Fasken uses HighQ’s cloud-based tech for client collaboration portal
We talk often about how our products enable secure collaboration, access, and information governance behind the scenes. This past week, an article about how Fasken Martineau DuMoulin LLP uses HighQ for client collaboration was a perfect example of this. In the article, Robert Garmaise, CIO at Fasken, mentions that they can push HighQ content back into their iManage DM. This capability is powered by SeeUnity! For more about it, read the article.
In a move that will allow the firm to better collaborate with clients and share information, Fasken Martineau DuMoulin LLP is launching a cloud-based client portal.
“We see opportunities to collaborate more richly on document authoring, review, archiving, signing documents, you name it. [We can let] clients launch new transactions that then become new documents. In our current framework, where we had things stored behind the firewall, we had great security here internally, but then we’d go to e-mail things and the security kind of disappears as soon as you do that,” said Robert Garmaise, chief innovation officer at Fasken.
“If you look at our book of business today, most of it is of the type of one client, one practice area. Here we are a national full services law firm but for many of our top Fortune 500 clients we’ve either got real estate or labour or M&A but never the two or three should meet. From a collaboration point of view, if we can use the portal to get clients more aware of the full breadth of services we provide, maybe even have them taste some of the transactions on the other side of the fence, and hopefully win one or two of those over, my God, we’d be so much further ahead than we are today. That’s a big part of the business case: how do we better penetrate the client base we have already?”
The portal is being operated on a platform from London, U.K.-based HighQ Solutions Ltd. which offers cloud-based software and storage solutions.
Garmaise said the project was initiated between six and nine months ago, but it has been during the past three months that the pilot project with the portal has begun. The firm is slowly bringing on selected clients from across all of its areas of practice in order to test out the system, and it hopes to fully launch the application in fall 2018.
“For our initial test clients, we’re looking for maybe not the largest clients in our client base, certainly not the smaller ones, but ones I’ll call medium-plus — big enough to have some complexity, but not so big that any slight hiccup would cause them undue angst because we will learn as we go.
“With a pilot group, you want clients you’ve got a strong relationship with, who are a little bit tech-forward themselves and who are going to be good to partner with,” Garmaise said.
He explained that in order to roll out the project, he has a four-part plan to ensure adoption.
“I’ve got push activities we do to our clients and partners. We are pushing out information about the portal. We are pushing out training, communication, ‘here are things you can tell your clients about the portal.’ We’ve got a pull campaign where we are going directly to clients come September. We’ll be announcing we have this new portal. Here are some of the features and benefits, and here are some of the pain points we think it addresses. The idea is to get some of our clients to start talking to some of our partners.
“There is a bit of a poke aspect, where on a one-by-one basis, either by an individual client, an individual practice or an individual lawyer, we would look to say: ‘Hey we noticed you haven’t used the portal yet, or are using it this way not that way. Might we work together to figure out how to get things to the next level?’
“The key to me is called spread, which is how you get the portal ingrained in everything we do — in our pricing, in our fee responses, in our LPM [legal project management] approach, in how we organize our KM [knowledge management] effort. Suddenly the portal is just part of it and if you’re not using the portal, it feels like you are going against the grain.”
Garmaise said at this point he’s achieved about “two-and-a-half out of four” on the list, having mostly checked off the push and pull and being about halfway through poking.
Document management within the portal will be integrated with the firm’s implementation of the iManage document management software. A client-facing folder will be created for each matter and documents that are placed in the folder will be propagated to the portal. Version control will be dealt with through HighQ’s software which has what Garmaise calls “an automatic sync on the way up from our document management system to HighQ and a manual push on the way down from HighQ to our document management system.
“We really like both aspects of that. We like that we could link either a file or a folder and not have to be manually porting documents onto the portal … at the same time we like the fact we have the opportunity to review documents and changes in the portal before deciding which ones are worthwhile bringing back to our document management system.”
Since Garmaise expects the portal to be used for semiautomated transactions (where the client enters basic information for something like an employment contract to create a first draft which will be subject to lawyer review) there will be a fee for clients to use the portal, although at this point, Fasken hasn’t firmed up its pricing model. It could be a membership fee, a usage fee, or some combination of the two.
So far, Garmaise said client response has been very positive.
“In fact, the first client I showed this to asked, ‘can we use this for non-Fasken matters?’
“We have this issue ourselves, internally, where I show it to practice groups and they ask if they can use it to manage the practice group strategy, let alone interfacing directly with clients. I always say yes. It is part of the roll-out strategy. If we can get folks comfortable with using the tool internally, they will be that much readier when we go to turn the switch on with regard to their clients.”
