January 2017 | Volume 18, Number 1

Continued on page 3

Computer security is a frustrating necessity for modern organizations. We need it, even if we don’t necessarily like it. Security should not prevent the employees of an organization from doing their jobs, nor should end users try to affirmatively subvert reasonable computer security measures for their personal convenience.

Computer security has existed since the very first computer hackers in the 1960s and 1970s began exploring mainframe computer systems via purloined dialup modem numbers. Since that time, the world has stored more and more of its critical information in electronic format in digital repositories—and hacking

has become more and more sophisticated. Today, hacking is an important form of corporate and state-sponsored espionage, and preventing unauthorized system intrusions is both critically important and an ever-growing business.

Computer security has come a long way since the very first password systems were developed and put in place. Today, for example, organizations are encouraged to segment their various systems so that an intrusion into one server or system doesn’t necessarily compromise all other devices on the network. Each segment is typically separated

by additional security, so that a stolen password cannot provide access to more than one server or system. Thus, system users often need separate passwords to log onto their corporate computer network, their work email account, internal intranet/SharePoint site(s) such as case management systems, HR systems, timekeeping systems, and travel reservation sites—just to mention a few of the internal systems found inside a typical organization.

In addition to segmenting an organization’s networks, passwords themselves have been made much more difficult to crack. The days of passwords like “password” and “qwerty123” are over, and most systems today routinely require passwords that contain a mixture of upper and lower case letters, one or more numbers, and one or more special characters such as #%&*!. Some systems even generate passwords to prevent users from using such obvious and easily guessed passwords as “Qwerty123!.” Most systems now require that users change their passwords every 60-90 days so that any misappropriated passwords quickly become obsolete and nonfunctional. And,

Too Much Computer Security? A Request for Better Customer Relations

By Conrad Jacoby, Esq., Founder, efficientEDD, Washington, DC1

Please direct any comments or questions to either of the editors in chief:

PracticeInnovations

In This Issue EDITORS IN CHIEF

2

EDITORIAL BOARD

Is Virtual Reality Finally Ready for Business Use?

By Joseph Racyznski

The speed of communication and information dissemination is bridging communication gaps that existed for eternity. The next evolution will allow people to interact with others unlike ever before. Virtual Reality (VR) is this emerging technology ushering us into a new realm.

Big Law, Big Data, and Bigfoot

By Jeffrey Brandt

Big Data is a term that has been thrown around loosely within the legal world for many years now, but has there ever been an actual sighting of Big Law firms doing something with big data? Does Big Law even have big data?

Passwords are Dead

By Bobby Kuzma

This article will explore why passwords are especially prized, along with technique, technologies, and best practices that you can leverage to reduce your exposure to credential theft attacks.

Too Much Computer Security? A Request for Better Customer Relations

By Conrad Jacoby, Esq.

Computer security should not prevent the employees of an organization from doing their jobs, nor should end users try to affirmatively subvert reasonable computer security measures for their personal convenience.

The Pen is Dead. Long Live the Pen.

By Don Philmlee

New technologies such as digital pens, digital paper, handwriting recognition, and more are pushing handwriting, as well as how we record our thoughts, into the 21st century.

William ScarbroughChief Operating OfficerBodman PLC6th Floor at Ford Field1901 St. Antoine StreetDetroit, MI 48226office: 313-393-7558fax: 313-393-7579email: wscarbrough@bodmanlaw.com

Lisa Kellar GianakosDirector of Knowledge ManagementPillsbury Winthrop Shaw Pittman LLP1200 Seventeenth St., NWWashington, DC 20036615-622-3667lisa.gianakos@pillsburylaw.com

Sharon Meit Abrahams, Ed.D.National Director of Professional Development/Diversity & InclusionFoley & Lardner LLP Miami, FL

Toby BrownChief Practice Management Officer Perkins Coie LLPSeattle, WA

Silvia CoulterPrincipalLawVision GroupBoston, MA

Elaine EganHead of Research & Information Services - AmericasShearman & Sterling LLP New York, NY

Sally GonzalezKM Strategy ConsultantFarrell AssociatesScottsdale, AZ

Jean O’GradySr. Director of Research, Information & Knowledge Management ServicesDLA Piper, US, LLP Washington, DC

Don PhilmleeLegal Technology ConsultantWashington, DC

Kathleen SkinnerDirector of Research ServicesMorrison & Foerster LLPSan Francisco, CA

William ScarbroughChief Operating OfficerBodman PLCDetroit, MI

Lisa Kellar GianakosDirector of Knowledge ManagementPillsbury Winthrop Shaw Pittman LLPWashington, DC

Cloud Choices Mature: What Works for the New Legal Business Model?

