Data Security Fears Rise

Meanwhile, optimism is warranted on the budget front. Technology budgets for capital expenses increased this year, say 46% of respondents, with a fifth seeing more than a 10% jump. And 49% saw rises in IT budgets for operating expenses, though increases were more modest (just a few respondents saw hikes exceeding 10%). Firms may not be spending like it's 1999, but they're not skimping like it's 2009, either.

“I think the outlook is pretty good,” says one CTO, who, like many commentors, required anonymity. “We're making the investments where we think prudent, even adding new positions, in areas like security. In my opinion, things are stable, even looking up.” That cautious optimism was reflected in the survey results as 93% of respondents say they agree or mostly agree with management's recent technology decisions.

Survey responses and follow-up interviews demonstrated a broad consensus among the chiefs on several issues. For one thing, they're not racing to embrace Microsoft Corp.'s Windows 8. Just 5% of responding firms plan to migrate to that platform in the next year. The holdup, they say, can't be pinned completely on Windows 8's new, and not universally beloved, user interface. Many firms have only recently upgraded to Windows 7, and given the complexities of an OS upgrade ' ensuring software compatibility, providing training ' few are eager to repeat the process soon.

The outlook isn't rosy for BlackBerry, either. While 96% of respondents said that their firm supports BlackBerry, 71% expect a decrease in users in 2014.

Security Threats

Much more significant is the nearly universal assessment that security threats have grown more worrisome. This, the chiefs say, is due to several factors. First, law firms are more likely to be targeted. “I'm finding that the random attacks are relatively steady and stable,” says one CIO. “But I'm hearing anecdotally from colleagues that some [firms] are seeing more targeted attacks.” FBI representatives have been speaking at ALM's LegalTech, the International Legal Technology Association (ILTA) annual meeting, and other trade shows, stressing the particular vulnerabilities of law firms.

“Law firms are often targeted [because] they store information on clients' pending deals and litigation,” Austin Berglas, assistant special agent in charge of the cyber branch in the FBI 's New York office, told The American Lawyer. “Organizations who do not protect their 'crown jewels,' or proprietary information, and segregate it from any external facing network, run the risk of having this important information stolen during a cyberattack.”

Targeted attacks can be particularly difficult to defend because they often exploit the weakest link in any security net: the humans at the computers. These efforts rely on trickery as much as technical prowess: an e-mail that looks so authentic that users don't hesitate to click on a link ' and wind up infecting the firm's system with malicious code that extracts sensitive information. “The biggest gap in security is people,” says one CIO. “That's where you are vulnerable.” To help shore up security, his firm now hires an outside company to test its defenses once a year ' in effect, it tries to break in and steal data, and zero in on any weaknesses. Other firms are doing the same. Blank Rome CTO Laurence Liss says his firm traditionally did such penetration testing every year or two. Now, he says, “we are doing it very religiously every year.”

Indeed, firms have been ramping up their defensive posture and, according to the survey, plan to continue that focus in the coming year. At some firms, this has involved creating new positions focused exclusively on security. Blank Rome hired its first director of information security this year. Ballard Spahr now has an IT security expert on staff. “It's not like we weren't concerned about security before, but we see the need for a more targeted focus,” says Lisa Mayo, Ballard Spahr's director of data management.

It's not just cybercriminals spurring the law firms. “The short, glib answer is, clients are driving the heightened focus,” says one CIO. “There is a lot of noise, especially out of the banking industry, about looking specifically at your law firms.” Tougher regulatory frameworks, not just in finance but in sectors like health care, are causing clients to ask more questions about the security their firms do, and don't, have in place. “We're seeing a significant increase in client security questionnaires and on-site reviews,” says another CIO. “Many firms are [secured] pretty well, but clients may require certain things and firms may have to add systems.”

Increasingly, these conversations are happening before engagements are won. “Now as part of the RFP process, you'll need to provide very detailed specifications on what you have in place,” says Mayo. “It's becoming a factor in whether you will get the business.” Nor is it only preventive measures that clients want to know about. “We'll get requests about our response plan in the event of a cyber-breach,” says one CIO. “So [now] we have a cyber-response plan.”

Tablets and Mobile

The survey shows widespread use of consumer smartphones but reveals a much more tepid embrace of tablets. Just 8% of responding firms supply them to lawyers. Nor are most lawyers bringing them in on their own. At nine out of 10 firms, far less than half of the attorneys are using tablets. Given the burgeoning volume of law-related apps, blogs and tech show seminars, that might raise some eyebrows.