While Garmaise said Fasken is basically cloud agnostic, one of the firm’s “do or die” requirements was that the data be stored inside Canada’s borders, and it isn’t the only firm to want its data stored locally. That demand from its clients is what led HighQ to build two data centres on opposite sides of Toronto: one in Mississauga and one in Markham.
“You can have a secure data centre internally, but then you get worried about the Patriot Act in the U.S. and other potential legislation elsewhere, and given that we are dealing with a lot of financial services clients, we really require that our client data is hosted here in Canada,” explained Garmaise.
Paul Hunt, chief revenue officer of HighQ said that concern was echoed by HighQ’s other Canadian clients, including Osler, Hoskin & Harcourt LLP, Bennett Jones LLP, and Blake, Cassels & Graydon LLP.
“We have a number of data centres around the world. Data sovereignty is very important. We have started to put more focus on the North American continent and we started to talk to some Canadian firms. We realized that this was very important to them at the current time,” he said.
“We had a couple of clients in Canada using our U.K. data centre. They were willing to start off on the U.K. data centre, but asked, that as part of the contract, we agreed to set up in Canada.”
Hunt said that by building data centres in Canada, the company is demonstrating its commitment to the market because, “It is a pretty significant investment for us because the annual cost of running the data centres and setting them up was about three times the revenue we were going to get from our initial client.”
He figures it’s a good bet for the company because he saw “the appetite for innovation in Canada.” According to Hunt, Canadian firms “seem to be ahead of the curve, compared to their U.S. counterparts.
“Canada, U.K. and Australia seem to be kind of similar for us. We’ll sell to an IT audience and they are empowered to make a decision and move forward and have an influence within the business and with the partners. Whereas in the U.S. we do a lot of selling and we sell to the IT function. They buy it then they’re waiting because the partners aren’t quite as aggressive. I think the U.S. is a little more nervous about security as well — about the cloud and adopting the cloud, whereas other countries are a little bit ahead of them in that sense.”
The data centres are designed to be fault-tolerant and built with multiple redundancies in mind. They have access to multiple networks, multiple Internet service providers (ISPs), multiple exchanges for telephony, multiple power supplies and multiple cooling units. Each server has its uninterruptible power supply (UPS).
On the physical security side, the data centres have exactly what is expected at high-security facilities, including tight perimeter controls, controlled access via multiple identification checks, CCTV, leak detection (to catch water intrusion).
Michael Hall, global head of information security for HighQ, explained that beyond the data centre security, the company designs its own software and operating systems, tests its products against industry-accepted security standards and performs penetration testing (pen testing) on all major releases. (This is an attempt to infiltrate or break its own systems from the outside, just as a hacker would.) The company performs 24/7 network monitoring while also taking defensive measures such as constant scanning for incoming threats including common approaches such as port scanning and IP spoofing.
Law firm data is fully encrypted from the moment it leaves the law firm’s system, and it resides in its encrypted state on the HighQ servers, using what Hall calls “military-grade encryption.” This prevents packet sniffing during transmission.
The company employs two-factor authentication protocols, or it can turn over the authentication process to the firms themselves, if they want to control access and provide single sign-on for their employees.
It also gives law firms the ability to control the encryption key management — an option used by some of HighQ’s Canadian clients. This means giving firms devices to encrypt their own data, and “take the encryption key and lock it away in a highly secured device to which we have no access. And the only way that data can ever be decrypted is by that firm when they access the encryption key management device, extract their key and decrypt it,” explained Hall.
He added that the security that is built into encryption key management devices makes it difficult to thwart, even when access is needed for legitimate reasons.
“When we received the first device in the U.K. to deploy it, in shipping one of the network cards had come out, which should have been a very easy fix: you just push it back in and off it goes. Except with these devices, they have a built-in self-destruct mechanism in that if you take the lid off to try to tamper with them, they basically blow themselves up. They destroy all the hardware and everything that was stored on it. These are not cheap devices, so we had to send it back and get another one. So that’s the level of security. It’s really the James Bond technology — this device will self-destruct in five seconds — that we’re having to deploy to protect our customers’ data,” Hall said, adding that obtaining a replacement device put HighQ’s delivery date to its customers off schedule.
“We’re lucky we built such good relationships with Bennett Jones and Osler because we had a delivery date of March and because of this, we weren’t able to actually deliver it until April, but they understood and everything is good now.”