By Keith Lipman

What are the risks and rewards of moving from an on premises to an “in the cloud” strategy for serving up firm applications? Cost savings seem obvious, but there are numerous factors to consider. In the end, control over the user experience may be the most critical factor in making the decision.

3Practice Innovations | January 2017 | Volume 18 | Number 1

Too Much Computer Security? A Request for Better Customer Relations

to discourage automated brute force hacking attempts, most systems are now configured to lock out any user who enters an incorrect password three times in a row.

Properly implementing these basic computer security best practices can make it much more difficult for hackers to gain access to an organization’s full information. However, these same best practices also make it more difficult for authorized users to access the information that they need to perform their work. It’s extremely difficult, if not impossible, for users to remember auto-generated system passwords like “F%mc#!L;cvb)” . Even more important, it is less and less possible for users to remember the many unique user ID and password combinations that they need to access each tool or network segment as part of their ongoing job duties.

Faced with these logistical challenges, too many computer users choose to become highly unsecure users—just to complete their job-related tasks. Some write down all their system-specific user IDs and passwords because they simply cannot remember them all. Others try to use the same password to access multiple systems, so that they have fewer unique passwords to remember and manage. Worst of all, some users get so frustrated by their work-related security that they forward work-related and/or sensitive documents to an unsecure location such as Gmail or Yahoo! mail so that they can work on them using computers and systems not subject to an organization’s security measures.

In short, when computer security is pitted against the actual everyday business objectives of an organization’s employees and staff, robust computer security can be compromised by the very people whom security is supposed to protect—and compromised even before an organization is the target of any actual hacking or phishing schemes. Shouldn’t there be a better way?

Improving the Computer Security Customer RelationshipsComputer security is premised on the idea that both intruders and employees should be prevented from accessing areas and information for which they are not authorized. By its nature, this policing requires a somewhat militant and antagonistic outlook, and this can create deep mistrust between security professionals and the users who are being protected by the security measures. In this context, users also push back against what they view as arbitrary or overreaching security measures.

Security measures are challenged (and compromised) by users most often when they are difficult to implement (e.g., 20+ passwords) and when the users disagree with the need for these protections. Thus, computer security would benefit from addressing two separate concerns: (1) managing the technical and logistical burdens of necessary computer security; and (2) educating users so that they understand and accept the reasons that security measures are needed.

A. Managing Security TechnologyOne of the biggest user complaints is the need to use different credentials to log into different systems at work. Two current technologies are being used to help manage that burden. For example, some organizations have concluded that a two-factor authentication system, which combines a password with some unique physical object like an ID card or an RSA token, is sufficiently secure that it can be used to authorize access to multiple systems and tools. Users may have to log in more than once, but always with the same credentials. Other organizations have permitted users to organize their different passwords using password management tools like LastPass (https://www.lastpass.com) that store a user’s many different passwords on a securely encrypted server and let a user access and deploy them through use of a single master password. These services rely on the security and integrity of the master password repository, though, which are themselves a constant target for hackers.

A third approach, passphrases, creatively extends existing security practices. In general, the longer the password, the more combinations are possible and the more difficult it is to guess. However, many user passwords aren’t random—they are instead based on actual words or significant dates, making them easier to remember (but also easier to guess). Pure gibberish passwords like 5HM%#Z9v are much harder to guess—but they are also quite hard for most people to memorize, especially if they must be changed every 30-60 days. Passphrases combine elements of both approaches, asking users to create a random phrase like “Amydrives7purplegoatsvividly?” that is both memorable yet nonsensical—and that will then be used to authenticate users as they access different systems and tools at work. Not all systems presently support passwords that can be extended to passphrase lengths, but this is a promising, user-friendly approach, even when passphrase rules are set to require the inclusion of upper and lower case characters, numbers, and one or more special characters.

