LAWTECH The Law Technology Magazine
Issue 2 | February 2015
Insights from Law + Tech experts Are you ready for upcoming EU regs?
How the Rouse Group repels boarders
Commoditise to cut costs but maintain quality
Steve Gold (1956-2015) In the week that he would have been 59, our editor, Steve Gold, died from complications following heart surgery. Only a few days before the operation, he called the office to say that he fully expected to return to work in a few weeks. It wasn’t to be. The team was devastated both personally and professionally. Although they’d only produced a single issue of LawTech magazine together, everyone had discovered what a kind, friendly and talented man Steve was. Almost exactly thirty years ago, he became famous for accessing Prince Philip’s Prestel message box. He and his colleague thought it best to report that they’d been able to break into the system. For their troubles, they were arrested and convicted for offences under the Forgery & Counterfeiting Act. On appeal, the High Court overturned the conviction. The prosecution appealed, unsuccessfully, to the Lords where the judgement was based on the fact that they made no material gain from their (transient) activities. This case led directly to the creation of The Computer Misuse Act in 1990. Not surprisingly, Steve went on to become a leading security authority and speaker, as well as being a prolific writer on many other technology subjects. He held a number of editorial positions in a range of respected publications. And he co-founded at least two – SC Magazine (secure computing) and Newsbytes (a newswire service), both of which were sold to large publishing companies. A tribute such as this cannot possibly do justice to the life and career of this highly respected and universally liked man. You’ll find an additional note in the editorial of this issue, suggesting how you can learn more. We already miss you Steve. RIP
CONTENTS
8
16
38
REGULARS 4 5
Editorial - Welcome to the LawTech family News – What’s happening in your world
BETTERBUSINESS 12 20 34 36
Key considerations when implementing an ERP-style business management system How to seek out the best PR for your budget… Are you ready for the upcoming EU General Data Protection Regulation? How Generation Y is shaking up the legal contact centre
CASESTUDY 26 How a major law firm protects its most vital information 28 How Proclaim helped three firms
ITSYSTEMS 16 An insider’s view of the risks that law firms face from focused hacker attacks. 24 How a law firm and its users shield themselves from email-borne dangers 38 Why virtualisation may cause legal and regulatory headaches...
LEGALTECHNOLOGY 33 Secure data transfer gives legal professionals peace of mind
OPINION 8 How new technologies can make your law firm more efficient 30 Keep hackers at bay with two-part authentication
LAWTECH February 2015
3
EDITORIAL
Publisher: Partha Goswami partha@lawtechmagazine.com Editor: David Tebbutt david@lawtechmagazine.com Advertising Sales: Robert Handley robert@lawtechmagazine.com Design: Andy Beavis andy@lawtechmagazine.com The views expressed in the articles and technical papers are those of the authors and are not endorsed by the publishers. The author and publisher, and its officers and employees, do not accept any liability for any errors that may have occurred, or for any reliance on their contents. All trademarks and brand names are respected within our publication. However, the publishers accept no responsibility for any inadvertent misuse that may occur. This publication is protected by copyright © 2014 and accordingly must not be reproduced in any medium. All rights reserved. ISSN 2055-6608 Printed by Buxton Press Limited, Palace Road, Buxton, Derbyshire SK17 6AE Arjun Media 26 St Thomas Place, Cambridge Business Park, Ely, Cambridgeshire CB7 4EX Tel: 01353-644-056
4
LAWTECH February 2015
Welcome to the LawTech family
W
elcome to the second issue of LawTech magazine. If you’re responsible for, or interested in, technology for your law firm then you’ve come to the right place. We are fanatical about both subjects. We try to find experts in the field and in the user community who can share their insights with you while resisting the urge to blow their own trumpets. We figure that, if you enjoy and learn from what you’re reading, you’ll want to find out more about the writer or the systems they use. In editorial terms, we always put your interests first. Before I go on, I would like to pay tribute to Steve Gold who was editor of this magazine. He became seriously ill in December and, shockingly, died in January following surgery. If you Google his name, you will find many tributes to this lovely man. I feel privileged to step into his shoes. (Hint: type “Steve Gold” -singer to get the right Steve Gold. That’s a minus before singer.)
Steve was something of an expert on computer security so it seems fitting that this topic is well represented in this issue. You may be surprised to find an article on finding a legal PR firm. We included this to relieve slightly the technology diet and because we realise that many of our readers have wider responsibilities within their organisations. Although this is a paper title, we’d like to feel we can build a community around it. So, if you have a tale to tell that you think would interest our readers, or if you simply want to share your thoughts with us, please drop me a line and we’ll see what we can work out together. Please enjoy this issue of LawTech magazine, and we look forward to hearing from you. David Tebbutt Editor - LawTech Magazine
NEWS
Important diary date: March 17
Hats off to Netlaw Media for organising what promises to be an excellent legal technology event in London on March 17. It’s called ‘The British Legal Technology Forum 2015’ and you’ll find it in The Old Billingsgate. It will sport fifty speakers on three stages and expects to attract about 1200 attendees. The exhibition area is over 2000 square metres and the conference side will feature traditional sessions, keynote presentations, panel discussions, knowledge sessions, interviews, debates and interactive demonstrations. More information at www. britishlegalitforum.com
categories of Document Scanning, Print Management, Cost Recovery and Speech Recognition Solutions. The report ranked its eCopy ShareScan the number one document scanning workflow software; its Copitrak and Equitrac Professional as the two leading cost recovery solutions; and its Dragon NaturallySpeaking, Dragon Dictate desktop and Dragon Dictation mobile offerings as the leading speech recognition solutions. Even its PDF solution, Nuance PDF Pro came second.
10 offices throughout the UK, Europe and the rest of the world. Robert Surridge, Head of Debt Recovery at Fieldfisher, commented,“ With Proclaim we can enhance our efficiency, removing administrative overheads, freeing up more quality time to better understand our client’s needs – it’s this knowledge and understanding that helps set us apart from the competition.”
More information at www.iltanet.org and www.nuance.co.uk
www.eclipselegal.co.uk/news/ fieldfisher-chooses-proclaim/
CyberSecurity & Champagne: Feb 25
Encode Group, in association with LawTech magazine and IBM, invites you to learn about CyberSecurity threats and remedies at a drinks reception at 5 Chancery Lane on February 25th. Champagne reception starts at 4:00. During the presentation session you will be taken inside the mind of a threat actor, so you understand their motivations and techniques. You will also learn about the Kill Chain which lies at the heart of your protection strategy. Q&As then canapés follow. Apply for your place at www.encode. london/cybersecurity/
Blatant favouritism Nothing Nuanced about this result
Every year the International Legal Technology Association asks its members to rate the technologies they use. Hundreds of law firms respond, representing hundreds of thousands of users. At 301 pages the report is a hefty tome – at least it would be if it were printed but it’s available at www.iltanet. org/Downloads/2014-Tech-Survey.pdf Speech and imaging company Nuance comes out particularly well in its specialist
Nicely put, sir.
Okay, I confess that I’ve included this item because, a very long time ago, a law company called Field Fisher Martineau helped me when one of my Trade Mark applications was challenged. Totally frivolously, as it happened. Needless to say, with FFM’s help, I won the day. So, when I saw Fieldfisher is to implement Eclipse Legal Software’s Proclaim Case Management software solution, I couldn’t resist mentioning them. While I’ve been away (so to speak), Fieldfisher has grown to over 500 staff at
Is your marketing digital yet?
The Economist Intelligence Unit (EIU) needs no introduction but Marketo may be a different kettle of fish. It is a company with a focus on turning marketing into one of the most powerful forces in any organisation. It brings accountability to the discipline. Some would argue, “and not before time.” Marketo commissioned the EIU to research almost 500 senior marketers and CMOs worldwide and produce a report highlighting the impact of technology, the importance of managing customer engagement and the role marketers play in setting company strategy. More than 80 percent say that their organisations will need to change dramatically to keep up with increased technical and consumer demands. Sanjay Dholakia, Chief Marketing Officer at Marketo says, “Three out of every four marketers say that in three to five years, they will own the end-to-end customer engagement. That ownership puts marketing right at the centre of revenue generation and setting the company strategy.” Marketers believe that change will occur in six areas: 1. Marketing will shift from being a cost centre to a revenue generator. LAWTECH February 2015
5
LAWTECH The Law Technology Magazine
Issue 1 | October 2014
IT + Legal = Efficiency The right to be forgotten examined...
Knowledge management in the spotlight...
The missing link in legal IT...
Arjun Media is a new and vibrant business-to-business publisher and trade events organiser. It focuses on high quality content to ensure the publications released are engaging, current and specific. The flagship publication of Arjun Media is LawTech Magazine which is a legal technology magazine with the aim of bringing legal professionals and technology providers together. The publication goes out to law-related organisations, with the magazine’s reach being as high as 5000 print subscribers and 2,500 digital subscribers. All the organisations in the Legal 500 receive LawTech, along with the magic circle law firms of London. However, LawTech doesn’t go out exclusively to major city law firms, it also goes to mid-tier firms and high street practices throughout the UK.
