Legal IT
Circa 2002 -2004 Articles



In 2002 Global Professional Media's Legal Week was named best business and professional magazine at last year’s PPA. Global Professional Media also published the monthly titles Legal Director and Legal IT. For a number of years this was the website for Legal IT
Content is from the site's 2002 - 2004 archived pages providing a glimpse of the type of articles offered to its readership.

Premium content is reserved for Legal Week Subscribers.

A PREMIUM SUBSCRIPTION PROVIDES:

  • Trusted insight, news and analysis from the UK and across the globe
  • Connections to senior business lawyers within the leading law firms and legal departments
  • Unique access to ALM's unrivalled, market-leading reporting in the US and Asia and cutting-edge research, including Legal Week's UK Top 50 and Global 100 rankings
  • The Legal Week Daily News Alert, Editor's Highlights, and Breaking News digital newsletters and more, plus a choice of over 70 ALM newsletters
  • Optimized access on all of your devices: desktop, tablet and mobile
  • Complete access to the site's full archive of more than 56,000 articles

POSTS

 

19 March 2004

Linklaters secures Fast accreditation with audit

Global giant becomes first major firm to complete audit for IT lobby group

Linklaters is the first international law firm to complete an IT audit of its UK offices on behalf of the Federation Against Software Theft (Fast), a local software industry lobbying group concerned with revenue protection issues. 


Linklaters has consequently been awarded ‘Fast gold certification’ status by the group -– which constitutes ‘proof’ that the firm is free from unlicensed software across all its 2,500 users’ desktops.

According to Fast Consultancy Services, which carried out the audit alongside Linklaters’ IT staff, the work was accomplished in record time for an organisation of this size — taking just 12 weeks to complete.

The audit was made easier because Linklaters operates a thin-client environment, where nearly all software sits on centrally controlled servers and is operated remotely from users’ computers, rather than being loaded onto users’ PC hard drives. 

Linklaters claims that its Fast audit will result in savings to the practice of about £1m over the next five years, because the auditors discovered hardware and software surpluses, which may now be eliminated.

The Fast consulting team conducted their audit in three phases, starting with a walk-round audit of the firm’s 4,000 laptops, desktop PCs and servers, which delivered a comprehensive asset register and identified a hardware surplus.

An analysis of how staff used the firm’s software identified a range of software license duplications and shortfalls which, once reconciled, will generate license savings of £200,000 per year, according to Fast.

The third phase was a round of discussions with software vendors to find and collate license information. 

This has created a ‘documentation library’, proving Linklaters’ software compliance for all the applications used across its UK thin-client environment.

A statement issued by Fast cites Linklaters as “the only global law firm to have achieved full software licensing compliance”

