In a post here one year ago, Catalyst CEO John Tredennick wrote about draft recommendations on cloud computing issued by the National Institute of Standards and Technology (NIST). As John noted then, “the NIST team set out to write a primer on the cloud—types, deployment models, service models, cloud security and, ultimately, the benefits of cloud computing.”

Now, NIST has published final version of its recommendations, Cloud Computing Synopsis and Recommendations, an 81-page guide to cloud computing. Notably, the guide endeavors to explain cloud systems in plain language. It covers how clouds are deployed, what kinds of cloud services are available, the economic considerations, the technical characteristics such as performance and reliability, typical terms of service, and security issues.

The document’s purpose is to provide recommendations for IT decision makers. NIST offers recommendations for how and when cloud computing is appropriate to use, and it explores both strengths and weaknesses of the cloud.

Nothing in the report specifically addresses cloud computing in the legal environment or the use of the cloud in e-discovery, with one exception. In the report’s concluding recommendations, NIST includes this: “Consumers should investigate whether a provider can support ad hoc legal requests for: (1) e-Discovery, such as litigation freezes, and (2) preservation of data and meta-data.”

Although not specifically addressed to the legal industry, one section of the report of interest to many legal professionals will be the one that addresses Software-as-a-Service cloud systems. These SaaS systems are those where software is deployed as a hosted service and accessed by the end user over the Internet via a Web browser. This is how Catalyst deploys its e-discovery technology and it is increasingly how lawyers are accessing all sorts of software, from practice-management systems to collaboration tools.

Greater Efficiency and Performance

“Compared with traditional computing and software distribution solutions, SaaS clouds provide scalability and also shift significant burdens from consumers to providers, resulting in a number of opportunities for greater efficiency and, in some cases, performance,” the NIST report says. It describes five key benefits of SaaS clouds:

1. Very modest software tool footprint. Because no client-side software is required (except for the Web browser that everyone already has), SaaS systems are convenient and efficient. NIST notes that SaaS applications can be accessed without waiting for complex installation procedures and that users incur fundamentally reduced start-up costs. And unlike shrink-wrapped software, SaaS systems pose little risk of interfering with desktop configurations.
2. Efficient use of software licenses. SaaS systems “dramatically reduce” license-management overheads. Consumers can employ a single license on multiple computers at different times, instead of having to purchase extra licenses for separate computers.
3. Centralized management and data. The majority of data managed by a SaaS application resides on the servers of the cloud provider. “This logical centralization of data has important implications for consumers,” NIST says. One is that the SaaS provider can provide professional management of the data and its security. Another is that the data is available to the consumer on demand, providing greater convenience and reduced risk of data loss or theft.
4. Platform responsibilities managed by providers. Under the SaaS model, all the headaches of managing the data infrastructure belong to the SaaS provider, not to the consumer. “Consumers need not be distracted by which operating system, hardware devices or configuration choices, or software library versions underlie a SaaS application,” NIST explains. Further, all software and hardware upgrades occur on the server side, so consumers get all the benefits of the upgrades without any of the hassles.
5. Savings in up-front costs. With a SaaS application, a consumer can get started without any up-front costs for equipment acquisition and installation. In addition, going forward, SaaS systems are scalable, providing the consumer with both flexibility and efficiency going forward.

While NIST sees many benefits in the SaaS model of cloud computing, one concern it expresses is with the potential vulnerability of some Web browsers. “Although browsers encrypt their communications with cloud providers, subtle disclosures of information are still possible,” NIST cautions. Another area of concern for some consumers is that the SaaS model depends on the reliability of the consumer’s network connection.

Overall, NIST recommends that the SaaS model is particularly well suited to use for “business logic” applications, such as invoicing, funds transfer and inventory management; for collaboration, either within or between organizations; for office productivity, including word processing, spreadsheets, presentation programs and database programs; and for software support and development, such as format conversion tools, security scanning and analysis, and compliance checking.

The Bottom Line

When John wrote about NIST’s draft report a year ago, he noted that cloud computing was still relatively new to the legal community. A year later, cloud computing is gaining wider and wider acceptance and popularity. There are good reasons for that, as this latest NIST report makes clear.

To me, the key to the cloud’s growing popularity is in the name “Software as a Service.” The operative word there is “service.” Client-side systems are too often laden with hassles — from unintelligible shrink-wrap agreements to trouble-prone installations to ongoing updates and maintenance. Technology that is supposed to solve a problem is too often the source of a whole new set of problems.

With SaaS, that equation is flipped. The consumer gets the functionality without having to deal with any of the dysfunctionality. What the consumer wants is service, and with the SaaS model, that’s what the consumer gets.