26, St. Thomas’ Place, Ely, Cambridgeshire CB7 4EX
NEWS 2. Marketing will become the chief customer advocate. 3. The importance of engagement can’t be underestimated. (An interesting side note is that a minority (22 percent) view engagement in terms of love for a brand – still important, but part of marketing’s legacy skill set.) 4. Marketing needs digital skills and operational expertise. 5. Marketers must leverage technology to succeed. 6. The Internet of Things and real-time personalised mobile technology will shape the future. It’s easy to sniff at these findings and assume that a lot of them belong in the consumer world. But look at how many of your peers use smartphones and tablets rather than PCs and laptops for at least some of their online activities. Now compare with just three years ago. The trend is inescapable. You can pick up your copy of the report at: http://futureofmarketing.eiu.com/ briefing/index.html www.marketo.com www.eiu.com
expect cloud security to pose a risk for those that make ill-informed decisions in their move to the cloud. 3. Mobile vulnerabilities. Expect an increase in attempts to exploit Wi-Fi to gain access to our personal information, passwords, business and personal email, corporate documents, corporate networks or applications. 4. Open doors in open source. We expect hackers will continue to search for open doors in open source code in their quest to get hold of confidential information. 5. Password theft. Hackers steal passwords to break into private iCloud accounts and commercial networks to expose personal data or millions of account access details. Louise explains each in more detail and suggests remedies at www.instantonit. com/it-security-trends-2015/ She concludes her report with the observation that, “It will be all the more important to align the organisation’s technology, processes and people, if security risks (and the financial and reputational risks that go hand in hand with these) are to be minimised.” www.instantonit.com
Legal cloud specialist to expand IT Security trends at a glance
A London-based company with the unusual name of “Instant On IT” specialises in Mac/PC environments in small to medium enterprises. Its work spans IT support and management, cloud services and consultancy. In its ‘Insight pages’ Business Manager Louise Wynn predicts five IT security trends to look out for in 2015. In brief (and paraphrased), they are: 1. ‘Insider’ breaches. According to PwC data issued in 2014, approximately 1/3 of the most serious data breaches in the UK occur as a result of inadvertent human error. 2. Cloud security risks. Not all cloud providers or options are the same and we
Because any given cloud solution is accessible anywhere, one assumes that its sales presence is similarly everywhere. But, in the case of nine-year-old Converge Technology Specialists (ConvergeTS), this is clearly not the case. Claiming to be the UK’s, “Only dedicated computing provider for law firms”, the Cheshire-based company is now planning on expanding through England and Wales from its home turf in the North West where it has over 50 clients. Its investment strategy was spurred by research which predicted that the present 10 percent of UK law firms that use hosted services would grow to 90 percent by 2018. It claims that its new state-of-the-art data centre complies with the strict requirements of the regulations governing
solicitors using Cloud-based services and guarantees that it offers the tightest service-level agreements in the market. Founder and managing director Nigel Wright, says, “The Cloud is the future for the legal industry for a multitude of reasons and as the only provider dedicated to law firms, we are in prime position to expand our reach. It is a major step for law firms to move to a hosted solution, but we have the experience to ease them through the process.” Bill Jones, Chair of JMW Solicitors, says, “We particularly liked Converge’s knowledge of our industry; it has experience of working with many law firms. It quickly became apparent that we were dealing with people who wanted to be our business partners and help us move forward.” www.convergets.co.uk
Quill/ETSOS conveyancing link-up
Quill Interactive is known for its cloudbased practice management and accounts software while ETSOS was the country’s first conveyancing ‘search supermarket’. This will now be included as an integral part of the Quill offering. Through a single interface, conveyancing specialists can request an unlimited number of searches and reports as an integral part of matter progress, and automatically save against case files for end-to-end audit trail purposes. Other facilities include conveyancing quotes and pricing, available on demand for enquirers and agents, with subsequent case tracking for instructed cases. The service covers everything from local authority and Land Registry searches to environmental and planning reports. Phil Natusch, Managing Director of ETSOS, comments, “Clients can save time and improve accuracy, providing better service levels to end clients.” More information at www.quill.co.uk/ headlines/271-quill-etsos-integratedconveyancing-solution/
LAWTECH February 2015
7
OPINION
8
LAWTECH February 2015
OPINION
COMMODITISING
THE LAW
How new technologies can make your law firm more efficient
By Tim Long, Managing Director at Zylpha
The commoditisation of the legal profession is generally spoken about as a bad thing. It is spoken about with phrases such as “dumbing down”, “de-skilling”, “matching skills to task”, “lowest common denominator”, and so on. Phrases such as “off-shored” or “out-sourced” are also used in, again, less than complimentary ways. Whatever your view though, one thing is certain. The landscape of the provision of legal services is changing fast and the pace will only quicken. What’s really happening? In order to get behind the hype and unravel what is happening to legal services, it is necessary to examine what ‘commoditisation’ actually means. One helpful definition that provides a good place to start is: “Commoditisation occurs when consumers can buy the same product or service from different small or large businesses and price is the only differentiator.” This definition is fine if you are selling apples or computer keyboards or ‘widgets’ - but what about legal services? Traditionally, the output from a lawyer was a bespoke ‘thing’. It may be a contract, a lease, a pleading or a connected series of things but it was always specific to the circumstances of the client and what the client was trying to do. So, is commoditisation the opposite of bespoke? Deskilling the law? Lawyers perceive commoditisation as a bad thing because it suggests the years of study and experience can be replaced with a computer or a person of lesser skill. It is also regarded as being bad for income as, for a business that has traditionally only had time to sell, there is now less time involved in carrying out some tasks and therefore income is eroded. Many would also argue that the level of service that is being supplied as a commoditised service is inferior due to time and cost pressures.
However, the perception of commoditisation as a bad thing can only be justified if you expect working practices, technology and society to remain static over time. Improving legal processes Lawyers have always sold their knowledge and experience based on the time it takes them to apply that to the client’s circumstances, formulate a view and transmit that view to the client. While the advice may remain the same, there is plenty of scope for change in the manner of the production and delivery of the advice. Clients (or the consumers of the service), on the other hand, regard commoditisation as a good thing. The general perception of lawyers by the public is that they take too long and charge too much and the profession has done little to dispel this. Popular culture portrays lawyers as wealthy, fast talking autocrats and public perception is probably more influenced by John Grisham and TV programmes such as `Silk’ than the reality of lawyers working 100+ hour weeks and the pressures of running, often, small practices with thin profit margins and ever increasing regulation. However, as the people funding the service, the demands of clients cannot and must not be ignored. Certainly clients want more for less but they are also more flexible in the way the service is delivered and more accepting of new technology than ever before. So, I would argue that it is not the output that should be commoditised but the process by which the output is produced and delivered. Technology opportunities Looking at the effect of technology on society, there are many systems, websites and apps that the legal profession should watch as an indicator of the future. These are all technologies, which are in use today but may not yet have been fully adopted by consumers or suppliers in the legal market. Systems such as cost comparison websites, ratings LAWTECH February 2015
9
OPINION
websites and even social media such as Facebook and Twitter are now common features in many people’s day-to-day lives. Equally, systems are accessed increasingly on mobile devices rather than traditional computers. Not only will law firms of the future have to deliver services through these channels, they will have to make themselves and their knowledge accessible to consumers through them too as the consumer demands a more digital and immediate approach to the law. A change of approach Law firms must also get used to delivering different services. Sending long letters full of legal jargon will not go down well with a generation more used to sending a short tweet or `Facebooking’ their friends. Consumers will expect to be able to take a more Google approach to finding a solution to a legal problem. After all, many people these days would be likely to precede a trip to the doctor with a self-diagnosis via Google so why should a trip to a lawyer be any different? Lawyers will start to take much more of a custodian role in the provision of legal resources to a much more informed client and must be more prepared to let clients dip in and out of a retainer with their lawyer. Facilitating change Technology can help facilitate these changes in many areas: Communication – clients generally expect short, factual communication delivered directly to them. Email is currently the primary tool for this and over a 100 billion emails are sent each day. Technologies such as Twitter are currently running at about half a billion tweets per day which is small by comparison but still significant and growing fast. Many organisations are choosing to communicate using Twitter messaging in preference to email as it is seen as less intrusive and closer to verbal communication than emails, which tend to be more verbose. Similarly SMS, push notifications and social media are all methods used by the consumer day to day and law firms ignore them at their peril. Cloud technology – despite what the software industry will tell you, this is not new. The concept of using services and software hosted on servers or storage of data hosted on servers owned by someone else is not new. Anyone with a Hotmail account or Gmail account has been using cloud services for years. However, the changes in the delivery mechanism for these services is new. For example, the ability for an organisation to quickly set-up a large scale database using a service such as Microsoft Azure or Amazon and then scale that facility to meet fluctuations in demand has revolutionised many services. The backup, redundancy and security offered by cloud technology surpasses that which most organisations can afford. Disruptive technologies – those that disrupt established markets and create new ones - are now well established in the legal arena. Online research, online problem solving, document assembly and many others are all, on the face of it, examples of technology replacing lawyers. The opportunity however is to 10
LAWTECH February 2015
allow these services to augment the lawyer. They should be seem as providing the means for the potential client to establish that they have a problem, that they need help and, if the client cannot solve the problem themselves, provide a route to the lawyer. This has the added advantage of making the lawyer more accessible to consumers in the same way that nurse practitioners have augmented the role of the GP. Conclusion Against this backdrop, it is clear that the provision of legal services continues to evolve very quickly. Simply carrying on delivering the service that lawyers have always provided, in the way they have always provided it, is no longer enough for today’s technically competent, better-informed consumers. Yes, more for less is expected but, by `commoditising’ the access to - and delivery of - the service rather than the substance of the service and providing more routes in for the consumer, the services of the lawyer will continue to be in demand.
About the author Tim Long is a qualified solicitor with 20 years of IT experience. He started Zylpha in 2006 to exploit the potential of technology to transform repetitive tasks in legal practices. His clients include local authorities and law firms with over 300 active users. www.zylpha.com
Drinks Reception
Arjun Media, the publishers of LawTech
LawTech has had wonderful feedback.
