Dennis Kennedy’s Seven Legal Technology Trends for 2007 – Part 3

(Part 3 of a 5-part Series) (Explanation of series)
Seven Legal Technology Trends for 2007 – Widening the Digital Divide in Law Practice
Seven Trends for 2007, Number 3 and 4.
What specific trends must lawyers watch in 2007? I suggest that seven trends should be on your radar screen, and the agendas of your technology committee. Here are trends 3 and 4.
Trend #3. Making Sound Business Decisions about Technology.
If 2007 will be a lull for many firms, then it makes sense to take good advantage of this interlude rather than to sit idly
by. My next big trend for 2007 will be the efforts the best firms will make to apply business principles and make sound decisions about where they are, where they’ve been, and where they want to be with technology. In part, this means bringing technology committee issues into the executive committee, or making sure that managing partners get involved in technology committee efforts. More than that, it means taking a hard-headed business approach to technology efforts and deciding what place legal technology should have in today’s law firm.
I’ll highlight three sub-trends that largely continue some existing trends, but will pick up momentum in 2007: (a) audits and efforts to find cost savings, (b) applying traditional business principles, and (c) refocusing on outsourcing.
A. Audits and Cost Savings Efforts.
This trend cuts across all firms, big and small. Too many firms have little idea of what they have, how money is being spent, and whether they are spending too much or too little for what they are getting. It is the rare firm that benchmarks how its technology compares to that of competitor firms.
No one likes the word “audit,” but, especially in a lull, technology audits make good sense. If you are not upgrading and installing, it’s a great time to inventory, measure and assess what you have, and compare it to your strategic plan. You do have a strategic plan for technology, right? Even the simplest software audit that identifies the programs that you have and determines whether your licenses match your programs can provide excellent information for moving forward.
The emphasis should be on cost reduction. And remember that cost reduction and cost savings are a more thoughtful process than simple cost cutting. Are you paying for software no one uses? Can you gather information about costs that will help you accurately consider hosted services or leasing? If you know that you must invest in new technology in the not-so-distant future, doesn’t it make sense to pay for part of that future with cost reductions from outdated or inadequate legacy technology? I doubt that there are many law firms that do not have fat that can be cut out of their technology budgets. If you don’t do it now, it might not ever get done.
B. Applying Honest-to-Goodness Business Principles.
Firms that audit and measure technology will have a solid basis for making business decisions. If you do not measure, you cannot make those decisions. In 2007, look for an increase in the application of standard business principles to legal technology efforts.
Can you determine the return on investment (ROI) of various technology options? Can you determine what legal technology projects have been successes and failures? Does it make more sense to lease or buy? What is the total cost of ownership for technology in your firm in the past, and what should it be going forward? Who makes decisions and how?
Expect to see an increased emphasis on tradition business measures, business processes and standard business approaches. For example, I like the idea of looking at technology as an investment portfolio, assessing risk and return. Others might look to Six Sigma, theory of constraints or other popular business approaches. In 2007, the seat-of-the-pants or let’s-buy-what-they-bought approaches will become the domain of those firms on the wrong side of the digital divide.
C. Outsourcing Revisited.
What is the business of a law firm? What is the core business of your law firm? For example, are you in the business of hosting massive amounts of your clients’ discovery data? Firms have looked at outsourcing over the years, and the results have been a mixed bag.
In 2007, however, the outsourcing trend will pick up momentum. Make a list of all the areas of electronic discovery your firm will be involved in. Add help desk, software management, security, disaster recovery, training, hardware acquisition and maintenance, and all the other parts of your technology operations. Are those all functions a law firm should be providing?
The answers will vary from firm to firm, but the question must be asked and, increasingly, the answer will lead firms to outsourcing options.
Trend #4. Security and Disaster Recovery – The Necessary Relationship.
I’ve long been concerned with the approach many lawyers and law firms take to security issues. I read recently about an unprotected, unupdated Windows computer being attacked and compromised within a minute of being connected to the Internet.
With “zero-day exploits,” malicious payloads on malware, and organized attacks, the nature of security has changed. Cyberterrorism is not just a purely theoretical threat. Security problems can create disasters as easily as natural forces can.
