2013 Am Law Tech Survey: Firms' Data Security Fears Rise
Data security has become a top concern for law firm technology chiefs.
This means that nearly 60 percent of law firms have no plans to issue tablets firmwide in the foreseeable future. One of those firms is Gibson, Dunn & Crutcher, which has instead deployed Lenovo X1 and Apple Macbook Air laptops. "They're lightweight, they're fast, they have the capacity to support all [of our] applications and security parameters," says Brett Fazio, Gibson Dunn's chief information officer. In other words, the new generation of ultra-light laptops get everything right—something that has so far eluded every type of tablet. "For creating and editing documents, I don't know that the iPad is there yet," Fazio says. "The Surface Pro ["Surface Appeal," February 2013] comes close with the full suite of Office . . . but our testers say the weight is the same [as the X1 and Macbook Air laptops] and it doesn't run as many applications. At this time, we will support tablets but not issue them as default equipment."
Nor are firms quite ready to fully embrace cloud computing. Here, the story is familiar, little changed from last year, or the year before that. While more than two-thirds of responding firms (69 percent) are using hosted solutions in some fashion, few are trusting them with their most sensitive information. Just 12 percent use the cloud for storage, and a mere 5 percent use it for document management (numbers that were close to last year's results). Where are firms using the cloud? E-discovery and litigation support (with 62 percent of responding firms) and human resources (56 percent) were the most common uses.
Once again, the biggest worry about the cloud was security. Yet while 68 percent of responding firms cited it as a concern last year, 92 percent did so this year. On one hand, the bump meshes with firms' heightened focus on security. On the other hand, it contrasts with the burgeoning popularity of the cloud in other sectors, not to mention the idea—embraced by many consultants and cloud users—that a provider that lives and breathes technology can be a lot more effective in keeping systems secure than a law firm can. "It's really an issue of control," says Brett Burney, founder of Burney Consultants, which provides technology-related services to corporate executives and legal professionals. "The cloud isn't just magic and smoke; data is in a physical location, highly secured, with redundant backups. But law firms want to be able to say that the data a client entrusted to it is on their server, in their office—not on a server they can't even tell you where it is. They just can't get comfortable with that."
That wariness is unlikely to disappear soon. The cloud may offer efficiencies, but in an environment where clients are asking more about law firm IT, and even coming on site to kick the tires, it can also add complexity. "Clients will ask if you store their data on a third-party server and if you do, what security provisions you have with them," says Fazio. This means that a firm has to ask prospective providers tough questions—and it may not get the answers it needs. "In some cases, public cloud providers won't offer a formal nondisclosure agreement or a guarantee about what happens if there is litigation that involves data on their systems," says Fazio.
Perhaps it isn't security per se that is holding back the cloud, but those old demons long familiar to lawyers: vagueness and ambiguity. For many firms, there just isn't enough clarity, or certainty, about how cloud providers operate. "What happens if I switch vendors?" asks one CIO. "How do I get my data back and off their systems? I get stuck in the contractual language every time." The cloud would be cheaper for the firm, he notes, than running the systems itself and paying for all the real estate they take up. "But in the end," he says, "I just throw up my hands."
Contributing editor Alan Cohen writes about law firms and technology.
Welcome to ALM. You have read 0 out of 0 free articles this month