Author:Legal IT Source: Legal IT
Start Date: 05/02/2004

~~~~~~~~~~~~~~~~~~~

 

Ringrose installs major Axxia IT upgrade

Legal IT reports

The Ringrose Law Group is in the midst of a substantial IT upgrade.

The 130-fee earner firm has installed an Axxia IT solution involving Artiion accounts, Case Manager and e-Case and Axxia KPIs, the management information tool, as part of an Axxia desktop solution. 

Axxia was chosen to replace its previously preferred technology partner, Mountain, after an extended period of beauty parades and demonstrations from a number of different vendors. 

According to Ed Moss, the chief executive of Ringrose, the clincher was the live demonstration of the product at another firm in the Midlands and talking to the staff there. 

In addition to the change in practice management software, Ringrose has completed a roll-out of new hardware involving 130 new Dell workstations and laptops for its team of criminal lawyers, new servers and digital photocopier-printer machines. 

In-house training is going to be a big part of the IT upgrade and will involve at least one member of the four-person IT team in a full-time capacity. 

The roll-out is expected to be completed by the beginning of March. This should be accelerated by the use of a scorecard reward system for equity partners which will base remuneration on how well they do in areas such as finance, client care, staff and risk.

Author: Legal IT 
Source: Legal IT
Start Date: 05/02/2004



24 April 2003

 

 

Blake Lapthorn picks Plumtree for merger

Legal IT reports

Vivien Eaden    

Southeast regional firm Blake Lapthorn is set to roll out Plumtree Corporate Portal to help ease the integration of its IT systems during the upcoming merger with Oxford commercial firm Linnells.

The merger is effective from 1 May and will create Blake Lapthorn Linnell, a 79-partner regional practice — one of the largest in the southeast. 

Initially, Plumtree will be deployed as a platform for the firm’s intranet and general public website, but client extranets and improved remote working facilities are planned for the medium term. 

During the merger process, Blake Lapthorn’s IT department will overlay the portal in the two firms’ intranets, giving all fee earners access to both firms’ intranet content. Over time the portal system will provide a new, firm-wide intranet and the old ones will be retired.

Roger Wheaton, head of marketing at Blake Lapthorn, said the new intranet would boost efficiency by enabling management to push information such as internal memos and client- or matter-related background to the relevant communities in the firm, reducing telephone calls and e-mail traffic. 

He added that Blake Lapthorn had noticed an increasing demand from corporate clients for extranet facilities, but that the firm would work with individual clients to deliver these services rather than putting together a generic package.

Blake Lapthorn has previously used an external design company to host and run its public website, but the new site for the merged firm will be hosted internally and the content maintained and managed by the marketing department.

In the past, half the battle had been keeping the website up-to-date because all amendments had to be carried out by the hosting company’s designers, rather than by employees of the firm, Wheaton said. 

The firm’s IT and marketing departments were already working on a portal project prior to the merger discussions, but this project has been expanded and the timetable for implementation has been brought forward so that the roll-out coincides with the merger. 

Wheaton said: “At the beginning we will keep the intranet simple — portals can be very complicated beasts.” 

He added: “Strategically, we will explore the area of online legal services, but we will probably not try to develop our own [products] because the firm is not heavily focused on bulk legal work.”

Four IT staff — two from Blake Lapthorn and two from Linnells — will be working on the portal. 

Vivien Eaden, IT director at Blake Lapthorn, said the first priority was creating the new website, followed by the intranet, but in the long term she hoped to design a virtual desktop environment for the firm’s lawyers, providing access to all core applications through the portal. 

Eaden, who was hired as IT director last year and has since focused on the portal project, said the IT department was designing workflow that would enable the lawyers to load content onto the portal themselves, with the IT function acting only as an administrator.

She said: “Early on in the project we want to provide key clients with extranets so they can access their own information.”

Blake Lapthorn will be the first UK law firm to run Plumtree, but a number of firms around the world, including San Francisco’s Morrison & Foerster and Blake Dawson Waldron in Sydney, have been using it for some time.

Author: Legal IT
Source: Legal IT
Start Date: 03/04/2003

~~~~~~~~~~~~~~~~~~~~~~

Firms’ turnovers outstrip technology spending
The UK’s major law firms are spending proportionally more of their IT budgets on technology staff and less on software, according to a survey conducted by Legal IT in conjunction with Ramesys.<...

Morisons signs up with Scotland On Line
Morisons Solicitors — half of the Morison Bishop partnership that demerged last year — has signed a two-year deal with Scotland On Line for provision of a secure networking service between the firm’s ...

Doolan changes Eversheds role
Kevin Doolan, head of e-strategy at Eversheds, has moved to a more general role within the firm as head of business development with a major focus on pricing. Day-to-day management and control...

Mayer Brown set for compliance roll-out
US/UK firm Mayer Brown Rowe & Maw is set to roll-out an IT-based compliance system from Semagix in its London office to comply with new money laundering regulations. The move to install Semagi...

Netherlands’ Stibbe implements WorkSite across four offices
Stibbe, a major international firm based in The Netherlands, is set for a firm-wide roll-out of iManage WorkSite as its central document and content management system. The move to standardise ...

Red Letter day for trio of firms
Three law firms — Bevan Ashford, Silverbeck Rymer and Watson Farley & Williams — have adopted the Red Letter secure e-mail system from Meticulus Solutions.The firms will be using Red Letter to...

London pair get BigHand for digital dictation
Two London-based commercial firms — Finers Stephens Innocent (FSI) and Wedlake Bell — have adopted digital dictation workflow technology from BigHand. Wedlake Bell has completed its roll-out o...

Archive-it unveils MailStore v2
Archive-it, a UK-based developer of e-mail archiving software, has launched version 2.0 of its MailStore product. MailStore is built specifically to meet the requirements set out in the Britis...