Magazine will be hosting a drinks reception
However, we’re constantly looking to
at Cambridge City Hotel on the 5 of March
improve wherever we can. This will be an
from 5:30 to 7:00. This will be an evening
opportunity for you to give your input and
when the team behind the publication
put forward ideas or features you’d like to
hope to hear from you, the reader.
see in the magazine.
th
By way of a thank you, we hope you’ll join us for a glass of sparkling wine and canapés on the night. Visit the LawTech website to register www.lawtechmagazine.com
BETTERBUSINESS
12
LAWTECH February 2015
BETTERBUSINESS
ENTERPRISE RESOURCE
PLANNING FOR LAW FIRMS
Key considerations when implementing an ERP-style business management system
Matt Gegg, Head of Professional Services and Support at LexisNexis Enterprise Solutions
The ever-increasing competitive and market pressures that law firms face today have become the new normal. With a tenacious focus on delivering operational efficiencies and demand for value-based pricing by clients, coupled with a variety of new legal services providers entering the fray, law firms must change the way they operate and, indeed, deal with the world in general. Continuous improvement must become an inherent part of their business operation; and to do this, firms require an in-depth understanding of their business – what they do well, areas they fall short, where incremental efficiencies can be gained, where new ways of working can be developed, and so on. ERP-style business management systems offer the capability to do all this while leveraging industryrecognised best practices; hence the growing interest in these platforms in the legal sector. Taking the long view Today, as law firms consider ERP-style business management systems, they must take a long term view of the solution – a journey plan that is aligned with the strategic business objectives and focused on the key drivers of the business. When defining the system’s requirements, it’s best to steer clear of the traditional features- and functionality-only approach
– in favour of a focus on business process improvement. This is critical as it will allow firms to connect both the legal and business-related processes at key points, which will provide valuable insights to help drive business performance. Based on many years of helping organisations implement enterprise application projects, in my view, any firm looking to adopt an ERP-based business management system should concentrate on three fundamental areas: Best practice A business management system offers a significant set of capabilities based on widely recognised and adopted industry processes – all of which can be manipulated to enable an organisation to deliver against the changing requirements of its customers and the marketplace. The technology enables continuous business process improvement and fine-tuning; and at the same time facilitates the development of new and innovative ways of working, should the need arise. However, to fully take advantage of the solution’s capabilities, clearly determine what specific benefits you want to realise from the technology. The benefits will only be meaningful if they can be linked back to your firm’s strategic goals and strategy, which could be anything from growing revenue, effectively servicing different
markets and geographies through to business efficiency, cost reduction and even automation. Matter matters Given the competitive state of the legal market and the alternative fee arrangements that clients are increasingly demanding, a good area for firms to consider is matter management and matter budgeting. A business management system facilitates the application of project management skills to legal work types to enable firms to ensure that they derive the best value from their pricing while delivering the best service to clients. Using historical and current data residing in the business management system, for every work type, a firm will be able to estimate the cost of matter, the skills and resources required and the typical timescale within which the activity should be completed. Cumulatively, at a more strategic level, a firm will also have a single view of every client including number of matters open, billing, profitability of each matter, potential for cross-selling legal services and so on. Focus on business processes Take a business process-led approach to deploying a business management project. Rather than simply replicating LAWTECH February 2015
13
BETTERBUSINESS
See RoI early
existing/requested functionality (systems are commonly described by their features and functions), assess the process behind it – what are the desired outcomes, how do you provide services to customers, how you can enhance it for efficiency or devise innovative ways of doing things – to drive improved customer satisfaction or better operational performance. Look to your system provider, who will have a plethora of business process best practice guidance to offer. The solution vendor will also be able to provide insights from other industry verticals where specific process types have been successfully aligned and efficiencies gained through adopting best practice. In fact, you may even find that many best practice processes are already preconfigured in the business management system, thereby significantly reducing the total cost of getting the project off the ground. While this can have a material impact on the total cost of ownership of the delivered solution, it does not prevent you from altering the processes in the future based on the changing requirements of the market, the customers or the users. 14
LAWTECH February 2015
Iterative approach Secondly, understand what the system does and what business benefits it can offer to your firm in ‘time boxed’ increments. An ERP approach to business ensures that law firms have the right skills and capacity at the right time to deliver the right service to customers. Collecting key data during these service delivery projects and using the information to help drive operational efficiencies and effectiveness for future service delivery will drive improved business performance. Start in the right place Identify a key project with clear deliverables and objectives that directly link back to the over-arching goals of your organisation; and use this project as a foundation upon which to build new capability. Pick and roll out the key business process areas, which then serve as the backbone upon which new business processes can be added, or new capabilities explored. Be careful though. If, for example, you pick core financial business processes right at the start, you will be challenged to show the benefits of the new way of working to the wider user community and how it is helping your customers. This may lead to change management issues and it will be much more difficult to demonstrate the value of the project to the stakeholders of the business. So pick business process areas that can deliver visible benefit to your customers or your primary service delivery user
community - these may include financial, human resource or projects capabilities. However, be mindful that it is the collaboration across these capabilities that will deliver the business processes that meet the needs of your customers and illustrate the real value of your business management system. This kind of incremental, best practicebased delivery and roll-out of the business management system – that maps back to business objectives – will drive momentum for business change across the firm in tune with the current business requirements and continuous improvements will follow as part of your daily operations. You will create a journey plan that helps the business embrace new opportunities by continuously expanding the capability of the business management system where incremental gains can be achieved. Furthermore, an iterative approach to delivering incremental business gains will ensure that the business management system implementation doesn’t become too complex to handle and that the business can see incremental return in investment early. User adoption It is imperative that the organisation has completely bought into the project and understands the quantifiable benefits of adopting the system. The best way to do this is to take the users with you on the journey. As you change the status quo, give them enough to be excited about by demonstrating how the new way of working will benefit them and in turn help them achieve their individual goals, but stage manage the amount of change at each stage. A little and often approach to adopting the full capabilities of a business management system will help ensure user adoption. Question everything Ensure that the firm is well-equipped with the necessary resources, skills and mindset to drive the project. Furthermore, question everything! Use continuous improvement tools (such as Six Sigma) to query why the business does things in a certain way, how it impacts the firm’s users and clients and if there is a better, more efficient way, of executing the task – perhaps even automating it or
BETTERBUSINESS
learning from best practices adopted by other industries. This is the best time to undertake such an exercise. Investing significant time and effort building what you already have today in a newer technology will not always provide the value that is expected; it will not show the step change in how you operate or the business case realisation. The key contention here in law firms is that those that know and can question existing processes - i.e. fee earners – are also those that are driving revenue and profit. When implementing continuous improvement programmes, it’s important that these resources are planned into the project and any impact on revenue managed so that fee earners have time to review and challenge the status quo and devise new ways of working. The payback – i.e. future benefits – should be clear at the outset and included in the business case for the programme.
Also, when setting objectives for your projects, don’t try and re-build existing processes in your new business management system. An ERP-style business management system offers a great opportunity to embrace crossindustry capabilities. So chose your solution based on ‘enterprise’, rather than purely ‘legal’, requirements. Take your time Finally, don’t bite off more than you can chew at the start. From experience, a year to 18 months ‘time boxed’ approach is a
realistic timeframe for the first delivery iteration to be completed. Yet the journey plan in building capability and driving business performance will be ongoing, it will continually change. However, with a business management system in place, your ability to change to meet market pressures and drive improved performance will now be much easier. You will have the flexibility, the data and the technical capability to continuously review and modify the way you operate to maximise business performance in an ever-evolving market.
About the author Matthew Gegg is responsible for the Professional Services operation of LexisNexis’ Enterprise Solutions across all regions, barring the US market. He has a strong background in business-related legal software including case, practice, business intelligence, business process automation, CRM and ERP. www.lexisnexis-es.co.uk
2103 Sprout Barrister ad_2103 Sprout Barrister ad 16/12/2014 19:00 Page 1
www.happybarristers.co.uk
We make happy barristers
020 7036 8530 LAWTECH February 2015
15
ITSYSTEMS
HACKERS SEE LAW FIRMS AS
“LEGALEASY”
16
LAWTECH February 2015
ITSYSTEMS
Phil Robins provides an insider’s view of the risks that law firms face from focused hacker attacks.
By Phil Robins, Sales Director at Encode Group
Imagine if your firm were hacked and client data publicly exposed, the PR impact alone would be devastating to the business and very uncomfortable for the partners. Stories like this might appear: London based law firm “Nosuch Legal” has become the focus of numerous press articles in recent days following the leaking of damaging client data the result of a cyber attack during the weekend. Senior Partner, John Doe said, “We are investigating the situation but cannot confirm at this stage how the data was obtained”. Many of Nosuch’s clients are demanding to know which, if any, of their data is affected and are seeking legal advice from other firms. Legal firms are custodians of hugely sensitive client data that, should it leak out, could have far-reaching implications for the client. Given this position of absolute trust, surely the security surrounding such data should be beyond reproach. But how many firms can claim this?
The law as a target
The legal profession’s IT systems have become key targets for sophisticated hackers and this is evidenced by recent warnings from respected organisations like the Information Commissioners Office (ICO), the Solicitors Regulation Authority (SRA), the Law Society and even the UK Government. Threats (Threat Sources) to the legal profession are many and varied, emanating from a multitude of sources; criminal gangs, nation states, corporate espionage, terrorists, hacktivist groups looking to damage reputations or worse. At the same time, the profession is under scrutiny from regulatory organisations and various client groups all concerned about the heightened prospect of such attacks. Corporate clients who themselves have invested heavily in security, harbour concerns that their legal firm(s) could represent the weak point in their defences.
The third dimension is the information that legal practices have access to; M&A data, personal client data, court records, evidence, corporate contracts/agreements, the list is both substantial and significant. We also have to view the above in context with the capability that now exists in which to mount cyber attacks. Over the past few years, nation states such as China and Russia have been identified as key protagonists of cyber attacks. As the technology to mount such attacks becomes more readily available to criminal gangs, terrorists and nation states other than China and Russia, the threat to all organisations increases.
Your obligations and risks
Legal firms are both professionally and legally bound to keep the affairs of clients both confidential and secure. They therefore need to be prepared for the increased risk of a cyberattack committed against law firms, whether it’s to steal money, identities or industrial secrets. Reputation and client confidentiality are critical for law firms but the proliferation of attacks also presents a broader risk to public confidence in the legal sector. Increasing digitisation of data simply accentuates the problem; this rush to digitisation is entirely defendable, improving access to information, reducing research times and resources, deskilling processes and improving quality. The by-product, however, is a requirement for ever-increasing network complexity and accessibility. Network complexity and accessibility are friends of the hacker, they provide the ideal environment against which to mount an attack.
