
1. Physical Security
Like their colocation counterparts, public cloud providers maintain highly-secure facilities which are locked and monitored at all times. Arguably public cloud facilities are more secure than private cloud providers because their locations are not publicly disclosed and customers are not allowed to enter the facilities. Only well-screened employees are allowed to enter and then only on a strict need to access basis.
Major public cloud providers deal with government agencies and other large entities around the world. As a result, they need to carry an extensive list of security certifications from multiple ISO badges, to fedramp (U.S. government required), to PCI, HIPAA, SOC and dozens of others. AWS, for example, carries over 25 U.S and international audit certifications. Google carries a similar number of badges, many of which require extensive third-party audits to ensure the companies are following security best practices. Microsoft’s Azure public cloud matches up on security practices as well.
Most colocation facilities are audited and carry a range of security certifications as well. However, few can match the depth and breadth of security measures provided by public cloud companies. By this measure, public cloud computing is at least as, if not more, secure than the alternatives.
All three of the major public cloud providers offer encryption in transit and at rest standard. Encryption protects against physical incursion as well as employee malfeasance. Even if an intruder or employee manages to access an encrypted hard drive, nothing will come of it because the encrypted data is unreadable.
Amazon, for example, allows you to encrypt data when it is stored using the same advanced encryption methods that are used by the U.S. government. The data is encrypted before it is saved to disk and decrypted when downloaded by an authorized user. Encryption keys can be maintained by the client rather than the cloud provider. The other members of the big three, Microsoft and Google, offer similar encryption options.
In contrast, colocation providers leave it to their customers to determine whether data is encrypted on their servers. If you are using a colocation provider, you will have to encrypt your own data if you want to match the security offered in a public cloud environment.
4. Security Services
The big three public cloud providers each offer a host of other security services to help protect data. AWS, for instance offers dozens of services that can be used to protect data. Microsoft and Google offer similar levels of protection.
Most colocation providers, while undoubtedly secure, don’t have the size or scale to match these kinds of offerings. Once again, the conclusion has to be that the public cloud provides equal or more security than equivalent colocation providers.
Thus, the answer to the question is yes. Public cloud platforms are as secure or more secure than colocation facilities.
Why Cloud for Legal?
Many legal organizations are moving to the public cloud because of the advantages it offers for their systems.
Speed: Public cloud providers link their data centers with dedicated fiber, while provisioning each with multiple connections to the Internet itself. AWS also provides edge servers for local access to ensure the highest-speed connection possible.
Scalability: Applications can be scaled from one computer to thousands with a click of a mouse. And scaled back down when the need has been met.
Simplicity: Using the public cloud eliminates the need to buy, configure and manage hardware, storage and many software services.
Security: Major public cloud providers are the leaders in physical security, best practices and security certifications.
Redundancy: Documents and data can be stored multiple times within a region or across regions. The entire application environment can be mirrored to different regions for high availability performance as well.
Geography: Cloud providers can initiate programs from and store data in any of their centers. This allows clients to store EU data in the EU, Australian data in Australia, Chinese data in China and U.S. data in the United States.
Reduced Costs: In most cases, cloud providers offer lower costs for their services than you can get at a colocation facility, particularly if your computing needs are variable and you don’t want to do your own staffing and network support.
The advantages are sufficiently strong that many SaaS providers use the public cloud in lieu of provisioning their own servers. Netflix, for example, stores massive amounts of data with AWS, and runs billions of transaction. Over 5,000 public agencies use the AWS as well. Google cloud customers include the megabank HSBC, Target, Twitter, Bloomberg, and eBay, to name a few. And Microsoft boasts many thousands of customers (outside Office 365) including Adobe, HP, Presence Health, and NBC News.
According to IDC, “worldwide spending on public cloud services and infrastructure will more than double over the 2019-2023 forecast period.” IDC predicts public cloud spending will grow from $229 billion in 2019 to nearly $500 billion in 2023, a a five-year growth rate of 22.3%.