Budgets: Value for money
A senior technology manager at a major US law firm recently shared with me a conversation he had with the partners about the firm’s IT budget. While he thought the IT group had made great strides in t...

Security: A question of security
When it comes to discussing security, most IT directors will insist on keeping their mouths firmly shut. But as information and content security remains a sprawling issue that IT directors and chief i...

The Legal IT managed services survey
Historically, outsourcing has found little favour with law firms and the UK market has been particularly tough for providers to crack. The legal sector is somewhat out of step with other industry sect...

The perfect partner
When a respected analyst house like The Yankee Group suggests that the web hosting market in Western Europe is set to be worth around £5.2bn by 2006, it is little wonder that there are so many compani...

~~~~~~~~~~~~~~~~~~~

 

Morisons signs up with Scotland On Line

Legal IT reports

Morisons Solicitors — half of the Morison Bishop partnership that demerged last year — has signed a two-year deal with Scotland On Line for provision of a secure networking service between the firm’s three offices in Edinburgh, Livingston and Glasgow. 

The new infrastructure will consist of dedicated, leased line links to the web coupled with data encryption facilities, managed firewalls and a virtual private network to enable remote working. 

Andrew Getley, systems manager at Morisons, said: “When the requirement to include the new Glasgow office within our network became apparent we needed a complete end-to-end solution. The connections are fully maintained and constantly monitored by Scotland On Line, which allows us to concentrate on our core business.” 

He said: “The added bonus of allowing key members of staff to connect to their business systems from home clinched the deal.”

Author: Legal IT 
Source: Legal IT
Start Date: 03/04/2003

~~~~~~~~~~~~~~~~~~~

Security: A question of security

Responsibility for information and content security regularly falls to the chief information officer or IT director in a law firm. However, this kind of approach begs the question of who takes the obligation at the front-end for protecting the value of the firm, writes Jody Raynsford.

When it comes to discussing security, most IT directors will insist on keeping their mouths firmly shut. But as information and content security remains a sprawling issue that IT directors and chief information officers (CIOs) of law firms are having to wrestle with, discussion of the perceptions and attitudes towards security is becoming necessary.

“With the exception of the top tier of law firms, the standard of information security displayed by the legal profession is below that seen in the rest of the corporate world,” explains Alex Fidgen, strategist for MWR InfoSecurity.

“The legal sector is one that has yet to experience a serious, public news-making breach. With the lack of awareness by partners towards information security, it is an accident waiting to happen.

“The implications are very serious. The trouble is, law firms tend to be very reactive and not particularly proactive. For the law firm that experiences the first public breach, it is going to be too late to implement the measures and the technical testing,” Fidgen says.

The message is rather stark, but the priority given to information security issues and the threat of attack has resonated through all industries, with the legal sector finding itself lucky with regard to being targeted.

Yet it is clear that information and content security is being given the attention it deserves by IT directors in law firms — and the consequences of neglecting this is fully appreciated by every director or CIO surveyed.

Echoing the thoughts of other IT directors, Chris Roberts, IT director at Simmons & Simmons, says: “Our priorities are twofold. Firstly, in the protection of data and the network environment and secondly, recovery in the case of business continuity. These are the two key areas we need to focus on.”

The 2002 Department of Trade & Industry (DTI) Information Security Breach Survey found that 44% of all businesses questioned had, at one point, suffered a serious security breach, where actual damage had been caused. However, some IT directors have changed their focus from external threats to internal ones — and for good reason. According to the DTI survey, a startling 48% of large companies surveyed placed the blame for their major security breaches firmly with their employees.

Internal hackers or disgruntled employees are obviously well placed to commit information theft, sabotage or compromise sensitive information. But a further, less likely, threat comes from incompetent employees. Something as simple as opening an executable in an unidentified e-mail can unwittingly begin a chain of events leading to severe network disruption.

“Our priority with regards to IT security is protection from internal threats — whether they are malicious or not,” says Stewart Thompson, practice manager for Martin Tolhurst Partnership. “Most breaches that occur on the network are carried out inadvertently by users. Our main concern is bolting down the network so we can minimise the risk of someone inadvertently damaging important parts.

“We do issue guidelines and police it regularly. If we see a breach or potential breach, we deal with it and make it public — not to embarrass the person so much as to let everybody know what the problems are,” he adds.