Types of attack
Many forms of cyber-attack are ranged against the legal profession but those using ‘Advanced Persistent Threat’ techniques; a combination of Internet reconnaissance, spearphishing and a Trojan are potentially the most likely and the most damaging. Such attacks are stealthy in the extreme and
“Reputation and client confidentiality are critical for law firms” LAWTECH February 2015
17
ITSYSTEMS
very difficult to detect. This combination also means that attacks more often than not are undetected and, if detected, require significant and costly investigation to determine the damage caused.
Jargon buster Internet reconnaissance: Collecting business, social or technical information from the internet Spear Phishing: A targeted attack on a user system within the corporate perimeter Trojan: Malicious code that causes loss or theft of data and, possibly, system harm
An Advanced Persistent Threat (APT) is arguably the most potent Cyber threat any digitally enabled organisation faces in todays’ electronically interconnected world. APT-based attacks target and leverage the complexity and defences of a company’s IT estate to gain undetected persistent access. Given this threat, how many firms are prepared to put their security infrastructure to the test against a targeted advanced persistent threat? It’s very likely that many corporate clients will demand such tests of their legal representatives in future, simple penetration tests will no longer be sufficient. Such attacks can be inherently destabilising for a practice. Cyber-attacks are a risk to all types of law firm but there are some characteristics that carry increased risk, for example: • • • •
Dealing with client money High-value litigation cases Maintaining large volumes of data Acting on behalf of celebrities, large corporations, governments, etc. • Representing high profile cases • M&A activities, share dealing, or other such corporate activities All of the above represent attractive targets and if compromised attract potential legal, compliance and financial implications to the firm.
How concerned should you be?
So what is the picture regarding Advanced Persistent Threat within the legal profession? This is difficult to assess because there are wide gaps in the available evidence, however, if we extrapolate some of the generic evidence, it’s truly concerning. We regularly test our client’s ability to detect and defend against Advanced Persistent Threat attacks. In all cases, we are able to penetrate their network unseen and exfiltrate data at will, while making our way to the ultimate goal of domain administrator and all in only a few days. Given that IT infrastructure is essentially generic, the result will be the same within the legal profession. It’s generally accepted that it takes around nine months before an attack is noticed and then it’s usually by a third party. That’s enough time to exfiltrate 18
LAWTECH February 2015
all the data you have. Obviously, these are the known attacks; there are no statistics for all the attacks that remain undetected! Good security requires sufficiently robust and correctly targeted IT budgets, users who are aware of the threat and their role in preventing it. “Spear Phishing” attacks, targeting lawyers and purporting to be from the SRA, can only succeed if users click on the link they are sent in a rogue email and will only be prevented where users recognise the damage they can do by such actions. IT provides an opportunity to lessen the risks but that brings its own challenges and it’s not solely an IT problem, it’s an issue for the entire practice, particularly the partners. IT must have the budget that allows it to implement an APT-based architecture that suits the attack landscape of the 21st century. Partners have to recognise that the threat landscape has changed in the past couple of years and continues to change, correspondingly significant investment is required in order to meet the challenges of todays’ cybercrime. While a law firm can take some simple precautions to make themselves more secure, in the face of an APT attack they require a much greater arsenal of weapons. A security infrastructure designed to both identify and defend against APT attacks represents a significant investment but, balanced against a breach of client confidentiality, it pales into insignificance.
ITSYSTEMS
identify an APT attack and monitor the activity whilst developing a strategy to defeat it. In nine years, we’ve yet to find a client company that can identify a well-mounted APT attack let alone defeat it. Now, of course, many will consider the continuing cyber security press coverage to be simply rampant sensationalism. Even assuming that the rhetoric is being served up with a large portion of embellishment, to ignore it completely is tantamount to playing Russian roulette. You may recall when the early antivirus companies were accused of exaggeration. Subsequently, however, history has shown us that they were right all along. Awareness of digital security needs to be led by both the board and senior management, it is as important as physical security. Awareness of the issues surrounding cyber security has made it to the board but the level of understanding is still limited. The security team needs to be able to contrast the cost of good security vs the cost of mediocre security to the business. The approach has to be business driven and at a higher-level; risk rather than security.
Conclusion
“It takes around nine months before an attack is noticed” Breach detection requires combing through vast quantities of log data, which then requires processing and analysing to identify anomalies. Finally these anomalies need to be understood in context by analysts able to determine their significance Part of a recommended solution to APT attacks that use spearphishing as the infection method is ‘security awareness training’ for your staff. While this is a good idea anyway, it will not protect you from spear-phishing APT attacks. The spoof emails are plausible and precisely targeted making it almost impossible to stop at least one person from opening the mail, and that’s all the hacker needs.
Do you need outside experts?
Mounting a credible defence against such attacks isn’t feasible, the determined attacker will succeed. Therefore you need to
The range of threats, attacks and targets involved in Cyber attacks can be graphically projected as landmarks in a ‘Cyber Threat landscape’ (see Fig 1). A ‘Threat Landscape’ provides a basic framework for modelling threats as a first step to understanding threat and risk levels. The Cyber Threat Landscape can also help understand APT based attacks at a high level. At the start of any journey you need to know where you are so an independent security audit is the essential first step. As part of the audit process it helps to establish your level of risk. The Threat Landscape above illustrates the key elements used to create a ‘Threat’ to your system and information assets. Don’t make it easy for the hacker.
About the author Phil Robins is Encode Group’s Sales Director for Western Europe. He’s worked in the IT sector for 30 years. He loves the continual pressure brought about as threat and defence continually leapfrog each other. www.encodegroup.com LAWTECH February 2015
19
BETTERBUSINESS
HOW TO FIND A GOOD
LEGAL PR COMPANY Phil Turtle explains how to seek out the best PR for your budget‌
By Phil Turtle, Managing Director at Turtle Consulting Group
20
LAWTECH February 2015
BETTERBUSINESS
Possibly you’ve tried your hand at doing your own PR (public or media relations) for your law firm and you had a degree of success - but you’ve also discovered how it takes up a lot of your time and that other ‘more urgent’ things such as dealing with clients and court appearances keep getting in the way. Or maybe you’ve progressed to hiring a freelance PR consultant and who’s has taken you to the next level but you know that to improve your competitive position you need to do much more. The trouble is there are hundreds of PR agencies out there. How do you choose the best one to help grow your law firm? Decide what you need Saying to a PR agency “we need proposals for a PR campaign” is pretty much the same as walking into a garage and saying “I need a car.” You’ve given them no clue whether you’re looking for a second hand Fiesta or a brand-new Ferrari. So be clear on your core needs such as: “Regular news, feature articles and case studies in the key media titles and websites for the legal profession…” Tell them which media you consider to be key or, if not sure, explain that you are for example: “Targeting small- to mediumsized independent financial advisors.” By all means put wish-list items into a separate secondary requirements list but be realistic, e.g. “Occasional coverage in mainstream newspapers and broadsheets.” Which brings us on to: Budget It’s fairly impossible for PR agencies to “give you a price”. The way they plan your campaign is very dependent on the budget available. Different budgets demand different strategies. So take a deep breath and agree a budget internally. Then, when you get to talking to agencies, you can give them a figure to work with. They will happily tell you what they can do for that pot of money. It’s quite acceptable to ask for illustrations at, say, plus/minus 25 percent. And do remember, you won’t get a Ferrari for the price of a Ford Fiesta. Language issues The majority of PR agencies, even those that advertise themselves as ‘Legal PR’ aren’t always at ease with legal terminology. If you’re going to need them to interface with your legal professionals and you choose people that can’t talk to them in their own language, you’re setting yourself up for internal criticism and disengagement. In addition you’re likely to receive draft press releases and feature articles that are poor if not beyond redemption. Exclusive or specialist? Many companies expect to be the only client in their field with a particular PR agency. Unless you’re spending around quarter of a million pounds or more, not only is this unreasonable but you will
probably deny yourselves access to the very best people in your sector. Specialist agencies are set up to deal with multiple competing clients and must build effective ethical walls between the teams. Long list A Google search of “PR agency” plus terms that are relevant to your law firm will bring up suspects. Studying their Web sites will usually give you a good starting point to identify the true prospects. Searching “PR agency” plus “name of law firm competitor” will also highlight which agencies are already working in the legal sector. Try to weed this list down to five or six at most. The beauty parade Once you’ve decided on your shortlist, invite them to visit you and present their credentials. Sending them your requirements and budget beforehand will make your time with them far more productive. Assess whether you like the people as well as their agency skills. Following meeting the people, prune your list down to two or three at most. The pitch Invite the two or three agencies to come back in 7 to 10 days time. Get them all to pitch on the same day to the same internal team. Allow, say, an hour for the pitch plus half an hour for questions. Scores Before the pitch day, draw up a score-sheet based what based on what you as a team are looking for. On the day have each member of your pitch review team complete the score sheets as you see each agency. After the last pitch get everyone’s scores on the board and discuss until you have a clear first and second choice of agencies. Negotiate Even after you’ve made your choice, there is still a contract to negotiate. Mostly this goes well but not always. That’s why you need a second choice. Hopefully you now have appointed the best PR agency to help grow your law firm. Remember they are part of your team - not arm’s-length suppliers - and once the ‘getting to know each other’ phase is out of the way, you can expect to see great results.
About the author Phil Turtle is a graduate engineer with a masters degree in marketing. Turtle Consulting’s approach to PR can be encapsulated in the phrase, “We help you sell.” www.turtleconsulting.com LAWTECH February 2015
21
CYB Keeping
FOLLOW US
REGISTRATION
encode.london/cybersecurity
ER SECURITY
pac e with an ever changing world Hear more about the current threat landscape, your exposure and the ramifications to your practice. We’ll take you inside the mind of the threat actor, their motivations & techniques. EVENT DATE
Wednesday, February 25th 2015 VENUE
5 Chancery Lane, Clifford’s Inn, London, EC4A 1BL FORMAT
Champagne Reception
encodegroup.com
Event in association with
events@encodegroup.com +44(0) 207 406 7560
The Legal Technology Magazine
ITSYSTEMS
HOW THE ROUSE GROUP
REPELS BOARDERS How Mimecast shields a law firm and its users from email-borne dangers
David Tebbutt, Editor at LawTech Magazine
24
LAWTECH February 2015
ITSYSTEMS
The user’s tale
The vendor’s tale
The Rouse Group is a global IP consultancy that provides a full range of Intellectual Property services from patent and trademark protection and management, to commercialisation and global enforcement and anti-counterfeiting programmes. It employs 600 people in 16 offices in 13 countries. It also works closely with affiliates in many other countries.