But in interviews, survey respondents painted a jury-is-out picture. Current devices, they say, work far better for some lawyers than others. Those who consume content ' reading PDFs, performing research, reviewing documents ' tend to gravitate toward tablets. Those who primarily create content ' writing and editing memos, for example ' tend to stick with laptops. The ever-shrinking profile and poundage of business laptops has made them nearly as portable as tablets. It isn't surprising that for their next hardware refresh, the most popular strategy is to deploy laptops only, with 38% of firms planning to do so. Desktop-only and desktop-and-tablet strategies tied for second, with 21% of firms each, a laptop-tablet model followed at 20%.

This means that nearly 60% of firms have no plans to issue tablets firmwide in the foreseeable future. Gibson, Dunn & Crutcher has instead deployed Lenovo X1 and Apple MacBook Air laptops. “They're lightweight, they're fast, they have the capacity to support all [of our] applications and security parameters,” says CIO Brett Fazio. The firm supports tablets, but does not issue them as default equipment, he says. “For creating and editing documents, I don't know that the iPad is there yet,” Fazio says. The Surface Pro comes close, with the full Office suite, but weight is an issue and it doesn't run as many applications, he says.

Cloudy Outlook

Nor are firms quite ready to fully embrace cloud computing. While 69% of firms are using hosted systems in some fashion, few trust them with their most sensitive information. Just 12% use the cloud for storage, and a mere 5% for document management. Where are firms using the cloud? e-Discovery and litigation support (with 62% of responding firms) and human resources (56%) were the most common uses. The biggest worry about the cloud is security ' to little surprise ' with 92% of respondents citing it as a concern.

View highlights of the 2013 Am Law Tech Survey at http://bit.ly/1e5x2st.

Alan Cohen writes about law firms and technology for e-Commerce Law & Strategy's ALM sibling, The American Lawyer. He can be reached at [email protected].

e-Commerce and other technology professionals just aren't destined to get a good night's sleep. First there was the recession, slowing upgrades and new projects. Then lawyers using personal smartphones and tablets for work, raising confidentiality headaches. Now, a new challenge: Protecting against cyberattacks ' and convincing clients that the firm is doing this job well.

Security has always been a top issue for law firms. But as our ALM sibling The American Lawyer's 18th annual survey of law technology reveals, the worries and the stakes have never been greater. Eighty-six percent of respondents ' technology directors and CTOs from 87 Am Law 200 firms ' say they are more concerned about security threats than two years ago. An array of factors drive the heightened focus: tougher regulatory requirements, more security-conscious clients and more sophisticated techniques used by cybercriminals, who are increasingly targeting law firms.

The dark clouds mask an otherwise sunny vista. The “bring your own device” (BYOD) trend, for example, is rapidly transforming into standard operating procedure. With better mobile device management systems, now used by 87% of respondent firms, phones and tablets are being integrated into the IT infrastructure with less hassle and more reassurance. Multiplatform environments are now the norm: All responding firms have lawyers on iPhones, while 86% count Android users among their attorneys and 45% have Windows Phone users.

Meanwhile, optimism is warranted on the budget front. Technology budgets for capital expenses increased this year, say 46% of respondents, with a fifth seeing more than a 10% jump. And 49% saw rises in IT budgets for operating expenses, though increases were more modest (just a few respondents saw hikes exceeding 10%). Firms may not be spending like it's 1999, but they're not skimping like it's 2009, either.

“I think the outlook is pretty good,” says one CTO, who, like many commentors, required anonymity. “We're making the investments where we think prudent, even adding new positions, in areas like security. In my opinion, things are stable, even looking up.” That cautious optimism was reflected in the survey results as 93% of respondents say they agree or mostly agree with management's recent technology decisions.

Survey responses and follow-up interviews demonstrated a broad consensus among the chiefs on several issues. For one thing, they're not racing to embrace Microsoft Corp.'s Windows 8. Just 5% of responding firms plan to migrate to that platform in the next year. The holdup, they say, can't be pinned completely on Windows 8's new, and not universally beloved, user interface. Many firms have only recently upgraded to Windows 7, and given the complexities of an OS upgrade ' ensuring software compatibility, providing training ' few are eager to repeat the process soon.

The outlook isn't rosy for BlackBerry, either. While 96% of respondents said that their firm supports BlackBerry, 71% expect a decrease in users in 2014.

Security Threats

Much more significant is the nearly universal assessment that security threats have grown more worrisome. This, the chiefs say, is due to several factors. First, law firms are more likely to be targeted. “I'm finding that the random attacks are relatively steady and stable,” says one CIO. “But I'm hearing anecdotally from colleagues that some [firms] are seeing more targeted attacks.” FBI representatives have been speaking at ALM's LegalTech, the International Legal Technology Association (ILTA) annual meeting, and other trade shows, stressing the particular vulnerabilities of law firms.