Hackers will always look for the easiest route into a network. In most cases, it is not surprising that this is not necessarily technical. Before even sitting down to a hard day’s hacking, other more straightforward routes are exhausted first. 

Far more effective than technical skills is the ability to elicit the username and password from the user or even the IT support helpdesk. With a stolen laptop, a hacker can obtain access and wander through the system virtually undetected until the alarm is raised.

While early warning and intrusion detection are good measures, prevention through awareness remains the most effective method.

“With regard to working practice, we have a strict protocol,” says Dick Seyer, IT director at Bevan Ashford. “It is about 50:50 in the division between developing good working practice and using technology for security. We make a big issue of it.”

Effective technology and best practice become even more imperative considering the extent of most law firms’ external activity. Remote access solutions, home workstations, extranets and wireless communication devices have brought with them new security issues and a greater risk of breaches as the perimeter of the network expands.

“First priorities should be to eliminate or encrypt data on portable devices and secure your firm’s perimeter and sensitive communications,” says Simon Earnshaw, director of information technology at Dickinson Dees. “Internal security takes longer, because it is largely about education and awareness, so start now and stick with it.”

“We adopt best practices for remote access with certificated, two-factor authentication,” says Martin Telfer, CIO at Minter Ellison. “But all this is easily undone by having passwords under keyboards, on post-it notes or even, in a previous firm, a PIN painted in Tipp-Ex on the back of a SecureID token. Security is a state of mind, not a set of policies and tools.”

The high possibility of human error underpins the necessity of effective protocols.

“We follow up on security lapses when people do this, but unfortunately you cannot account for human error,” says Simmons’ Roberts. “All we can do is keep in line with policy and keep monitoring. In line with industry best practice, passwords are centrally controlled. We identify people who are misusing or violating the policy.”

However, one IT director is less confident about the ability of fee earners to implement security policy: “We have deliberately limited reliance on the human factor as far as possible.”

Once an effective protocol has been formulated and implemented, it can drive the technology by tightening the business process and procedures surrounding it. An effective and multi-faceted anti-virus strategy is essential in eliminating the risk of a serious breach.

“The threat is real,” says Mick Campbell, IT director at Blake Dawson Waldron. “It is for any connected enterprise and we are adequately addressing this threat. We are not following any particular standard, such as ISO 17799, but instead have taken parts of many recommendations to form a response that meets Blake Dawson Waldron’s needs.

“Our anti-virus strategies are designed to provide multi-layer virus detection and eradication, without limiting our ability to communicate effectively with clients and business partners. We use anti-virus solutions from several leading vendors, generally with automated updates.”

Brian Collins, a consultant and ex-CIO at Clifford Chance, thinks the greatest fear for any law firm is denial of service attacks. “This is of much more concern, particularly with web-based services. Anything that takes out services like e-mail is of great concern,” he says.

“In order to prevent such things happening, the IT director must ensure two things. First, they have to be sure that virus-sweeping services are kept up to date. Second, they must ensure they pay attention to detail — you need a professional person who is dedicated to updating these things on a regular basis.”

Standards, such as ISO 17799, can assist in eliminating the threat of service denial. As a comprehensive set of controls comprising best practices in information security, the focus lies on both security and stability. Once a good information security policy is in place, it can often pre-empt many of the stability risks.

Like many others, Ashurst Morris Crisp’s director of IT Chris White believes the focus needs to be on e-mail security. “As that is the main contact we have with the outside world, if there is going to be any breach of security, that is the most likely area that it will come from. As a major concern of mine, it is where we are putting a lot of resources,” he says.

“The impact is certainly high,” adds White, who feels the problem lies with trying to identify what information would be of interest to hackers. “Rather than be complacent, there is a tendency to over-emphasise the value of the information that you hold.

“It comes back to this whole equation of getting the right level of security, but at the same time being able to do business. It is a judgement you have to make.”

“You have to apply some common sense,” says Bevan Ashford’s Seyers. “You want a very secure system, but you do not want it to be so tight that you stop people doing other things.”

IT directors are acutely aware of the need to balance security with business effectiveness. The balance lies on a very fine wedge and has repercussions in terms of buy-in and implementation for a new technology or working practice. Maybe for this reason, secure e-mail and e-mail encryption in law firms is predominantly client-led.

