Just a few years ago, the idea of migrating a law firm’s document management system (DMS) to the cloud was in many cases met with suspicion, uncertainty or outright dismissal by its senior management. Today, alongside data security, the cloud is one of the most discussed topics amongst law firms, with most planning to move their DMS to the cloud at some point in the next few years.
As a naturally risk-averse profession, it’s fair to say that the legal sector has been slower than other industries in cloud adoption, with data residency, security and privacy concerns being cited as the biggest barriers.
However, the landscape is changing rapidly, and a ‘cloud-first’ strategy is being adopted by CIOs and IT Directors of many law firms and corporate IT. Yet, the biggest challenge in adopting this approach has traditionally been around how to demonstrate and convince the wider firm that this is a low-risk approach and the right strategy.
So, what considerations need to be made by a law firm on its journey to the cloud?
- Form a strategic cloud plan
The success of your journey to the cloud will be largely determined by the plan put in place at the offset. This needs to consider a current state analysis, inter-office collaboration and library design, data residency and hosting, and both logical and physical security. Ultimately, the objective of this design stage is to get clarity on where data is going to be hosted, how it will be accessed, and what integration rework will be required. Take time to understand collaboration processes and patterns between departments and offices; jurisdictional restrictions on data; and clients’ agreed terms for cloud hosting. Maximise efficiency by having a clear goal in mind and designing a prioritised roadmap that will outline each key stage of the process and the involvement required. Finally, appoint a project team, who can ensure buy-in from all of the necessary departments to minimise obstacles and enable any challenges that do arise to be quickly solved along the way.
- On premise vs hybrid cloud
Consider whether a full cloud-only approach is the best way forward for the firm, or whether a hybrid solution might be more suitable. Are you looking for a solution with direct SQL access, flexible reporting options and simple integrations? Or can these be reworked to take advantage of the lower management overheads, infrastructure costs and enhanced security offered by cloud solutions? The same solution won’t work for all law firms, so understanding the firm-specific challenges needing to be addressed will help to inform this decision.
- Engage the business and understand cloud data regulations
Business engagement is a crucial stage to gain ‘buy-in’ for cloud acceptance across the firm. Within the legal sector, stakeholders are likely to be risk-averse, resistant to change and have a mixed perception of the issues. Where this is the case, make sure that communications to stakeholders address these concerns. Educate them that cloud does not mean the firm compromises security or control of data, and that the needs of the client will be considered at every stage of the journey.
Understanding where your data should be located is critical, as is examining specific regulations that apply in different global regions to ensure you know which regulations apply in which jurisdiction. As part of engaging the rest of the business with your cloud strategy, make sure you feedback your findings to stakeholders so you can provide reassurance that you would not fall foul of any regulatory restrictions.
- Respect client requirements
Most law firms would be unwilling to turn away work if a client has specific requests around their data. A critical element of your move to the cloud must therefore be to identify which, if any, of your clients might be cloud-averse. Review your contractual terms and identify any clauses regarding data governance, residency, transfer and use of third parties to ensure your new system is able to respect these requirements. Often these restrictions are historical and can be refreshed without compromising the client relationship.
- Costing the cloud
By understanding client data requirements and how these map to your data, you should be able to understand and present both the commercial benefits and cost efficiencies to the wider business. Calculate the Total Cost of Ownership (TCO) for different hosting options – including server costs, software licencing, future upgrades, and other relevant costs – in order to ensure final business case signoff is a smooth process.
The journey to the cloud needn’t be complicated as long as the process begins with clearly defined aims, realistic scope and a clear roadmap of how you expect the journey to unfold. Have a clear understanding of both your clients and stakeholders, ensuring you are ready to address any concerns they may have about information security. Lastly, have an exit strategy in place. Most firms move to the cloud successfully and never look back, but you need to be prepared for all eventualities.
Cloud hosting is now the primary hosting model for DMS’s. Are you ready?
David Malkinson, Technical Director, Phoenix Business Solutions
How to Build an AI Strategy that Works
By Michael Chalmers, MD EMEA at Contino
Six steps to boosting digital transformation through AI
In the age of artificial intelligence, the way we interact with brands and go about our work and daily lives has changed. No longer blithe buzzwords, AI tools and algorithms are solving real business problems, streamlining operations, boosting productivity, improving customer experience, and creating opportunities for advantage in a competitive marketplace.