4

Too Much Computer Security? A Request for Better Customer Relations

B. Educating the User CommunityMany computer users don’t fully understand why computer security is so necessary. While most users understand the problem of computer viruses and automatically take steps to reduce that particular threat, far fewer understand the number of intrusion attempts that are routinely made against organizations. In 2003—ancient history by Internet standards—a frequently cited study estimated that as many as 25 billion intrusion attempts per day were being made across the Internet.2 In 2013, it was reported that the Pentagon estimated it was deflecting 10 million intrusion attempts per day, and some have criticized this article for understating its numbers.3 These are powerful demonstrations of the need for robust computer security.

Large corporations, the NSA, and the Pentagon are not the only attractive targets for hackers. Law firms are also extremely attractive targets, as they often store sensitive client documents relevant in legal disputes or are supporting clients in business deals that have not yet been disclosed to the general public.4 Information about the need for strong computer security is readily available, even if not necessarily widely read, and it would greatly benefit in-house computer security teams if more of their users understood the true number of threats being deflected by their organizations’ security measures.

ConclusionComputer security is a frustrating necessity for modern organizations. We need it, even if we don’t necessarily like it. However, security should not prevent the employees of an organization from doing their jobs, nor should computer security become the primary focus of every single organization, prioritized over its “real” purpose. In return, end users shouldn’t try to affirmatively subvert reasonable computer security measures, simply for the sake of their personal convenience. In the end, organizations include both end users and security professionals; we really are on the same team.

Sources1. Conrad Jacoby is an attorney and consultant who provides technology and e-discovery counseling to a diverse range of clients. He also manages over 30 unique user ID/password combinations for his work and personal life. This article represents the personal opinions of Mr. Jacoby and does not constitute an official position held by any of Mr. Jacoby’s clients or employers. Copyright 2016 Conrad Jacoby. All rights reserved.

2. Yegneswaran, Barford, and Ullrich, “Internet Intrusions: Global Characteristics and Prevalence,” available at https://www.cs.usask.ca/ftp/pub/discus/seminars2003-2004/internetIntrusions.pdf.

3. Nextgov, “How Many Cyberattacks Hit the United States Last Year?” available at http://www.nextgov.com/security/2013/03/how-many-cyberattacks-hit-united-states-last-year/61775.

4. Matthew Goldstein, “Law Firms Are Pressed on Security for Data,” New York Times, 3/26/2014, available at http://dealbook.nytimes.com/2014/03/26/law-firms-scrutinized-as-hacking-increases.

Text tk

5Practice Innovations | January 2017 | Volume 18 | Number 1

Passwords are Dead

Scarcely a month goes by without news of another major website or service being breached, with those breaches unsurprisingly focused on authentication credentials, most typically passwords. In this article I’ll explore why passwords are especially prized, along with technique, technologies, and best practices that you can leverage to reduce your exposure to credential theft attacks.

While there are exceptions, when passwords are stored by a computer system or service, they are not stored in a readable format. Passwords are passed through a hashing process. The employed hashing algorithms are special in that they are relatively easy to execute in one direction, but extremely difficult to reverse. This allows a system to store a password in a non-readable fashion, to protect

its security. When a user enters a password it is run back through the hashing algorithm and the result is compared to the stored hash. If they match, the user is granted access. The use of passwords does not prove that the user themselves requested the access, only that someone has used that user’s credentials.

When a malicious actor compromises a system with a large number of users, they will often target the user information, containing usernames, email addresses, and hashed passwords, amongst other information. Those passwords will be cracked, potentially in a matter of days, depending on the specific hashing algorithm used. The process is similar to comparing the password at login to the stored hash, but performed

using automation, at very high rates of speed. Eventually, all passwords would be guessed and become known. At the time of this article, for Windows network passwords, the entirety of possible eight character passwords can be attempted in less than a day with a $500 video card. Consider that multiple video cards can be used, and multiple systems, and we very quickly see that once compromised by an attacker, any passwords stored within a system must be considered compromised immediately. Unfortunately, the average time to detect breaches is still well over six months, permitting attackers a long window of opportunity to execute attacks using stolen credentials before there is reason to believe them compromised. In part, this can be addressed by enforcing risk-appropriate policies, which we will address at the close of this article.