“We do not use proprietary encryption,” says Roberts. “Our own e-mail system has a degree of encryption built into it, but we would use secure 
e-mail if and when a client requests it. We have the facilities, but do it on a request basis, rather than securing every e-mail in and out of the organisation.

“You have to balance the use of e-mail against the fax machine, which has pre-dialled numbers stored on it, for example. Voice conversations on the telephone are unencrypted too, so let’s put e-mail in the same context and get it protected only when it needs to be,” he adds.

The labour and economic cost of e-mail encryption, or any other new technology, has to be weighed against the business requirement.

“I do not want a ‘truly secure’ e-mail system for every message we send if it costs a fortune,” says Mintor Ellison’s Telfer. “I need a range of solutions to meet client/lawyer needs for the particular matter. As we have a key client strategy, I see us setting up gateway encryption with them over time — this is safe, cheap and very simple for the end users.

“Encryption is still too hard for most people. In my experience, when they are shown the processes, the ‘requirement’ soon disappears.”

Many IT directors noted a breaking down of the resistance from fee earners for enhanced security measures as awareness has increased. But what has prevented further security technology from coming through? Why are law firms behind other sectors?

“While encryption technology is fully available in today’s security market, client-to-client encryption is so diverse an area; adoption of the right technology is paramount,” says David Lannin, managing director of security consultants, Assurix. “Many technologies have failed in their approach through lack of functionality. Others have failed due to complex management systems,” he adds.

Many technologies that are now available, such as PKI, digital certificates and biometrics, have yet to be adopted wholesale by law firms. While banking and other industry sectors have taken steps towards rectifying the problems traditionally encountered with some of these technologies, law firms have taken a wait-and-see approach.

While on paper many sound promising in terms of e-commerce benefits, keeping an audit trail and efficiency gains, legal IT directors on the whole appear ambivalent for various reasons.

“PKI is expensive and difficult to manage on any large scale and too complex for the end user to understand,” Minter Ellisons Telfer says. “You try explaining PKI to the average lawyer (or anybody else) — it is too hard for most techies. And one more step for every e-mail… a no go.”

Developing a successful information and content policy requires a number of components. The most important aspect is buy-in from the practice, with acknowledgment of the scope of security throughout the firm.

Blake Dawson Waldron’s Campbell says a good case and a persistent outcome-focused approach are key to winning management buy-in. “Proposed security measures that detracted from functionality or added to the cost of a business process were met with strong counter-arguments and we needed to spend a fair amount of effort in reworking those justifications,” he says. “In general, though, management understands that a part of their duty of care is to provide and ensure a secure environment.”

The 2002 Information Security Breach survey noted the mentality of many corporate firms in taking security in its narrowest sense to mean just technology. In order to avoid serious breaches, the entire culture of the firm has to be geared towards reducing complacency and tightening security. The tendency is to also see security as an issue for the IT department.

“With information security, the approach is so important,” says Trevor Lea-Cox, former global IT director and senior consultant for MWR InfoSecurity. “It is not an IT problem, yet so many firms hand it across to IT managers when the security issue really requires the whole organisation.

“The IT manager does not have authority over the company and is often too low level in the organisation. However, it is one opportunity for the IT manager to have a role in the complete project. They need to lead, but cannot do it on their own,” he adds.

However, White believes these issues end up with the IT department, as it is an area that it is naturally concerned about. “IT has a better understanding than the rest of the firm,” he says. “It is not saying that the business is not interested, it just so happens we have the expertise. Information security is something we can lead initiatives on.

“Having said that, on my list of priorities, security is probably higher than for the partners, because I am more aware of the day-to-day issues involved. Leading on from IT security, I am more aware of it than they are. Knowledge is an issue, because people do not understand the need for security.”

“There is an element of outsourcing here,” says Telfer. “IT security is the CIO’s problem — just as people problems belong to HR — so there is no ownership of the broader security issues. The ‘red flag’ items are all technology-related in lawyers’ eyes, so the whole problem becomes ours.”

“This is often due to the approach that security technology is very much a ‘tick in the box’,” says Assurix’s Lannin. “In addition, extending the security to consider internal policies and procedures often requires endorsement from many levels within the practice.”

MWR InfoSecurity’s Fidgin makes the point that IT departments are only custodians of the information. “They do not actually control or own it. The only thing an IT department can guarantee is the security of the information within the infrastructure controlled by the IT department.

