'Much has been made of the concept of “Web 2.0″ and SaaS (Software as a Service). SaaS has many names, Cloud-Computing, On-demand applications, On-demand software, Hosted Services or Hosted Software, but the point is that the software itself is not run on your computer, it is run on a large server. 
Instead of buying a program, upgrading your computer so you can run the software and ensuring you have enough storage to save the data on your machine, all the time knowing it is simply a matter of time before you have to purchase an upgrade of the software, Saas usually entails a monthly fee which includes free updates to the software as it becomes available. Additionally, all necessary hard drive space, hardware upgrades and technical support are included in your monthly fee. Thus your data is accessible anywhere there is Internet access no matter the computer’s operating system (Mac/PC/Linux), speed, memory or capabilities, even from your phone without purchasing any new hardware or software.
Google, Microsoft and Adobe are all moving towards offering their main applications through SaaS (see Microsoft’s interest, Google Apps and Adobe Air). If the experts are right, one day you’ll simply have a computer which connects to the Internet, run Windows from Microsoft’s servers (with the most up-to-date patches, security and anti-virus automatically done) and use all of your applications and documents which are stored on a large server farm in Idaho.
In the legal market, there are many companies vying to gain the attention of lawyers such as VLOTech, RocketMatter and Clio. The problem these companies are running into, besides lawyers being unnecessarily squeamish about their data not being on their computers/servers, is the question of the ethics of such off-loading of confidential and sensitive client data.
Fortunately, several lawyers have queried progressive state bar associations in an attempt to push their respective state’s forward ahead of this growing trend. In a recent Proposed Ethics Opinion from the North Carolina State Bar, the concept of a web-based law firm mangement system was addressed:
The use of a web‑based management system that allows both the law firm and the client access to the client’s docketing information or other information in the client’s file is permissible provided the lawyer can fulfill his obligation to protect the confidential information of all clients. A lawyer must take steps to minimize the risk that confidential client information will be disclosed to other clients or to third parties. See RPC 133 and RPC 215. It is not acceptable for one client to have access to another client’s information absent client consent. This risk is not cured by an agreement from a client or a client’s in‑house counsel not to view the confidential information of another client. A security code access procedure that only allows a client to access its own confidential information would be an appropriate measure to protect confidential client information.
If the law firm will be contracting with a third party to maintain the web‑based management system, the law firm must ensure that the third party also employs measures which effectively minimize the risk that confidential information might be lost or disclosed. See RPC 133.Â