Mimecast was into cloud computing long before the term became fashionable. It specialises in what it calls ‘Unified Email Management’. This means that it does things in its cloud to protect your organisation from email-borne problems. Your email flows back and forth through its systems, barely pausing as it is checked for viruses, illicit links and so on. By unifying all manner of protections in the one system, it saves clients the complexity, risk and cost of putting together such protection under their own steam.
Email dangers Like most law firms, email is a central element of its communications, within the Group and with the outside world. Matthew Blewett is the firm’s Global IT Infrastructure Manager and it’s his job to make sure that email communications are secure from leakage and corruption. In the early days, this protection was provided by a spam and antivirus detection system. But, as the attackers’ methods became more sophisticated, a small number of unwelcome emails crept through so he started considering alternatives. A comprehensive solution In 2008, a reseller suggested he look at Mimecast, a cloud-based email protection system. (Yes, even then.) It works by examining and filtering emails before arrival at, and after departure from, Rouse’s email system. Some existing users of the system gave Matthew Blewett terrific feedback and, when he spoke to Mimecast, he discovered that it also offered an archiving service. At the time, this was a unique offering that made his choice even easier. He told LawTech, “After all law firms always need to look back.” Mimecast also provided another valuable feature in the form of Continuity, which Rouse later adopted. This meant that users could continue to send and receive emails in the event of a core email server outage. Blocking the spear phishermen In the last six to twelve months, users had started to report increasing numbers of attempted ‘spear phishing’ emails in which they were being addressed by name and invited to apply for a refund or to be told that they’ve received a fax. The fear was that a click on the supplied link could take them into danger, either by downloading some malware or by asking for credit card details, in order to activate a perfectly plausible refund, if the email was malicious. Matthew Blewett went to Mimecast to see if it had anything to protect the firm from this sort of attack and protect their users. As it happened, it had such a service in the late stages of beta testing, called Targeted Threat Protection. It rewrites all URLs inside emails to point to its own threat intelligence systems then if a user, in Rouse or one of its affiliated companies, clicks on the link Mimecast pre-scans the link before the users’ browser sees where it leads. If it’s valid, the user is unaware that this has happened. If it’s malicious, Mimecast flags the problem to the user by blocking access to the site. Unlike modern law practice, it takes a ‘guilty until proven innocent’ approach.
Mimecast in a nutshell The foundation system provides protection from spam and viruses. The archiving system makes it easy to recover important emails at a future date, while leaving your user’s mailboxes (and your file systems) relatively free of email silt. And the Continuity service means that your users can continue to function even if their preferred email system goes down. The Mimecast service has deep links into Microsoft Exchange and Office 365, but it also works with other mail systems such as those from Google and IBM. A recent addition to the suite is called Targeted Threat Protection. This is the service mentioned earlier in which all URLs in all emails are treated as suspicious. No user can follow a link without the Mimecast service giving the nod. Or not. It’s done this way because most users probably have the wit to avoid clicking the link. The approach means that mail delivery slows imperceptibly, leaving the actual link checking until someone actually clicks on it. Work anywhere By doing all this work in the cloud, it means that users are protected regardless of whether they’re using email through their desktop, laptop, tablet, smartphone or cyber café. Mimecast has a wealth of other features, too numerous to list here, but profanity checks and data leak prevention are two that will give you a flavour of the sort of dangers it can help you sidestep. Of course, technology can only take you so far. Mimecast’s director of technology marketing warns LawTech readers, “Law firms need to blend technology with end user education and awareness programmes.” Forget that warning at your peril.
About the author David Tebbutt is an extremely experienced writer and editor with a substantial technical background. He is editor of this magazine. www.rouse.com www.mimecast.com
LAWTECH February 2015
25
CASESTUDY
NEVER LOSE
A MOMENT’S WORK
How a major law firm protects its most vital information
Peter Godden is Vice President for EMEA at Zerto
26
LAWTECH February 2015
CASESTUDY The need for robust IT infrastructure along with a reliable data retention policy is a critical requirement for the legal profession. One of the fastest growing law firms in the UK, which is ranked in the top 25 with over 2000 employees, considers its innovative IT infrastructure and information availability a clear competitive advantage. Although it chooses to keep its identity secret, this firm has agreed to reveal to LawTech readers how it maintains its enviable record of no outages or critical system downtime. It has also agreed to provide some background on the benefits it has received from using disaster recovery software for its VMware-based virtual servers. Risks One of the key systems at the firm is its client billing platform. Any work that a lawyer does on a case is billable to the customer and to ensure accuracy, this law firm breaks out each hour into 10 six-minute segments to provide extremely granular time-keeping. With over 700 lawyers, if systems are down and they lose even just one 6 minute segment, they will have lost 70 hours of billable time — a significant financial loss. The process of manually rebuilding any lost billing is also extremely complex and costly and extremely detrimental to client relationships. Alongside the billing systems is a core information archive that is essential to effectively manage cases, find case law and other relevant documents and ensure the best and most accurate information is available when it is needed. Across the IT estate, the firm has 80 virtual machines (VMs) supporting these critical applications as well its Microsoft SQL Server, Elite 3E enterprise business management solution and office productivity software. As many of these systems are critically interlinked, a loss across any of these links would impact clients, cases, productivity and also the reputation of the firm. Poor protection In 2013, the firm began a project to improve the resilience of its IT systems. It was felt that its existing backup and replication solution using VMware snapshots did not meet necessary Recovery Point Objectives (RPOs) and Recovery Time Objectives (RTOs) to adequately protect its processes. Additionally, the legacy backup solution slowed down application performance with a direct impact on the productivity of its staff. This slowdown had forced the IT team to change the frequency of the snapshots so they would only execute during off-hours to ensure productivity was not lost, but this led to rather poor protection and service level commitments from the IT department that senior management were unhappy with.
Continuous virtual replication Following research, the firm opted for a virtual replication solution. The Zerto Virtual Manager (ZVM), which plugs directly into the firm’s VMware’s vCenter management software to manage replication for its entire vSphere domain to keep track of applications and information in motion, in real time. The solution also uses a Virtual Replication Appliance (VRA) which is an agentless software module that continuously replicates data from VMs, compressing and sending that data to a backup storage platform. The virtual replication solution is a hardware-agnostic approach allowing the firm to replicate from any source storage to any target storage. In addition, instead of doing snapshots during out-of-peak hours, it replicates only what is needed as each virtual machine writes new data. Also, the new information is compressed, significantly reducing bandwidth requirements as it moves over the network and avoiding the dreaded application slowdown. Another significant advantage was the ability to ensure application consistency across all of its virtual machines. This included the use of 24-hour journaling to eliminate the need for SQL transaction log backups between the nightly full SQL backups. This means that the firm can failover to any point in time in the last 24 hours in the event of a data corruption. The final major advantage over the old backup system was the ability to conduct non-disruptive failover testing using just a few clicks to test the validity of the disaster recovery processes. Conclusion The new business continuity solution has been up and running now for nearly a year and has delivered reliable operation with minimal management requirements due to the highly automated protection policies the firm has put in place. As the IT manager in charge of the project explains, “We didn’t have to upgrade our network, storage or servers and we are seeing RPOs of seconds. To get this same service level with array-based solutions, we were going to have to invest in a costly network upgrade. This new system fits seamlessly into our existing infrastructure and is delivering extremely high service levels.”
About the author Peter Godden , Vice President, Europe Middle East and Africa, has 20 years’ experience in the storage Industry. He is a qualified electrical engineer, as well as being an accomplished systems consultant and sales manager. www.zerto.com
LAWTECH February 2015
27
CASESTUDY
THREE TRANSFORMATIONS How Eclipse Proclaim changed three businesses for the better
By Darren Gower, Marketing Director at Eclipse Legal Systems
Advantage Property Lawyers
In 2009, as a new start-up, Advantage Property Lawyers (APL) needed a Practice Management solution that focused specifically on residential conveyancing. Software was needed that would allow the firm to offer its clients and introducers an outstanding level of service and customer care, while maintaining best practice at all times. The solution would also have to be reliable and offer easy scalability in line with APL’s aspirations to become one of the UK’s biggest and best conveyancers. In 2013, the company picked up two significant awards from LFS: North East Regional Conveyancing Firm of the Year (Gold) and Conveyancing Firm of the Year (Silver). It added to its collection with another Silver in 2014 as Estate Agency of the Year from The Times and Sunday Times in association with Large Conveyancer. Why it chose Eclipse APL chose Eclipse’s Proclaim Practice Management solution because it provided a centralised, secure desktop toolkit for every property transaction - used by all staff. It also provided an out-of-the box conveyancing focus and integrated easily with third party complementary software. 28
LAWTECH February 2015
CASESTUDY
Facilitates diversification
This was important because most work came from large corporates and major estate agents. According to APL, Proclaim has proved to be an essential ‘enabler’ for providing a superb client experience and reducing turnaround times. It helped APL achieve over 4,000 completions and increase turnover by 40% in 2013. The financial and reporting toolset provides instant data retrieval with continuous monitoring and analysis of KPIs assisting with the management of systems, processes and risk calculations. APL has used Proclaim to automate a vast number of administrative processes including document production and it hopes to move towards a paperless office soon. Since first implementing Proclaim, APL has grown rapidly increasing staff numbers from 15 to more than 50. The firm is now represented on the management board of The Conveyancing Association and was the first conveyancing firm to receive the ‘Legal Eye’ quality standard. www.aplawyers.co.uk
Bakers Solicitors
Established in 2000, award winning Farnborough based Bakers Solicitors has grown from a one-practice litigation specialist, with six staff, to a group of three law firms (Bakers, OW Law LLP and Baker Law LLP) with over 70 staff across five branches providing a full range of legal services. The firm initially specialised in Personal Injury cases referred by other law firms. It needed a computer system that would enable its case handlers to spend more quality time on the complex legal issues, while still processing cases as quickly and efficiently as possible. It wanted a solution that would be easy to use and have the built-in flexibility to facilitate the rapid transformation and diversification from a single practice into a group of three firms, each with their own area of specialism.