“This thinking is why law firms lag behind corporates, which are beginning to understand this and are ahead of the game. 

“When they talk about information security, they are not only talking about good technical security — they talk about staff training, physical security, procedural security, the value of their information and legal liability should it hit the public domain.”

The perception has often been that companies view the formulation and implementation of an information security policy an onerous and unnecessary financial burden.

Fidgin makes a comparison between law firms today and the attitude of the corporate sector two-and-a-half years ago. “The information security programme was always a bit of a hindrance. In fact, there was immense value associated with a programme like that — not only from an insurance premium point of view,” he says.

“The point is by doing such a programme, the entire company, including every manager, will be involved. Where they actually start to address these problems, the benefits are massive.”

Blake Dawson Waldron’s Campbell highlights the fear of many IT directors: “Will there ever be enough education opportunities for those in the firm to whom security is an unnecessary profit barrier?”

Acting before a breach is often cost-effective. According to the DTI survey, the average cost of a serious security breach was £30,000, while the more serious incidents incurred up to £500,000 worth of damage and took days to resolve.

On a more practical level, there has to be recognition of the value and type of information the firm is trying to protect. Within this, there is the question of legal liability under the Data Protection Act as regards to sensitive information about clients and the most effective ways of protecting this.

“IT directors need to focus on protection and are made to do so by the Data Protection Act,” says Brian Collins. “With confidential information, you make sure you have the appropriate firewalls and encryption, with laptops, in particular.

“That means if you comply with the Data Protection Act, which every law firm must as it holds confidential information, then you must have appropriate security standards and processes in place,” he adds.

Every employee within the firm has been forced to become involved with information security with the advent of the Data Protection Act. All IT directors acknowledge this and the process has been put in place to deal with any potential risk.

“We have a large client database, which, if published, would be in breach of the Data Protection Act,” says Martin Tolhurst Partnership’s Stewart Thompson. “When we get our new firewall installed, we are going to create what we call a shadow database, which can only be accessed by a valid username and password. The main server will not be on the outside network and the connection between the mirrored server and database will only be open for an hour a day, so the data is updated. When they log in, users will always access the mirror server. The software will only allow them to access the data they are allowed to see.”

System checks and penetration testing for deficiencies and potential points of breach must be undertaken routinely by independent security service providers and acted on seriously. All IT directors cited this strategy as the key to pinpointing flaws in the security net.

With these reports, the CIO or IT director can focus the minds of partners. The issue of good governance is important to all firms. Although aimed at limited and public companies, rather than partnerships, the Turnbull Report contains essential guidance on adequately managing risk.

Alongside good governance there needs to be a correct business process on the lines of ISO 17799. Without a major incident in the legal sector, directors need to emphasise episodes within their own firms that could lead to breaches.

This is the crux of information security policy in law firms. Overall responsibility for information and content security regularly falls to the CIO or IT director. However, an approach such as this begs the question of who takes ownership of wider security issues within law firms and the value of doing so.

As regards the attitude that security is ancillary to a law firm’s core business, Lea-Cox asks: “Is it important to protect value? The market value of the firm is imperative — from the intellectual capital to the brand value. It is this value that is sold to their clients. Information security is absolutely part of the core business.

“The person with responsibility for information management has a significant obligation at the front-end of protecting the value of the firm,” Lea-Cox adds. “In Britain, there are few CIOs. The British lag behind in recognising a difference between CIOs and IT managers.”

However, we should not be too critical of law firms for lagging behind in terms of security, according to Collins. “In other areas, such as data management, law firms are well ahead of other corporate firms, as well as in other aspects,” he says. “As the emphasis is different between document-heavy law firms, as opposed to security-conscious banks, it will take a while for technology to spread across industry sectors.

“Law firms are holding back, but are also well-placed to take advantage of the gains made by other sectors in security technology.”