However, many businesses struggle to unlock the full benefits that come with its adoption across the whole organisation. Making the most of AI requires a strategic focus, alignment with the specific operating model of the business, and a plan to implement it in a way that delivers real value.
Not all AI strategies are equal. To be successful, businesses need to set out how the technology will achieve objectives and identify the specific assets and case uses that will set them apart from competitors. The process of creating and delivering a successful AI strategy includes the following six essential elements that will help to bake in business success.
- Start with your vision and objective
One slip-up companies often make when developing an AI strategy is a failure to match the vision to the execution. Almost inevitably, this results in disjointed and complicated AI programmes that can take years to consolidate. Choosing an AI solution based on defined business objectives established at the start of a project reduces the risk of delay and failure.
As with any project or initiative, it’s crucial to align your corporate strategy with measurable goals and objectives to guide your AI deployment. Once a strategy is set and proven, its much quicker and easier to roll it out across divisions and product teams, maximising its benefits.
- Build a multi-disciplinary team
AI is not an island. Multi-disciplinary teams are best placed to assess how the AI strategy can optimally serve their individual needs. Insights and inputs from web design, R&D and engineering will together ensure your plan hits objectives for key internal stakeholders.
It’s also important to recognise that with the best will and effort, the strategy might not be the perfect one first time around. Being prepared to iterate and flex the approach is a significant success factor. By fostering a culture of experimentation, your team will locate the right AI assets to form your unique competitive edge.
- Be selective about the problems you fix first
Selecting ‘lighthouse’ projects based on their overall goals and importance, size, likely duration, and data quality allow you to demonstrate the tangible benefits in a relatively short space of time. Not all problems can be fixed by AI, of course. But by identifying and addressing issues quickly and effectively, you can create beacons of AI capability that inspire others across the organisation.
Lighthouse projects should aim to be delivered in under eight weeks, instead of eight months. They will provide an immediate and tangible benefit for the business and your customers to be replicated elsewhere. These small wins sow the seeds of transformation that swell from the ground up, empowering small teams to grow in competency, autonomy and relatedness.
- Put the customer first, and measure accordingly
Customer-centricity is one of the most popular topics among today’s business leaders. Traditionally, businesses were much more product-centric than customer-centric. Somebody built products and then customers were found. Now, the customer is, and should be, at the heart of everything businesses do.
By taking a customer-centric approach, you will find that business drivers determine many technology decisions. When creating your AI strategy, create customer centric KPIs that align with the overall corporate objectives and continually measure product execution backwards through the value chain.
- Share skills and expertise at scale through an ‘AI community of practice’
The journey to business-wide AI adoption is iterative and continuous. Upon successful completion of a product, the team should evolve into what’s known as an ‘AI community of practice’, which will foster AI innovation and upskill future AI teams.
In the world of rapid AI product iterations, best practices and automation are more relevant than ever. Data science is about repeatable experimentation and measured results. Suppose your AI processes can’t be repeated, and production is being done manually. In that case, data science has been reduced to a data hobby.
- Don’t fear failure: deploying AI is a continuous journey
The formula for successful enterprise-wide AI adoption is nurture the idea, plan, prove, improve and then scale. Mistakes will be made, and lessons learned. This is a completely normal – and valuable – part of the process.
Lighthouse projects need to be proven to work, processes need to be streamlined and teams need to upskill. Businesses need a culture of learning and continuous improvement with people at the centre, through shorter cycles, to drive real transformation.
An experimental culture and continuous improvement, through shorter cycles, can drive real transformation. A successful AI strategy acts as a continually evolving roadmap across the different business functions (people, processes and technology) to ensure your chosen solutions are working towards your business objectives. In short, let your business goals guide your AI transformation, not the other way around.
Iron Mountain releases 7-steps to ensure digitisation delivers long-term benefits
Iron Mountain has released practical guidance to help businesses future-proof their digital journeys. The guidance is part of new research that found that 57% of European enterprise plan to revert new digital processes back to manual solutions post-pandemic.
The research revealed that 93% of respondents have accelerated digitisation during COVID-19 and 86% believe this gives them a competitive edge. However, the majority (57%) fear these changes will be short-lived and their companies will revert to original means of access post-pandemic.