Humans, in general, are very predictable in how they go about choosing passwords. Repeated studies of password generation patterns find that there are significant commonalities in how individuals choose their passwords. This is well known in the security community, as well as amongst malicious actors. Commonly used password patterns involve dictionary words, simple letter replacements (like substituting the “3” for an “E” or a zero for the letter “O”), and appending or prepending numbers or symbols. Due to the known patterns, those attempting to crack passwords will first try things that they know will yield results the fastest. This primarily consists of

By Bobby Kuzma, Systems Engineer, Core Security Technologies, Mulberry, FL

6

Passwords are Dead

dictionary words with common alterations and patterns, followed by lists of passwords used in other contexts.

The point of requiring complex passwords is misunderstood by many users as an effort to prevent the password from being guessed by a malicious actor. The real point of requiring complex passwords is to increase the amount of time, on average, between the hashed password falling into outside hands, and the passwords being recovered and usable for further attacks. You will notice that attackers will specifically try lists of already discovered passwords. This is because over three-quarters of users of computer systems will use the same password on more than one system or service. If the username or email address is also the same across the sites, then it becomes a simple exercise to compromise those accounts unless there are other countermeasures in place.

Usernames and passwords have become increasingly problematic and are not the sole means for users to authenticate themselves on a computer system. Better methods include:

• Biometric information such as fingerprints, hand geometry, retina patterns, and voiceprints;

• Issued items—such as cryptographic certificates stored on either the devices or a secured smartcard technology, issued by a trusted authority;

• Single-use codes that can be generated by dedicated devices such as a key fob, generated by a software application from a mobile device, or sent to a mobile device via text (or Short Message Service), or a voice call.

Each of the above methods improve the accuracy of the authentication process by imposing additional hurdles for an attacker to surmount before accessing a system using stolen credentials. When more than a single factor is utilized, the process is known as multifactor authentication.

Multifactor authentication schemes, while generally more secure than single factor systems, increase the time required to log in to systems. As such, there can be issues with gaining user acceptance of the technologies. This can be countered by requiring the use of multifactor authenticated based on the risk at hand, such as when more suspicious login activities will generate a higher level of scrutiny. As an example, remote login attempts from a previously used system, and from previously used IP addresses would be prompted for just a username and password, while attempts from unknown machines, new IP addresses, or simultaneous remote and local logins would require

the user to enter an additional code that is presented via a known mobile phone using a text message.

An understanding of the potential threats is important in selecting the appropriate policies and the technologies to combat them. All firms must guard against illicit access to protect privileged information, but some types of practice will draw greater attention from malicious actors, which will include both organized criminal enterprises and state-sponsored actors, in addition to more ideological attackers that are driving by a perception of corruption or political frustration. Due care must be exercised.

To that end, consider the following to enhance your firm’s security posture:

• Implement a policy requiring that passwords not be shared across multiple uses, and if possible, implement a software solution that can check new passwords against public disclosures.

• Increase minimum length requirements for passwords to a minimum of 12 characters, and consider decreasing the maximum age of passwords.

• If you utilize third-party services, inquire about enabling multifactor authentication for the services in use. When selecting new service providers, require that they offer a multifactor authentication solution for access.

• Conduct reviews of access entitlements and permissions within your organization, and reduce individual user’s access to the minimum levels consistent with job duties.

• Require that users with administrative access to systems utilize a separate account for privileged activities, and further secure it using multifactor authentication technologies

• Provide training to your users on password handling, including the use of password management software to generate unique passwords for every site/service they access

Law firms in particular are targets for attack given the client sensitive information their systems may hold, especially those representing financial institutions. More and more, legal service providers are being subject to information security or “cyber” audits by their clients and other regulators. They want and need assurances that firms are adequately protecting their data. While creating and enforcing a strong password policy is only one item in a long list of policies needed to survive a cyber-audit, it is one of the easiest to employ and can have an immediate and strong improvement in a firms security posture.