Author: Jody Raynsford
Source: Legal IT
Start Date: 03/04/2003
~~~~~~~~~~~~~~~~~~~



16 November 2002

A thirst for knowledge

A recent survey has shown that many law firms are failing their clients when it comes to providing a clear IT strategy.

The handful of legal industry commentators who have survived the grim market conditions of the past 18 months have begun to whistle a new tune: apparently, the slowing of the ‘arms race’ is a positive thing. The great benefit of the long months of consolidation is that law firm strategy has become increasingly client-focused. Until recently little more than a buzzword, the concept of listening to clients seems to be taking its first steps towards reality. 

But according to a major new survey undertaken by Legal IT’s sister magazine, Legal Director, in conjunction with Oyez Legal Technologies, although this new openness might be a growing trend, it has been slow to trickle down to support functions and delivery mechanisms such as IT. 

It is clear from the survey that the average in-house lawyer’s workload is going up, with 55% reporting a substantial increase. Only 10% said they now had less work to do. This would suggest a clear business case for embracing automation and taking legal business online. 

But the clients’ legal departments are busier primarily because they are giving less work to law firms. Again, this is clearly a function of the bear market.

Legal IT asked 10 leading IT directors for anonymous feedback on how they interact with clients: seven reported that heads of legal were generally interested, or very interested, in using technology. But while two said all the clients they spoke to were enthusiastic, eight acknowledged that there was still some residual cynicism. “When you meet them they are generally more curious than enthusiastic — but they are normally not negative,” one respondent says. “Occasionally, I am called into a meeting with a client who is very negative, to help overcome the problem.”

Enthusiasm expressed by clients is one thing; where IT actually sits on their priority list is another. According to Legal Director, introducing technology was a lower priority issue than accurate budgeting, quality and efficiency of legal services, reduction of costs, and recruitment and internal training. IT scored only five out of 10 in a priority list where the top issue, quality and efficiency, gained nearly nine out of 10.

And according to the survey, one of the top three reasons clients are taking on more work in-house is “to improve efficiency”. This suggests that a significant number of law firms are not doing enough to focus their services on the client. Clearly there is a lot of work to be done in correctly angling IT services for clients.

The Legal Director/Oyez survey — based on telephone interviews carried out by Opinion Research Business — found that 78% of heads of legal say that law firms are failing to give proactive advice on how to reduce costs via technology. Of this 78%, nearly half (32%) say that the firms should be proactive in this area.

On the other hand, law firms appear to believe they have good reason to steer clear of this topic when speaking to clients. “To a client, cost-cutting means a reduction in the hourly billing rate,” one IT director says. “They never equate it with IT. 

When I meet clients I always quiz them, but you have to be careful: when clients get enthusiastic about something they expect it to be delivered the next day. So do not make any promises.”

Another respondent says all the clients he has spoken to were very positive about IT, but their interest in it was not primarily cost-cutting. The central issue is improving efficiency. “Web-based technology has a massive potential to improve efficiency,” he says, adding that more clients are starting to recognise this. “Clients are looking for the most efficient way to do business and if it saves them money as well, that is a bonus.” 

According to another IT director: “Clients are most interested in enhancing the relationship with the firms on their panel. Issues such as fees and costs are less important.” 

The IT director of a leading regional firm says he has never found cynicism because the firm does not try to promote IT as a cost-cutting measure. He says the people he talks to — the general counsels — are normally quick to see the high-level benefits. But the staff in their departments are often a lot slower. 

Meanwhile, a City law firm’s IT director is contemptuous of the whole notion of promoting IT as a means of cutting costs. “We offer IT services as an enhancement, not as a way to avoid photocopying charges,” she says.

Law firms that are looking to expand the scope of the IT-based services they offer to clients would do well to develop litigation support applications, according to Legal Director. Admittedly, 47% of law firms already provide these services, but with 80% of corporate heads of legal saying that they find them useful — including 44% who say they are very useful — a major development project in this area is likely to be well received.

Another major complaint voiced in the survey is that clients’ legal departments are hardly ever consulted over firms’ IT strategy. Only 13% said they had been consulted and of the remaining 87%, more than a third said that they should be. 
The survey paints a rosy picture of the quality of IT support in major companies’ in-house legal departments, with four general counsel out of five saying that they are well supported, while the remaining 20% reported varying degrees of dissatisfaction. 

But law firm IT directors do not agree. “For a commercial IT department, supporting the company’s legal department is definitely a low priority, one respondent says. “An in-house legal department will have two people providing IT support — if they are lucky — and these are the only people in the company’s IT function that we get to talk to.” 

