Know Your Cloud: Demystifying Cloud Terminology for Legal Professionals

One thing that forward-thinking law firms seem to agree on is that they need to move their critical business systems to the cloud. If the sizeable investments of tech giants like Amazon, Google, and Microsoft in cloud technology are any indication, cloud computing will be a dominant technology for the foreseeable future. So, the instincts of these firms are correct.

One particularly daunting aspect of the migration to cloud applications is the flood of cloud terminology. The list of terms is long, and the distinctions are often quite subtle. To make matters worse, cloud terms often get used imprecisely and indiscriminately, which effectively blurs the important and fine-grained distinctions.

In some cases, this imprecision is harmless, but in others the inaccuracy can have huge implications for the future of your law firm.

To help you navigate these issues, let’s look at some of the essential cloud computing terms. Armed with the knowledge of what these key terms mean and, more importantly, what they don’t mean, you will be better equipped to choose the right cloud solutions.

Cloud Computing as a Technology

Cloud computing is fundamentally the delivery of technology services over the internet. Cloud service providers such as Microsoft Azure, Amazon Web Services (AWS), or Google Cloud own and manage the computing hardware, data storage, and virtual servers that are needed to provide the cloud services, and you, the consumer, pay to access and use the computing resources.

The following terms are all used, often interchangeably, to mean computing services accessed over the internet:

• cloud

• cloud computing

• cloud technology

• cloud infrastructure

Under the broader theme of cloud computing, you will also encounter distinct terms for the cloud deployment models and the cloud service models. Some of these terms will be familiar to you even if you haven’t spent much time learning about cloud computing.

The Different Cloud Deployment Models

There are a handful of ways that cloud service providers deploy their cloud services to customers. The three primary deployment models are private cloud, public cloud, and hybrid cloud, but you may find one or two additional models listed depending on the source.

• Private cloud: A private cloud is a cloud environment dedicated to a single consumer. It can be managed by the consumer, much like a traditional on-prem server would be, or a cloud provider can build a dedicated private cloud, which is accessed through a private connection.

• Public cloud: A public cloud deployment is a cloud environment where multiple users share computing resources. The infrastructure is built and managed by cloud service providers, such as AWS, Azure, or Google, and it’s accessed over the internet.

• Hybrid cloud: A hybrid cloud is an environment that uses both public and private clouds. The clouds are connected so data can flow between them as necessary, but they otherwise remain distinct. Hybrid cloud environments are quite common, especially in industries with strict data regulations.

Potential Confusion in Cloud Deployment Terms

When we’re looking at these cloud deployment models, the biggest point of confusion has to do with security. In everyday speech, private often implies more secure. However, when we’re talking about cloud deployment models, the words private and public only refer to the number of consumers allowed to use the computing resources. They do not imply anything about the security of that cloud model.

In fact, cloud service providers maintain strict security measures across the board. Microsoft Azure, for example, which serves as the backbone of Elite’s own SaaS platform, uses the Zero Trust security framework to ensure strict identity verification, least privilege access, and advanced threat protection across all layers.

It’s common to assume that the security measures of a cloud service provider also protect commercial SaaS applications—but this is not true. Cloud computing is distributed by nature and operates on a shared responsibility security model, meaning each point in the chain from cloud service provider to SaaS provider to end user must implement the appropriate security measures. Elite, for example, follows the lead of Microsoft Azure and also implements the Zero Trust security framework for its SaaS application. This multi-layered security approach is a benefit of cloud applications, but only if the application provider takes security seriously.

The Different Cloud Service Models

Cloud service models broadly relate to how the consumer and provider distribute between themselves the responsibility for managing the computer infrastructure. With a legacy on-prem computer system, the consumer is 100% responsible for building, securing, and maintaining their IT resources. With cloud services, consumers can determine how much of this burden to shift to the cloud service provider by choosing between three cloud service models.

• Infrastructure-as-a-Service (IaaS): In this model, consumers are only paying for processing, storage, networks, and other core computing resources, which the cloud service provider owns and maintains. The consumer is responsible for the operating systems, database management, and any applications or software.