In 2007, there is a growing realization that security and disaster recovery must be top priorities that require continuing attention, and that the two areas are inextricably related. While we cannot predict the future with certainly, there’s little doubt that we will see some unexpected security and other disasters that will cause serious problems and be largely unexpected.
Within this trend, I’ll highlight three sub-trends: (a) redefining the notion of disasters, (b) using recent learning to set priorities, and (c) the growing association of security and disasters.
A. Recent Redefinition of Disasters.
Both 9/11 and the aftermath of Hurricane Katrina brought public attention to the assumptions we make about disasters. Can we really assume anymore that our building or even our city will remain after a disaster? In 2006, St. Louis had two “freak” storms, leaving me without electricity for 10 days in a five-month period. Normal backup and disaster recovery plans would reasonably treat electrical outages as being a transitory or short-term issue.
If you watch the television show “24,” you know that there are whole categories of disasters we haven’t yet seen and hope never to see. There has also recently been a lot of discussion of pandemics. Firms have been brought to a standstill by computer viruses. I’ve been surprised lately by the number of people who have told me that they have had periods of days where their email systems were not working properly. Imagine what a serious security breach or total compromise of a law firm’s network might involve. What about the simple loss of a lawyer’s notebook computer?
Expect to see some new twists on what “disaster” means in 2007. While you cannot plan for it all, 2007 is a year for more planning rather than less planning.
B. Applying Recent Learning to Setting Priorities.
It should be no surprise to find that we have short memories when it comes to the last disaster. As the latest disaster recedes into the past, other urgent priorities take the place of disaster recovery planning. There’s a certain inevitability in that.
However, you must try to learn some lessons and take some actions based on what you learned. I’ve learned over the past year that law firms in the Gulf Coast region of the United States are always concerned about offsite and online backup and are more receptive to hosted software services than lawyers in other parts of the country. Firms that have been shut down by viruses pay far more attention to Windows updates, antivirus programs, backup and computer usage policies than firms that have not. Firms with email problems in the past often have moved to email fail-over backup systems based on those experiences.
Let me offer my personal history as an example. For six days last summer we, and 40% of St. Louisans had no electricity. By the way, that also meant no Internet access. The cause was a freak storm that was not likely to recur. Since I’ve spoken and written about disaster recovery, I wanted to draw my own lessons and make some changes based on what I learned. And I did that. However, I also assessed the risks of another extended power outage and decided that the risk was small enough that I did not need to take other steps. Five months later, we, and 205 of St. Louisans, lost power, in this case for four days.
Some of the steps I took in the summer worked well for me and there are other things that I wish I had done. I’ve learned some new lessons (for example, I’m not sure it makes sense for any lawyer not to use a notebook computer) and I’ve reassessed what I’m doing in light of the risks as I perceive them.
In the event of a major disaster, the gap between the technology-haves and have-nots will be clearly illustrated.
C. The Combo Disaster – Is Security the Biggest Disaster Issue?
The idea of “cascades” has become important in both security and disaster recover. We tend to think in terms of single disasters with single solutions. But what happens when disasters or security threats come at you in combinations or as a cascade where one event triggers other events? Another analogy might be “swarming” attacks.
With “phishing” and other organized, social-engineering attacks, the bad guys take advantage of the disorder and disarray caused by a disaster or ongoing response to a disaster to create further problems or break through unsecured access points. As an illustration, the goal of introducing Trojan horses into your system is to create a platform from which the attacker gains further access at administrator levels, to gather valuable information that can be used or sold elsewhere, and to turn your system into a controllable platform for further attacks.
The result is that a security compromise can cause a spiraling set of technical and other problems, including massive public relations problems if confidential data is exposed or stolen. In 2006, we saw several headlines about loss of personal data on laptop computers that were stolen. Those headlines should give plenty of warning to those considering security and disaster recovery planning.
(To be continued in Part 4)
I invite your comments and feedback on this article-in-progress.
[Originally posted on DennisKennedy.Blog (http://www.denniskennedy.com/blog/)]
Learn more about legal technology at Dennis Kennedy’s Legal Technology Central page.
Technorati tags: rel="tag">predictions!