The law firm IT directors quizzed by Legal IT admit that they rarely get to talk with clients about general IT strategy, and even less frequently do they get to compare notes with the companies’ IT directors — who are clearly the best people to talk to. 

“It is extremely difficult to gain access to clients’ IT departments,” one IT director says. “But it will become increasingly important as we begin to talk about security [issues such as] access to our network and e-mail encryption.” 

The City IT director who was most upbeat on the communication issue says that out of a small list of key clients, she has met three IT directors in the past year. “It is not unusual, but it is normally suggested by a partner,” she says. “The key thing is that any decision we make as a firm should not in any way shut down a relationship with a client. When we want to expose documents from the firm’s DMS, there must be no software requirement for the client. There should never be a conflict with their system.”

But are foreign firms any better? An IT director at one of the largest global firms says she has never had the opportunity to talk strategy with clients, but the firm’s chief operating officer does. “It is part of what we see as a value-added service for key clients,” she says. “We watch the market for major IT purchases by our key clients, but I am beginning to think that we should be talking to them more about global IT strategy.” For this reason, she warns, legal IT directors must be very careful about which IT standards they support.

Smaller firms seem to have less trouble getting in touch with clients’ IT directors — possibly because the client companies themselves are national rather than multinational organisations, with less complex internal structures and politics. 

One leading regional firm’s IT director says that although he rarely gets to talk about strategy, he often meets his counterparts to discuss — on a specific, technical level — what they want to get out of the law firm’s systems. He says half the clients that use extranets ask the law firm’s IT director to meet their own IT department.

On the subject of extranets and virtual dealrooms, most legal departments seem to be sending out mixed messages. Twenty-nine percent of clients say that IT systems introduced by law firms have resulted in improved relationships, so the collaborative aspect of these technologies is delivering some value. But the usefulness of dealrooms for mergers and acquisitions was seen as limited. Fewer than one in seven in-house lawyers surveyed had used them for due diligence or transaction management purposes. Still, they are a worthwhile offering: on a scale of one to five, where one represents ‘useless’ and five is ‘extremely useful’, dealrooms scored 3.9 for transaction management and 3.4 for due diligence. 

Furthermore, Legal IT’s sample of IT directors reported conclusively that extranets were still the most popular components of their firms’ client facing services. “It is the collaborative element that they want,” one IT director says. “Clients are slower to take up knowhow services but this will follow on the back of the extranets.” 

Another IT director says a few clients have specifically asked for an extranet that will act as an interface with the firm’s case management systems. “One client asked us to provide a legal information service, but we are not in that game,” he says. “We leave that to the big boys.”

A London-based IT director says extranets are only welcomed by clients if they are produced on a bespoke basis for each individual client. “They use them fully because the extranet is specifically designed for them,” she says. “We do not offer a ‘vanilla’ extranet because the take-up for these is very poor.” 

So while extranets may not be top of the pops as far as a law firm’s clients are concerned, they are at least being used (one global firm is currently running 300 dealrooms) and they do provide an important opening for legal technology professionals. 

The IT director at a global firm advocates simplicity as the key to getting clients online — both with broad extranet offerings and with the very simplest gestures. For example, she says, something that is important and often overlooked is that when they visit your offices, clients often like the opportunity to log in and check their e-mail, or to communicate with the office. “We now have a dedicated facility for them to use,” she says.

If a firm could swallow its pride and truly go back to basics with IT, surely it would then become easier to persuade clients to communicate online and they may even become more proactive, suggesting enhancements and additional services. Of course, any firm wishing to go down this route would have to think carefully about whether or not the ultimate aim of getting clients to use extranets is to differentiate themselves from their rivals by offering a better service, or whether the goal is really to streamline their own delivery mechanisms and internal processes. Either way, managing clients’ expectations will create yet another tightrope for the IT director to walk.

Finally, only two of the IT directors who spoke to Legal IT have ever been directly approached by a proactive client who wanted to discuss what they needed from IT. 

“We have had a couple of direct calls from clients,” one respondent says. “And in some instances, there is a requirement to factor IT into our bids for legal work, so we are now trying to be proactive about including IT services in many of our bids.” The other exception — a national law firm — reported one client that had called the IT director on their own initiative. 

Clearly there is a lot of work for law firms’ IT departments in aligning their client-facing systems with those of their clients, but communication is a two-way process and it is obvious that both sides need to try harder.

Author:Legal IT Reports
Source: Legal IT

 


LegalIT.net