“With 80% still reliant on physical data to do their job, now is a critical time to implement more robust, digital methods of accessing physical storage,” said Stuart Bernard, VP of Digital Solutions at Iron Mountain. “Doing so can enhance efficiency and deliver ROI by unlocking new value in stored data through the use of technology to mine, review and extract insight.”
When COVID-19 hit, companies had to think fast and adapt. Digital solutions were often taken as off-the-shelf, quick fixes – rarely the most economical or effective. But they are delivering benefits – those surveyed reported productivity gains (27%), saving time (20%), enhancing data quality (13%) and cutting costs (12%).
So what now?
The Iron Mountain study includes guidance for how to turn quick-fixes into sustained, long-term solutions. The seven-steps are designed to help businesses future-proof their digital journeys and maximize value from physical storage:
1) Gather insights: The COVID-19 pandemic allowed organisations to test and learn. Companies should ensure these insights are fed into developing more robust solutions.
2) Use governance as intelligence: Information governance and compliance are fundamental to data handling. But frameworks aren’t just a set of rules, they hold valuable insights that can be turned into actionable intelligence. Explore your framework to extract learnings.
3) Understand your risk profile: A key early step is to analyse where you are most vulnerable. With data in motion and people working remotely, which records are at risk? What could be moved into the cloud? Are your vendors resilient?
4) Focus where you will achieve greatest impact: To prioritise successfully, you need to know where you will achieve the largest impact. This involves looking beyond initial set-up costs towards the holistic benefits of digitisation, including reducing time spent on manual scanning, and the risk of compliance violations.
5) Reach out and collaborate: We are all in this together. Your IT, security, compliance and facility management teams are all facing the same challenges. Ensure you collaborate across functions to develop robust, integrated solutions.
6) Find a provider who can relate to your digital journey: For companies that still rely heavily on analogue solutions, digitisation can be daunting and risky. It pays to find a vendor who has been on the same journey, understands your paper processes and can guide you through the digital world.
7) Prioritise and evolve communication and training programmes: To reap the full rewards from any digitisation initiative, thorough and continuous communication and training is critical. Encouragingly, our survey found that 81% of data handlers have received training to work digitally which is an excellent step in the right direction, but consider teams beyond data handling to truly succeed.
The research was commissioned by Iron Mountain in collaboration with Censuswide. It surveyed 1,000 data handlers among the EMEA region. It found that the departments that have digitised more due to COVID-19 include IT support (40%), customer relationship management (36%), and team resource planning (34%).
3D Secure: Why are fraudsters still slipping through the net?
By Tim Ayling, VP EMEA, buguroo
There is a constant tension between keeping online payments secure, and offering an easy and frictionless user experience. Digital transformation – especially accelerated by the global pandemic – leaves consumers expecting online services to be seamless. Customers are even liable to abandon a process altogether if they encounter a hurdle.
Financial regulation and security protocols exist to help ensure that a balance is maintained between offering customers this frictionless experience, and keeping them and their funds safe from fraud attacks.
What is 3D Secure?
3D Secure is one such protocol. This payer authentication system is designed to keep card-not-present (CNP) ecommerce payments secure against online fraud. The card issuer uses 3D Secure when a card is used to pay for something online, authenticating the customer’s identity based on personal identifiers, such as the three-digit CVV code on the back of a card, as well as the device they’re using to make the payment and their geolocation or IP address.
3D Secure is important because although transactions can be accepted or denied based on the level of risk, it’s not always as clear as ‘risky’ or ‘not risky’. A small number of transactions will have an undetermined or questionable level of risk attached to them. For example, if a legitimate customer appears to be using a new device to buy goods online, or appears to be attempting to make the transaction from an irregular location. In these instances, 3D Secure provides a step-up authentication, such as asking for a one-time password (OTP).
Getting the right balance
3D Secure is a helpful protocol for card issuers, as it allows banks to comply with Strong Customer Authentication as required by EU financial regulation PSD2 as well as increase security for transactions with a higher level of risk – thereby better filtering the genuine cardholders from fraudsters.
This means that the customers themselves are better protected against fraud, and the extra security helps preserve their trust in the bank to be able to keep their money safe. At the same time, the number of legitimate customers who have their transactions denied is minimised, improving the customer’s online experience.
So why are fraudsters still slipping through the net?