Text tk

7Practice Innovations | January 2017 | Volume 18 | Number 1

I was recently talking with some colleagues about effective use of data and was asked if I thought Big Law was actually doing anything with big data or was it more like Bigfoot, a combination of folklore, misidentification, and hoax? The context was not in terms of eDiscovery-type data, but rather internal data and what law firms are doing with it. It’s an intriguing question and the

ultimate answer is “sort of.” First let’s get on the same page with some definitions.

The Urban Dictionary defines Big Law as “A collection of huge law firms in major cities (particularly NYC) where thousands of Ivy Leaguers and honor students make six-figure salaries straight out of law school. They usually quit after a couple of years of virtual slavery, but if they stay in the game, they end up running the country.” That gets some of the idea across but is a little snarky for my taste. Big Law is simply slang for large law firms. The definition of large can vary by geography and has grown over time. The first law firm I worked for was an AmLaw 100 firm with 250 lawyers and at the time the largest law firm had about 700 lawyers. In today’s market where the largest of law firms number some 8,000 or more lawyers, I think it’s

safe to say that several hundred lawyers still constitutes Big Law.

“Big data” is a term that has been bandied about since the late 1990s when it was first used in a NASA paper. The original definition of “big data” was a term for data sets that were so large or complex that traditional data processing methodologies were inadequate. Under that definition, NASA has big data. Walmart has big data. General Motors has big data.

Dictionary.com defines a Bigfoot as “a very large, hairy, humanoid creature reputed to inhabit wilderness areas of the U.S. and Canada, especially the Pacific Northwest.” Elusive and unseen, people doubt its existence. But lest you be a nonbeliever, there are cryptozoologists out there looking for them as we speak.

So in the proposed Venn diagram of these three “bigs,” what’s at the center? An actual sighting of Big Law firm doing something with big data. Does it exist? First we have to overcome the issue that, by definition, law firms do not have big data. They have access to big data systems like Lexis and Westlaw, but internally, nada. Most law firms track only a minimal amount of data. Data processing amounts to what is minimally required to do general accounting on a time and materials basis. Law firms have small (tiny) data. But as with so many other things, the term “big data” got adopted in the popular

Big Data is a term that has been thrown around loosely within the legal world for many years now, but has there ever been an actual sighting of Big Law firms doing something with big data? Does Big Law even have big data?  These questions, as well as the important mythical powers of Bigfoot, are discussed in this article about the intersection of these three “bigs.”

Big Law, Big Data, and Bigfoot

By Jeffrey Brandt, Principal, Brandt Professional Services, Auburn, VA

8

Big Law, Big Data, and Bigfoot

lexicon and modified to mean something different from what it used to. Several years ago Forbes ran a great article with twelve definitions of big data. The first several were all variations of the original, but the author, Gil Press, offered up some other interesting definitions. The one that I think applies here is “The merger of Madame Olympe Maxime and Lieutenant Commander Data.” No, seriously, the ones that I think apply are, “The new tools helping us find relevant data and analyze its implications” and, “A new attitude by businesses, nonprofits, government agencies, and individuals that combining data from multiple sources could lead to better decisions.” Under these modified definitions, I think it can be argued that Big Law could have big data.

So we’ve got Big Law and big data, but is it like Bigfoot, mythical and unproven? Are law firms doing anything with the data that they have? Many law firms are slowly awakening from the dark ages of data management that simply tracked the billable hour. Some have jolted

rudely out of bed by their clients. Some firms continue to hit the snooze button over and over. It’s fair to say that many e-billing companies know more about a law firm’s finances then the law firms do. Those that have gotten out of bed are looking to actually analyze the data they have. They are looking to fill the gaps and augment that old data with data more useful to business analysis in the year 2016. As firms get more and more into AFAs, they are being forced into a different type of analysis of the data. The future of Big Law data analysis is to using that data to drive decisions.

In many instances the data is there or can be easily captured. There are more and better analysis tools becoming available. The last part of the equation is for firms to get the right people with the right data analysis skills in the processing roles. There are firms doing it, and those that are have a significant advantage over those that are not. Be a Big Law, big data Bigfoot or risk being trampled by a competing Big Law Sasquatch!