• Platform-as-a-Service (PaaS): This model shifts more of the burden to the cloud service provider. PaaS cloud services are most often used by developers to build or customize commercial applications, so law firms are unlikely to use them.

• Software-as-a-Service (SaaS): In this model, the burden is placed almost entirely on the cloud service provider. The customer is responsible for the data entered and the users and devices allowed access to the system, but the cloud provider takes care of everything else. When most consumers think about cloud services, they are thinking about SaaS products, like Microsoft 365, Gmail, or another web-based software.

Law firms are increasingly adopting SaaS applications for their critical business systems in lieu of the traditional on-prem environment for numerous reasons. First, from a functional perspective, cloud applications offer greater scalability, agility, and security than their on-prem counterparts. Second, when a core business system is moved from the on-prem environment to a SaaS application, the entire burden associated with running that application shifts from the firm to the SaaS provider, which reduces overhead costs.

Important Terms in Cloud-Based Software Development

Yet another point of potential confusion is the label “cloud-based,” which, as an umbrella term used for software delivered over the internet, comprises two broad categories: cloud-native applications and cloud-hosted applications. Although both cloud-native and cloud-hosted applications can be described as cloud-based, they are fundamentally different approaches to software development.

Cloud-native applications are built from the ground up to be delivered and thrive in a cloud environment, while cloud-hosted applications modify legacy architecture to work in a cloud environment. As a result of this shoehorning, cloud-hosted applications (often referred to as “lift-and- shift” applications) don’t offer the same level of scalability, performance, or security as cloud-native SaaS applications.

Cloud-Native Applications

Cloud-native applications are developed and optimized to run in a cloud environment and to capitalize on the elasticity and distributed nature of the cloud. Cloud-native applications are designed with a distributed microservices architecture. The individual microservices work together through a series of application programming interfaces (APIs) to deliver the full application.

Since these microservices are independent modules, they can be deployed, updated, and scaled individually without affecting the performance of the application as a whole. The distributed architecture also has positive security benefits since the vulnerabilities in one module won’t necessarily compromise the entire application.

Cloud-Hosted or Cloud-Enabled Applications

Cloud hosted may seem like a synonym of cloud native, but it is not. Cloud-hosted or cloud-enabled applications are traditional on-prem applications that have been modified enough that they can run in a cloud environment. Instead of rebuilding the application with a microservices architecture, the developers have performed a lift-and-shift migration of the existing application into a cloud environment.

This approach can negatively affect the performance and security of the application since it’s not designed to compartmentalize data or segregate application functions.

A cloud-hosted application that is simply lifted and shifted often struggles to integrate seamlessly into the cloud environment. It may function, but much like a square peg that’s been sanded just enough to fit into a round hole, it will never quite fit right. Without being rearchitected for the cloud, it won’t fully leverage the cloud’s capabilities or align with its infrastructure.

Single-Tenant and Multi-Tenant Architecture

Two additional terms that are important to know are single-tenant and multi-tenant. In short, tenancy refers to the number of users, or tenants, per software instance.

With a single-tenant architecture, each tenant has their own instance of the software or infrastructure. Because the provider must build, maintain, and secure multiple software instances, single-tenant applications take more time to deploy, are more difficult to update, and are more expensive.

Multi-tenant applications, on the other hand, operate on the principle of resource sharing which lies at the heart of cloud computing. Multi-tenancy is the key to achieving scalability, efficiency, agility, and lower costs. A multi-tenant architecture offers a single software instance to multiple customers. While tenants share core elements of the application, each tenant’s data is kept isolated from and inaccessible to all other tenants.

Know Your Cloud

The truth is that some products and services add the cloud label to capitalize on the popularity of cloud technology—“AI” occasionally has this problem as well. If you rush to adopt cloud solutions in your law firm—or any new technology, for that matter—without properly vetting and assessing them, you may choose a product or service that is not what you expected or, worse, actively inhibits your ability to innovate and grow. You can avoid this pitfall by having a solid understanding of the basic terms and concepts of cloud computing. While we haven’t listed all the cloud computing terms you may encounter, this overview will prepare you to assess solutions and make informed decisions about what cloud products to adopt in your law firm.