Fraudsters are used to adapting to security protocols designed to stop them, and 3D Secure is no exception. The step-up authentication that is required by 3D Secure in the instance of a questionable transaction often takes the form of an OTP, a password or secret answer known only by the bank and the customer. However, there are various ways that fraudsters have devised to steal this information.
The most common way to steal passwords is through phishing attacks, where fraudsters pretend to be legitimate brands, such as banks themselves, in order to dupe customers into giving away sensitive information. Fraudsters can even replace the pop-up windows that appear to legitimate customers in the case of stepped-up authentication with their own browser windows disguised as the bank’s. Unwitting customers then enter the password or OTP and effectively hand it straight over to the fraudsters.
Even when an OTP is sent directly to a customer’s phone, fraudsters have found a way to intercept this information. They do this through something called a ‘SIM swap scam’, where they impersonate their victim and manage to get the legitimate cardholder’s number switched onto a different SIM card that they own, thereby receiving the genuine OTP in the cardholder’s place.
This is especially an issue for card issuers when taking into account the liability shift that is attached to using 3D Secure. When a transaction is authenticated using 3D Secure, the liability moves to lie with the card issuer, not the vendor or retailer. If money leaves a customer’s account and the transaction was verified by 3D Secure, but the customer says they did not authorise the transaction, the card provider becomes liable for any refunds.
How AI and Behavioral Biometrics can be used to plug the gap
Banks need to find a way to accurately block fraudsters while allowing genuine customers to complete online payments. AI can be used alongside behavioural biometrics as an additional layer of security to cover the gaps in security through continuous authentication of the customer.
Behavioural biometrics can collect and analyse data from thousands of parameters around user behaviour such as their typing speed and dynamics, or the trajectory on which they move the mouse, throughout the entire online session. AI processes are used to dynamically compare this analysis against the user’s usual online profile to identify even the smallest of anomalies, as well as against profiles of known fraudsters and typical fraudster behaviour. AI then delivers a risk score based on this information to banks in real time, enabling them to root out and block the fraudulent transactions.
As this authentication occurs invisibly, the AI technology can recognise if the customer is who they say they are – and that it isn’t a fraudster trying to input a genuine OTP they have managed to steal through phishing or SIM swapping – without adding any additional friction.
Card issuers cannot decline all questionable transactions without losing customers, while approving them without additional checks poses security issues that can result in financial losses as well as losses in customer trust. Behavioural biometrics is a foundational technology that can work simultaneously to 3D Secure to keep customers’ online payments safe from fraud while maintaining a frictionless experience and minimising the risk of chargeback liability for banks.
Motivate Your Management Team
A management team, typically a group of people at the top level of management in an organization, is a team...
The Income Approach Vs Real Estate Valuation
The Income approach is only one of three main classifications of methodologies, commonly referred to as valuation approaches. It’s particularly...
How To Create A Leadership Philosophy
A leadership philosophy describes an individual’s values, beliefs and principles that they use to guide a business or organization. Your...
How to Build an AI Strategy that Works
By Michael Chalmers, MD EMEA at Contino Six steps to boosting digital transformation through AI In the age of artificial...
Leumi UK appoints Guy Brocklehurst to property finance team as Relationship Manager
Multi-specialist bank announces the appointment of Guy Brocklehurst to its property finance team Guy Brocklehurst has joined London-based Leumi UK...
Three times as many SMEs are satisfied than dissatisfied with COVID-19 support from their bank or building society
More SMEs are satisfied (38%) than dissatisfied (13%) with their COVID-19 banking support Decline in SMEs using personal current accounts...
Tax administrations around the world were already going digital. The pandemic has only accelerated the trend.
By Emine Constantin, Global Head of Accoutning and Tax at TMF Group. Why do tax administrations choose to go digital?...
Time for financial institutions to Take Back Control of market data costs
By Yann Bloch, Vice President of Product Management at NeoXam Brexit may well be just around the corner, but it is...
An outlook on equities and bonds
By Rupert Thompson, Chief Investment Officer at Kingswood The equity market rally paused last week with global equities little changed...
Optimising tax reclaim through tech: What wealth managers need to know in trying times
By Christophe Lapaire, Head Advanced Tax Services, Swiss Stock Exchange This has been a year of trials: first, a global...