It chose Proclaim It chose the Proclaim Practice Management Software Solution primarily for its flexibility, which allowed for a consistent approach with a single secure centralised database managing all work areas including Court of Protection, Conveyancing, Debt Recovery and Employment. Furthermore, Proclaim’s integrated firm-wide financial management platform makes financial transactions simple for a small accounts team to manage. And its built-in Compliance toolset ensures risk is effectively managed and legislative requirements are met. The highly customisable reporting solution has been invaluable for analysing data to spot issues, deal with problems and manage staff. The Batch Scanning tool has even created a paperless office with no physical documents stored. Thanks to an integrated development toolset, the firm has been able to adapt the system to suit their own specific needs, including the creation of a Clinical Negligence Matter Management platform. Features such as the New Business Enquiries module mean that the firm provides superb levels of customer care throughout the client journey. It ensures true end-to-end management of incoming enquiries and SecureDocs takes care of online document delivery and acceptance. Ross Carr, Bakers Solicitors’ Chief Executive, says of Proclaim, “This is such a superb solution; it has allowed us to concentrate on managing and growing our business.” www.bakerssolicitors.com
Curtis Law Solicitors
Curtis Law was founded in 2008, employing five staff to deal with Personal Injury claims. Since that time, the firm has extended its reach into Family Law, Conveyancing, Probate and Commercial areas and now employs 200 staff. Although it was set up initially as a PI claims specialist, it had strong ambitions
to grow both in headcount and in the range of legal work managed. For this reason, it needed a case management solution that would provide a flexible and future-proof environment - one that could be scaled out to multiple work areas, not just PI. Proclaim fitted the bill Following a detailed analysis of available solutions, the company chose Eclipse’s Proclaim Case Management system. It was impressed by the supplier’s track record in helping new start-up businesses to grow and by the ability to add practice accounts at a later stage to replace its existing ‘bureau’ accounts system. The result was a fully integrated system. Proclaim is used across all work areas, providing a complete desktop productivity solution. Client care is top of the firm’s agenda; the ability to rapidly see where any file is up to - and provide feedback for clients - is a huge benefit. As a growing practice, managing finances is vital. Curtis Law monitors and analyses performance continuously, using Proclaim’s integrated reporting toolset. This means that trends can be spotted easily, enabling the management team to quickly make informed operational and growth decisions. The Principal of the firm, Tasleem Riaz, says, “Proclaim has provided a robust, scalable and flexible solution that is perfectly in tune with our commercial aims.” www.curtislaw.co.uk About the author Darren Gower has 12 years’ experience in the legal services sector, specialising in IT solutions for law firms. Responsible for Eclipse’s overall marketing operations, Darren creates and directs communications strategy across multiple market sectors. www.eclipselegal.co.uk LAWTECH February 2015
29
OPINION
30
LAWTECH February 2015
OPINION
BEEF UP
YOUR ACCESS CREDENTIALS How two-part authentication keeps hackers at bay
Matt Torrens, Director of Sprout Technologies
The legal market is well known for being slightly slower in technology adoption, particularly in the case of barristers’ chambers, than other verticals. But, as Bob Dylan once said, “The Times They Are a-Changin” – and law firms need to wake up, soon. Bluntly, chambers must stop disregarding security risks and/or pretending that they are somehow immune. Financial and healthcare industries have all adopted a far higher appreciation and integration of ‘IT security’ and the use of Two Factor Authentication (2FA), for example, is standard. What is 2FA? Do I need it? Traditionally, a user will ‘authenticate’ with a network resource using a combination of a username and password. Authentication is the process whereby a computer system determines the identity of someone trying to access a resource. If you replace ‘a resource’ with ‘client data’ and ‘someone’ with ‘a Data Controller’ then you begin to see the importance of protecting access. Members of Chambers are Data Controllers within the meaning of the Data Protection Act 1998 and have statutory duties in respect of any Personal Data and Sensitive Personal Data that they hold. Pursuant to the seventh data protection
You’ve been using 2FA for ages
principle (see box-out for the full set), members of Chambers must ensure that they protect data to which the Act applies using an appropriate level of security given the nature of the data and the harm that might result from unauthorised processing or loss. The use of a username and password is a basic, single factor of authentication. 2FA adds a second level that works in conjunction with the username and password. Now, before you decide that 2FA is too complicated for you, stop! It’s easy and you’ve been using it for years, probably without realising. 2FA is the combination of something you know (your password) and something you have (a security fob or one-time code). We’ll discuss types of 2FA on the market a little later but if you consider, for a moment, your Current Account bank card (something you have) and your PIN (something you know), you will see you have been using 2FA for a very long time.
Username + password = inadequate Simply relying on a username and password does not provide an acceptable level of protection. If you don’t believe me, why not ask your clients and instructing solicitors? Passwords are often shared with others, not changed regularly and can easily be captured by the bad guys – by watching over your shoulder or using (cheap) software to capture your keystrokes, for example. If you rely only on a username and password, then as soon as another person uses those credentials, the computer system will authorise their access and your data is at risk. Bad times. By adding 2FA to the mix, if someone else knows your password, they still cannot authenticate, as they don’t have the second factor. There is no breach of security and your system is safe. Good times. What does 2FA look like? 2FA comes in many forms and, like most things, some are better than others. More traditional options saw the use of ‘tokens’. Users press the button to receive a onetime code, valid for only a short time, to enter along with their password. More modern approaches utilise the one thing people have with them all the time – their mobile phones. Various vendors use Apps or secure SMS messaging to deliver the one-time code. Your IT department LAWTECH February 2015
31
OPINION
can increase security levels based on your geographical location or even the time of day that access, via 2FA, should be allowed or revoked. I bet it is really hard to use No, it really isn’t! Press the button or wait for the SMS – then type the code into your authentication page for your Firm’s/ Chambers’ remote access. Do I have to use it in the office? Not necessarily. Your administrator can determine when 2FA is required. For example, you may consider your office secure, and therefore 2FA would not be required when logging on from that location – but from any ‘untrusted’ location (a hotel or coffee shop for example), 2FA would be a requirement. Will 2FA keep me safe from hackers? In part, yes. But it is just one piece of security in what should be a multi-layered approach that embraces firewalls, BYOD, secure email, mobile devices, encryption and so on. Alone, it will not make you cyber-proof – but it will help to ensure that only those on your invite list get to join your party. Hacking has become a successful ‘business’. So successful in fact that it is now more profitable than drug-related crimes. The number of breaches continues to grow and, in 76 percent of all network breaches, the hackers exploit weak or stolen user credentials to gain access. Conclusion Twitter’s got it. Apple’s got it, too. Google, Microsoft, Facebook, and Amazon have had it for a while. It really is standard fare these days. So, come on, when will chambers join in?
About the author Matt Torrens, Legal IT expert and entrepreneur, has been providing secure, innovative, outsourced IT services to professional service firms for over 20 years. He co-owns SproutIT, a leading supplier of IT strategy and service to Barristers’ Chambers. www.sproutit.co.uk 32
LAWTECH February 2015
Data protection principles Schedule 1 to the Data Protection Act lists the data protection principles in the following terms: 1.
2.
3. 4. 5. 6. 7.
8.
Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless – • at least one of the conditions in Schedule 2 is met, and • in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed. Personal data shall be accurate and, where necessary, kept up to date. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. Personal data shall be processed in accordance with the rights of data subjects under this Act. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
LEGALTECHNOLOGY
SECURE DATA TRANSFER eDX gives legal professionals peace of mind
By Paul Doble, Chief Sales and Marketing officer at DX 2014 saw a host of high profile security breaches, including iCloud, Sony, JP Morgan, and HSBC, during what has been coined ‘the year of the security breach’. However, it is not just well known, international businesses who are suffering the consequences of security issues. Organisations of all sizes, and in all sectors, have been affected by instances of data loss over recent years. What makes law firms special? In the corporate world, law firms in particular possess large amounts of highly confidential data, and are subject to strict regulatory rules and fines for mishandling this data and for any information loss. Because of this strong responsibility to keep information safe, it is essential that members of the legal profession prioritise data protection. Apart from hacking and external attacks, technology causes other types of information loss. Sensitive data can easily be transferred onto removable devices such as DVDs, data sticks, etc., often without encryption, making it less secure, harder to contain and easy to lose track of. In addition, most businesses now use email as their primary means of communication, which can be a problem if information is unintentionally sent to the wrong person or intercepted by hackers. DX’s 2014 Information Security Survey, which surveyed 100 legal professionals in the UK, found that 57 percent of recipients deemed email to pose the biggest risk to data security, compared to 24 percent for a physical breach. It also showed that almost a third felt that information security had been threatened by email communication in the past year, with 55 percent of those questioned knowing of cases where emails were sent to the wrong recipients. As such, even if a firm manages to protect itself against a malicious attack, security breaches are only ever a click away.
