The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/984836
11 WWW.ILTANET.ORG BEST PRACTICES Reconciling Need-to-Know Security with Successful Knowledge Management Adoption Levels Then and Now Historically law firms have been reluctant to implement need-to-know security models. The ILTA 2017 Technology Survey found that only nine percent of mid-sized law firms had currently implemented need- to-know security models. Will we see a dramatic shi moving into 2018 and beyond as client demands and new regulations pressure firms to adopt need-to-know security? An iManage survey of law firm CIOs at the 2017 Legal IT Leadership Summit certainly suggests so: 40 percent of law firms present expected to adopt need-to-know security as their default security model for new maers within the next six to 12 months. The Future with Need-to-Know Security The demands and pressures coming from clients who are aware of current cybersecurity risks and are looking to their professional service firms to take beer care of their confidential information will continue to rise. Professional bodies such as the Association of Corporate Counsel, which represents more than 42,000 in-house counsel, are reinforcing this with security guidelines that strongly promote a move away from the open security model. Does effective knowledge management need to be sacrificed in order to implement need-to-know security? The answer is no – as long as law firms implementing need-to-know security models also review the practices and technologies they use when searching prior work product. Fostering Knowledge Management While Enforcing Need-to-Know Security There are both advantages and disadvantages that law firms should consider as they seek to foster productive knowledge management while maintaining effective security. It is important for firms to address the conflict between security officers charged with protecting the firm's reputation and knowledge managers wanting to continue having broad search capabilities across maers. Addressing both sides of this tug-of-war scenario is critical to strike a balance, but in the end it can be a win-win. Here are a few insights for consideration: Traditional Fragmented Approaches Hinder Options: Fragmented offerings stitched together to deliver a solution that encompasses search, security, AI and document management limit options greatly. To be successful, the solution must deliver an interface that is consistent and user-friendly, have security that does not get in the way of users performing essential tasks and support consistent governance of content across multiple systems. This is difficult to achieve with multi- vendor solutions. Two options are oen proposed when working within these constraints. The first involves the use of maer profiles and experiential data. With this solution, relevant metadata is captured for maers and forms the basis for knowledge management searches. The theory is that the metadata values hold enough information to indicate the value within. Once a relevant maer has been identified, the maer partner or responsible aorney can be contacted for access to the relevant materials. The challenges with this approach are: The ILTA 2017 Technology Survey found that only nine percent of mid- sized law firms had currently implemented need-to-know security models. Get the tech survey results at iltanet.org/pubs.