“Law firms are often targeted [because] they store information on clients' pending deals and litigation,” Austin Berglas, assistant special agent in charge of the cyber branch in the FBI 's New York office, told The American Lawyer. “Organizations who do not protect their 'crown jewels,' or proprietary information, and segregate it from any external facing network, run the risk of having this important information stolen during a cyberattack.”

Targeted attacks can be particularly difficult to defend because they often exploit the weakest link in any security net: the humans at the computers. These efforts rely on trickery as much as technical prowess: an e-mail that looks so authentic that users don't hesitate to click on a link ' and wind up infecting the firm's system with malicious code that extracts sensitive information. “The biggest gap in security is people,” says one CIO. “That's where you are vulnerable.” To help shore up security, his firm now hires an outside company to test its defenses once a year ' in effect, it tries to break in and steal data, and zero in on any weaknesses. Other firms are doing the same. Blank Rome CTO Laurence Liss says his firm traditionally did such penetration testing every year or two. Now, he says, “we are doing it very religiously every year.”

Indeed, firms have been ramping up their defensive posture and, according to the survey, plan to continue that focus in the coming year. At some firms, this has involved creating new positions focused exclusively on security. Blank Rome hired its first director of information security this year. Ballard Spahr now has an IT security expert on staff. “It's not like we weren't concerned about security before, but we see the need for a more targeted focus,” says Lisa Mayo, Ballard Spahr's director of data management.

It's not just cybercriminals spurring the law firms. “The short, glib answer is, clients are driving the heightened focus,” says one CIO. “There is a lot of noise, especially out of the banking industry, about looking specifically at your law firms.” Tougher regulatory frameworks, not just in finance but in sectors like health care, are causing clients to ask more questions about the security their firms do, and don't, have in place. “We're seeing a significant increase in client security questionnaires and on-site reviews,” says another CIO. “Many firms are [secured] pretty well, but clients may require certain things and firms may have to add systems.”

Increasingly, these conversations are happening before engagements are won. “Now as part of the RFP process, you'll need to provide very detailed specifications on what you have in place,” says Mayo. “It's becoming a factor in whether you will get the business.” Nor is it only preventive measures that clients want to know about. “We'll get requests about our response plan in the event of a cyber-breach,” says one CIO. “So [now] we have a cyber-response plan.”

Tablets and Mobile

The survey shows widespread use of consumer smartphones but reveals a much more tepid embrace of tablets. Just 8% of responding firms supply them to lawyers. Nor are most lawyers bringing them in on their own. At nine out of 10 firms, far less than half of the attorneys are using tablets. Given the burgeoning volume of law-related apps, blogs and tech show seminars, that might raise some eyebrows.

But in interviews, survey respondents painted a jury-is-out picture. Current devices, they say, work far better for some lawyers than others. Those who consume content ' reading PDFs, performing research, reviewing documents ' tend to gravitate toward tablets. Those who primarily create content ' writing and editing memos, for example ' tend to stick with laptops. The ever-shrinking profile and poundage of business laptops has made them nearly as portable as tablets. It isn't surprising that for their next hardware refresh, the most popular strategy is to deploy laptops only, with 38% of firms planning to do so. Desktop-only and desktop-and-tablet strategies tied for second, with 21% of firms each, a laptop-tablet model followed at 20%.

This means that nearly 60% of firms have no plans to issue tablets firmwide in the foreseeable future. Gibson, Dunn & Crutcher has instead deployed Lenovo X1 and Apple MacBook Air laptops. “They're lightweight, they're fast, they have the capacity to support all [of our] applications and security parameters,” says CIO Brett Fazio. The firm supports tablets, but does not issue them as default equipment, he says. “For creating and editing documents, I don't know that the iPad is there yet,” Fazio says. The Surface Pro comes close, with the full Office suite, but weight is an issue and it doesn't run as many applications, he says.

Cloudy Outlook

Nor are firms quite ready to fully embrace cloud computing. While 69% of firms are using hosted systems in some fashion, few trust them with their most sensitive information. Just 12% use the cloud for storage, and a mere 5% for document management. Where are firms using the cloud? e-Discovery and litigation support (with 62% of responding firms) and human resources (56%) were the most common uses. The biggest worry about the cloud is security ' to little surprise ' with 92% of respondents citing it as a concern.

View highlights of the 2013 Am Law Tech Survey at http://bit.ly/1e5x2st.

Alan Cohen writes about law firms and technology for e-Commerce Law & Strategy's ALM sibling, The American Lawyer. He can be reached at [email protected].