Secure email encryption In response to the perils of the digital age, DX has developed a new secure electronic document exchange service, called eDX, which provides 128-bit encryption of sensitive data. Traditionally, the company has concentrated on physical document transfer by courier, but now its customers can share all electronic forms of communication through this new service. Powered by Egress Switch, the only UK Government certified email encryption product, eDX allows law firms to send emails and files of any size and format safely. The secure encryption ensures that, if intercepted or sent to the wrong recipient, information within emails (or documents encrypted on a physical removable device) will not be readable. The service also offers a central management and reporting functionality for those responsible for data security, meaning that information can be tracked at all times and access controlled by timeframe restrictions imposed on recipients. In addition, if users decide they no longer want the recipient to read the content, the sender is able to stop the email being opened. In cases where an email is forwarded to third parties, the original sender will be asked for consent before access is granted. As a result, senders can retain full control over who sees their emails. eDX is designed to fit with existing email servers such as Microsoft Outlook, and can be accessed on the move from apps on iPhones, Android, and other electronic devices. The service is easily installed, and once users receive their license, they can begin sending highly secure, encrypted content from any device or location. Future proof The launch of eDX came at a crucial point for the legal industry. Not only does it
mirror the risks posed by the increasing use of technology within firms, but it can also help them comply with upcoming EU Data Regulations, set to come into force in 2017. These include tougher security requirements, a strict 24-hour time frame for reporting data breaches, and fines set to exceed the existing £500,000 for companies that breach them. Our 2014 Information Security Survey revealed that one in ten legal professionals did not know if they comply with existing regulations. This clearly demonstrates that attitudes towards information security still need to be improved if legal firms are to ensure maximum confidentiality for their clients while avoiding hefty fines. Conclusion Legal professionals need to recognise and address the risks associated with the increased use of digital technology, and understand that they can now maximise the many advantages of email and electronic file transfer without compromising safety. In short, the legal industry must be willing to update its traditional processes in order to cater for modern requirements.
About the author Paul Doble is an Engineering graduate with an MBA from Henley Management College. Before joining DX in 2007, he held senior business development roles in blue chip organisations such as BT, ICL and Fujitsu. www.dxdelivery.com/corporate/ services/edx/ LAWTECH February 2015
33
BETTERBUSINESS
EU CHANGES AFOOT
ARE YOU READY? You need to plan now for the upcoming EU General Data Protection Regulation By Paul Doble, Chief Sales and Marketing Officer at DX
34
LAWTECH February 2015
BETTERBUSINESS
The new EU General Data Protection Regulation is set to be adopted towards the end of 2015, with enforcement currently expected in 2017. While the finalisation of the regulation has experienced some delays, and is still going through numerous amendments based on objections from various parties, firms cannot afford to be lulled into a false sense of security. On the contrary, the slow advances hint at substantial changes to the existing regulations, which will be updated to more accurately reflect and respond to the internet age. The EU General Data Protection Regulation is expected to introduce the following measures: • Tougher consent requirements when obtaining personal data from individuals • Strict 24-hour timeframe to notify EU Regulatory Authorities of data breaches • The new ‘right to be forgotten’, which requires data controllers to delete data that is no longer relevant and ensure deletion by third parties • The compulsory appointment of data protection officers for all public authorities and companies processing more than 5,000 data subjects a year • The application of the legal requirements to non-EU data controllers processing European citizens’ data In addition, potential fines will increase significantly for those who fail to comply. The existing penalty for a breach in the UK is £500,000, but the new regulations are predicted to enforce fines of up to 5% of a company’s annual revenue, or $100million, whichever is most severe. Time to prepare Towards the end of 2014, Legal Futures reported that 15 incidents of data breaches in the legal profession had been made in the previous three months alone, demonstrating a worrying propensity for secure information to be lost by firms in an industry that should be governed by confidentiality and sensitivity. This led the Information Commissioner to issue a warning to all legal professionals about the consequences of data loss and the potential fines for breaches, and to remind the legal industry that more needs to be done to keep secure client information safe. In response to this, and in anticipation of the updated EU General Data Protection Regulation, DX commissioned research of legal professionals in the UK to gain insight into current attitudes and concerns surrounding data protection. Its 2014 Information Security Survey revealed that one in 10 legal professionals don’t know if they comply with current regulations – a worryingly high statistic. Such findings suggest that firms must take action now to address their data responsibilities and prepare for reformed regulations, as well as ensuring they are compliant with current laws. Changing with the times Few would argue that the EU’s existing General Data Protection Regulation is fit for the modern age. When these regulations were issued in 1995, the internet and many of today’s digital devices were far from dominating the workplace as they do now. As
such, challenges posed by the internet, digital communications, malicious attacks, and cyber fraud were not accounted for, making the regulations now hugely outdated and arguably inefficient for modern day law firms. The Association of Corporate Council recently reported that law firms consider themselves exempt from targeted hacks and cyber threats, which have been rising in frequency for UK businesses. It notes that far from being immune, legal institutions and professionals must be addressing online security as a high priority, as no organisations are safe from the threat of cyber crime, which is set to significantly exceed previous years. DX’s survey shows that lawyers are not acknowledging this high level of risk, with 26% saying they felt no risk to data security from criminal attacks. Even among those identifying a potential danger, a further 26% felt that the risk was fairly small, with only 5% concerned that attacks were a large risk. Tightening security through communications The growth of digital communication means that over 100 billion emails are now sent by organisations each day. This figure represents a dramatic rise from the figures of 1995 and highlights the need for greater regulation in this area. Despite the growing propensity for malicious attacks on digital communications, human error in email messaging was deemed the most critical danger to data protection by legal professionals according to the DX findings. The survey revealed that only a third of respondents (35%) could say that email had never compromised data security and 55% knew of cases of emails being misdirected – 80% of those to at least one external recipient. These figures alone demonstrate the need for secure email encryption in the transferring of confidential data across the internet – especially in the legal industry, where such sensitive information is being shared all the time. However, as well as digital communications, legal professionals must remember that the traditional transfer of physical documents and digital media via mail or courier networks also requires a high level of security. Firms cannot afford to be lax when it comes to sending hard copy documents and materials such as CDs and USBs, which are still sent daily by legal institutions and carry the risk of potential data breaches if not handled appropriately. The reformed EU General Data Protection Regulation will outline strict requirements and penalties for all forms of data breaches, and fundamentally address the technological advances that have changed the face of data protection. As such, encryption should be seen as a baseline procedure for the legal industry, not only in answer to regulatory requirements, but also to maximise client confidentiality, avoid substantial penalties, and maintain the reputations of firms and the industry as a whole. About the author Paul Doble is an Engineering graduate with an MBA from Henley Management College. Prior to joining DX in 2007, he held senior business development roles in blue chip organisations such as BT, ICL and Fujitsu. www.dxdelivery.com LAWTECH February 2015
35
BETTERBUSINESS
THE FUTURE OF LEGAL
CONTACT CENTRES
Grégoire Vigroux explains how Generation Y is transforming the legal contact centre By Grégoire Vigroux, Director at Telus International
36
LAWTECH February 2015
BETTERBUSINESS
The contact centre of 2014 is already almost unrecognisable from the call centre of 1984, 1994, even 2004. It is hard to think of a sector that has been through more change. Yet within the next few years we will witness another revolution in the world of the contact centre. This matters to anyone in business, and not just in the legal world. As more and more business processes are outsourced to specialist contact centres so increasingly the ability to find the best contact centre provider and then manage that resource is becoming a key business attribute. Multinational contact centres In the contact centre industry, while local providers will continue to provide their services to local firms, only global players will be able to serve the multi-nationals. Globalisation is in full swing: in the contact centre field, as in many others, market integration and increasing international competition are realities. Successful contact centres are choosing to internationalise and become stronger financially in order to adapt to the new demands brought about by their clients’ international development. Only global contact centres with platforms capable of serving dozens of languages, preferably from a single site, will be able to provide the global multilingual solution major contractors desire. In addition to this, the management of call centres – especially in the legal space - has become more professional. Whether local or global, this sector attracts more and more graduate managers and career consultants, compared to a few years ago when small entrepreneurs dominated the field. Staff attrition Staff retention has been a perennial problem for the contact centre industry. According to a study in 2014 by Everest Group Research, entitled `The Business Impact of Contact Centre Attrition’, it is now possible to quantify the operational costs and loss of revenue directly caused by staff departures. According to the study findings, “a typical U.S.-based 500-person contact centre with a 30 to 50 per cent annual attrition rate could suffer a net loss of US$1-2 million in business value across cost and revenue over one year.” The issue of contact centre attrition rates is obviously not new to the contact centre industry. What changes, however, is industry leaders’ awareness of this topic, and their ability to address it. Generation Y Generation Y (Gen Y) – those born between 1980 and 2000 – is the new labour force for the sector. These individuals already account for 80% of the total number of employees in some contact centres. This generation is also on the ‘other side of the phone’, because its members are keen consumers, accounting for almost US$200 billion in spending per year worldwide. Excellent multi-taskers. Generation Y grew up surrounded by computers, mobile devices and video games consoles. This generation is confident with technology but it also has a shorter
attention span compared with previous generations. The Internet puts everything at Gen Y’s fingertips. As a result, Gen Y has grown accustomed to rapid shifts in attention, with focus tending to wane after about 15 minutes. Gen Y makes decisions based on consensus – usually by checking social media. Gen Y members are team players and love helping to solve complex problems collectively. Corporate culture Building a corporate culture that reflects the qualities of Generation Y is a major challenge for most companies. In contact centres we find many examples of highly motivated employees who have managed to affect positively the curves of certain brands’ customer satisfaction. Managers are now taking more seriously the task of implementing a strong - and consistent - corporate culture, since studies have shown its impact on profitability. Experience also teaches us that culture, to be effectively implemented, must be disconnected from service levels and purely financial incentive methods. Value-adding partners To survive, contact centres can no longer limit themselves to being mere suppliers or sub-contractors. Today, they must fully understand the processes of their clients and be able to evaluate and improve them. The goal is to deliver real economic levers to their clients, acting positively on costs, as well as on the quality and productivity of their work. Contact centres of the future will no longer be simple platforms mechanically applying procedures. A handful of companies in Europe have already anticipated this development, shaping their entire supervisory staff using Six Sigma or other process improvement methodologies. Conclusions Welcome to the contact centre of the future. It may be a multilingual and global player or it may be more local. Either way, Generation Y will be the main driving force. Law firms’ demand for a low-cost service and immediate gain will gradually fade, giving way to a more strategic model of outsourcing their contact centre operations.
About the author Grégoire Vigroux co-founded CallPoint (now TELUS International Europe) in Romania in 2007. He is Marketing Director for Europe and is also in charge of the company’s Corporate Social Responsibility. www.telusinternational.com Everest Group report: tinyurl.com/lougfgs
LAWTECH February 2015
37
ITSYSTEMS
DESKTOP STRATEGY: WHY VIRTUALISATION IS NOT THE (ONLY) ANSWER
38
LAWTECH February 2015
ITSYSTEMS
Kevin Linsell explains why virtualisation may cause legal and regulatory headaches...
By Kevin Linsell, Head of Service Development at Adapt
Five to ten years ago, many organisations did not have a desktop computer strategy at all - a desktop was simply an end-user device, with a specification based on need and budget. Often, little thought was given to the cost and complexity of managing these devices over their lifetimes and even less thought given to the business impact of these devices going wrong or being lost/stolen. However, the consequences of losing a device can be serious, particularly if an organisation - such as a law firm, for example - is subject to formal regulation. Ignoring the obvious data loss and security repercussions, from a pure cost perspective, the implications can be significant: in 2007, Nationwide Building Society was fined £980,000 by the Financial Services Authority for the loss of inadequately secured laptops and, in 2013, Glasgow City Council was fined £150,000 by the Information Commissioners Office for the same reason. Why a desktop strategy? Quite simply, the role of the desktop has changed within business, as a wider percentage of employees now rely increasingly on computing for everyday tasks. This is especially true in the legal sector. Then there are the issues of regulation and governance of data security plus protection - most professions, including the legal space, have seen a significant tightening of regulations and enforcing agencies, including the Data Protection Act, Financial Conduct Authority (FCA), Payment Card Industry Data Security Standard (PCI DSS) and Solvency II to name but a few. Other issues that may drive the need for a desktop strategy include: • Technology evolution has enabled better management and control of end user devices • The recent economic climate has forced businesses to try and reduce costs wherever possible
LAWTECH February 2015
39
Subscribe now to LAWTECH magazine LAWTECH The Law Technology Magazine
Issue 1 | October 2014
LAWTECH is the UKs first publication totally dedicated to the subject of technology with the legal practice. LAWTECH reaches an audience of over 5,000 individual subscribers on a quarterly basis, delivering them upto-date information on this fast paced
IT + Legal = Efficiency The right to be forgotten examined...
Knowledge management in the spotlight...
subject, enabling them to utilise the latest cutting edge technology and its unlimited opportunities for collaboration to enhance and grow their practice.
If you’re interested in subscribing to the magazine, visit the subscription page on the website at:
www.lawtechmagazine.com
26, St. Thomas’ Place, Ely, Cambridgeshire CB7 4EX
01353 644055/644060
The missing link in legal IT...
ITSYSTEMS
• •
The drive to support an increasingly mobile and geographically diverse workforce The acceptance of mobiles, smartphones and tablets within business, often driven by senior management who have first adopted these premium devices in their personal lives
The last item is partly evidenced by the massive decline in the sales of PCs (currently down ten per cent year-on-year) and the slump in profits reported by some of the major business computer manufacturers. While no single major event has driven the need for businesses to create and implement a desktop strategy, a combination of factors including those mentioned above now make this a key part of a business’ overall IT strategy. What does a desktop strategy have to cover? There is no single correct answer to this as every legal business has a different set of requirements and drivers, but a typical checklist would include: • • • • •
• • •
•
Deployment of software updates and changes - both security/functionality and user/business request driven Hardware break/fix Asset management: software licensing and hardware Security and compliance: information and data security (physical and electronic) ‘Evergreening’: the ability to refresh any aspect of the desktop (hardware and software) over time to avoid end of life/support issues End user support and assistance: helpdesk, local resources, training etc. End device selection, based on a pre-defined internal product catalogue Technical specifications to meet the business and end user needs - performance, size, weight, battery life, screen size/quantity, power consumption, noise, etc Functional requirements to support disability requirements - screen readers, text to speech, speech to text, braille keyboards, etc
massive decline in PC sales
•
• • • •
Remote and home working policy, including Bring Your Own Device (BYOD) - not just an IT policy but heavily aligned with, or even owned by, HR Applications specific to user roles, based on a pre-defined internal software catalogue: What versions of core applications and operating systems? Availability and entitlement to business software tools Roadmap for applications aligned with evergreening policy and software licensing agreements
Challenges The challenge that many organisations face is how best to deliver against these strategic requirements. This challenge is frequently made tougher by an existing broad range of operating systems, hardware and software and the need to do so with a static or shrinking budget. Add in the rapidly approaching (or passed) end-of-life status for many common Microsoft enterprise products - Windows XP, Office 2003, Server 2003 and Exchange 2003 - and the ability to deliver becomes very challenging. This, of course, prompts the understandable question, “Why won’t desktop virtualisation deliver a strategy?” It is important to understand that desktop virtualisation, virtual desktop infrastructure and hosted desktops are all terms used to describe the delivery of a desktop from a central location to end user devices. The technology to deliver desktop virtualisation has been around for a few years now, but uptake has not been as rapid as the industry and analysts predicted, mainly due to complexity and cost. LAWTECH February 2015
41
ITSYSTEMS
The details of the solution and its benefits are beyond the scope of this article but Brian Madden, my favourite visionary and authority on virtualisation, provides plenty of information at www.brianmadden.com
• • •
Ten years ago Server virtualisation has been accepted for several years but 10 years ago it was not practical. The primary reasons were technical incompatibility, lack of vendor support, performance and network availability issues. The parallel today is that a strategy to virtualise every desktop is not viable for most organisations, for very similar reasons. Many of those server virtualisation barriers have now been removed as acceptance has grown and vendors have responded to demand with improved products. Desktop virtualisation however is late to this party and has not had the major market acceptance (yet) that server virtualisation has enjoyed. At first glance, it would seem that desktop virtualisation could deliver many of the requirements of a desktop strategy. This raises the inevitable question, “What are the barriers to desktop virtualisation?” Desktop virtualisation is not always appropriate for a number of reasons. Some of these will be a major influence on any decision to deploy (or not) desktop virtualisation in an organisation:
Cloud Expo survey results A vox pop survey of senior IT decision makers at the 2014 Cloud Expo Europe event revealed that nearly half (45 per cent) of all respondents will have outsourced their core IT by 2017. The survey of 78 attendees at Cloud Expo asked respondents how they would define the role of IT within their business in the next few years. Only four respondents felt that it would stay the same as today, while the majority felt the use of outsourcing for their core IT would accelerate. Key statistics of the survey include: • •
45 per cent of respondents will focus on innovation inhouse and core IT will be outsourced A further 22 per cent of respondents believe that there will be acceleration in the outsourcing of IT within their organisation
The results of the poll very much reflect what I and my team are seeing from our day-to-day conversations with customers. For organisations working with a trusted managed services provider, it makes sense to outsource core IT elements, freeing up the in-house IT team to facilitate business development. As more organisations in the UK embrace the cloud, we can expect to see this trend continue.
42
LAWTECH February 2015
•
•
•
Upfront design and software/hardware investments can be significant ahead of any live deployment to end-users The duration of the design, test and deployment phases can cause a lengthy delay to benefit realisation Dependence on network availability and performance can be particularly challenging to some remote locations or mobile workers Licensing complexity and costs, particularly for Microsoft desktop operating systems, threaten any business case return Application compatibility and performance require testing. The more applications an organisation has, the bigger this task Management and deployment of patching, updates and applications is still required but often delivered in a different way to traditional desktops. This can increase costs and complexity
Conclusions So what should the strategy look like? My conclusion and recommendation to satisfy all these requirements, drivers and challenges is to avoid boxing yourself into a strategic corner. Desktop virtualisation is not the (only) answer, but rather a key and growing part of the overall desktop strategy. Take the barriers to desktop virtualisation and look to the industry and your strategic partners for solutions. A recent evolution in the market is to offer Desktop as a Service (DaaS) - effectively cloud-based desktop virtualisation with access through an app or a web interface. This is important because it can accelerate your benefit realisation by eliminating much of the upfront investment typically required for infrastructure and design. A DaaS partner will also be expert in helping you navigate through the licensing complexities and the user scenarios best suited to desktop virtualisation. Blend DaaS with traditional desktop delivery and you will have a desktop strategy that is flexible enough to cope with whatever the business demands of you, while also meeting your key drivers and requirements. Over time, the percentage ratio of DaaS to traditional will change, in much the same way the industry has witnessed between virtual and physical servers. Make DaaS your preferred solution and traditional the exception. Each business will be different but today that ratio tends to be around 80:20. How quickly you get there will depend on your starting point and the compelling event driving the change.
About the author Kevin Linsell heads up service development at Adapt and has over 20 years of experience in the telecommunications, managed services and IT sectors in both R&D and commercial roles. www.adapt.com
In the next issue of LAWTECH…
In the next issue... As you may have noticed, cloud computing and security feature highly in this Issue of LawTech magazine. This will continue in Issue 3 and beyond, as these two topics come up time and again when discussing IT matters with the legal professionals featured in this publication. Cloud computing, we know from experience, is important owing to the cost efficiencies it generates – upwards of 60 percent cost savings are possible with the right system. Effective IT security, meanwhile, is also top of the legal agenda, owing to the draconian penalties that various bodies can impose if your security is breached. And this is before we even begin to discuss the effect on your reputation…
• Software buying advice • Securing your information • Automated document building • Ensuring server reliability • Information retrieval
LAWTECH
e v a H you heard? Proclaim® is the only Practice Management Software solution Endorsed by the Law Society. It speaks volumes that Proclaim, Eclipse’s market-leading system, is the solution of choice for 22,000 legal professionals in 800 organisations. Proclaim encompasses practice, case and matter management, and is now the only system to be endorsed by the Law Society.
From new start-ups to industry heavyweights, Proclaim is the system of choice for forward-thinking law firms. • • • • •
Fully integrated Practice Management Software solution SAR-compliant legal accounting End-to-end case and matter management workflow processes Ready-to-go workflows for specific practice areas Fast to implement, easy to use
Contact
e the Proclai se – n o ti ra st n o em d us for a
CALL 01274 704 100 www.eclipselegal.co.uk/lawsociety lawsociety@eclipselegal.co.uk
m difference