Text tk

9Practice Innovations | January 2017 | Volume 18 | Number 1

Taking notes is a simple task. It really requires nothing more than a pen and some paper. Writing by hand, however, appears to be on the decline as sales of paper and pens are falling off. In a further indication of this decline, school systems increasingly have decided to stop teaching handwriting.

It seems that handwriting is giving way to keyboarding as

computers have proliferated over the last few decades and email, Twitter and texting have become the standard for how we communicate the written word. The efficiency of the keyboard has driven the more laborious chore of handwriting towards extinction.

This is not the first time that technology has superseded handwriting. It has happened before.

In the United States from about 1850 until around 1925, handwritten note-taking and correspondence for business was dominated by a handwriting method called Spencerian Script. While it was a beautiful and flowing form of handwriting, it was very slow to use and required a significant investment in time to learn.

Example of Spencerian Script

Business at the dawn of the 20th century was changing and demanded more efficiency and speed. The slow, but beautiful Spencerian Script was soon supplanted by two new technologies that were better suited to the new and faster pace of business—the typewriter and the Palmer Method.

The Palmer Method was a newly developed handwriting method that was more streamlined than the Spencerian Script method. It was quick to learn and made note-taking much easier and less time consuming. Handwriting evolved and was made more efficient by the Palmer Method, at the same time, the typewriter represented a completely revolutionary technology for the written word. Typewriting required no printing press, was fast and created legible and consistent text. It quickly became the de facto standard for all business correspondence for most of the 20th century.

Pen and paper are far from dead. They are both adapting to new technologies and our relationship with them is changing. New technologies such as digital pens, digital paper, handwriting recognition, and more are pushing handwriting, as well as how we record our thoughts, into the 21st century.

The Pen is Dead. Long Live the Pen.

By Don Philmlee, Legal Technology Consultant, Washington, DC

10

The Pen is Dead. Long Live the Pen.

Digital paper is challenging the very concept of what pen and ink can do:

• Notebook metaphor—Digital paper applications typically work on the metaphor of a paper notebook—providing pages, chapter tabs and multiple notebooks. Also, imagine never running out of paper. Digital paper applications can provide page after page of digital paper. Some applications not only allow the user to scroll down for more paper, but also allow the user to scroll horizontally for a seemingly infinite piece of writing paper.

• Mixing Media—Digital paper applications allow you to easily make notes that combine typed text, handwriting, voice and, video recordings, graphics, charts, and drawings, all on the same page.

• Searchable Handwriting Recognition—Applications like Microsoft OneNote can convert your handwriting (legibly written) to searchable text. Alternatively, you can photograph your paper-based notes and programs such as Microsoft OneNote or Evernote will then process your handwriting to digital paper and make your notes searchable. Operating systems such as Windows have even “baked in” the ability to recognize handwriting (but it must be trained by you to understand your handwriting).

• Record while you write—Many applications will record a meeting (video and audio) while you type or hand-write your notes. Microsoft OneNote and digital pens like the LiveScribe will go a step further and sync the audio recording to your written notes, allowing you to click on a paragraph or word and hear the audio recording made at that point in time. Other pens like the Bamboo Spark will record your handwriting as you write on paper and then transfer the strokes of your pen to a digital paper application—transforming them from analog to the digital—giving you the best of both worlds.

• Collaborative—Today, business is all about collaboration and digital paper with handwriting can easily be shared as part of a collaborative conversation rather than relegated to a paper notebook that gathers dust in your office.

• Editable—Digitally handwritten notes work just like their paper-based counterparts and can easily be edited as needed.

• Take It with You—No need to leave your notes at the office. Because your digital notes are electronic you can carry all of your digital notebooks with you when you travel.

Example of the Palmer Method

While the typewriter and “Palmerized” handwriting reigned for much of the 20th century, they were both eclipsed by a new and also revolutionary technology—the personal computer. The typewriter gave way to the modern computer keyboard, which was even faster and more efficient. “Keyboarding” became the new standard for handwriting and typewritten text and it is now taught almost universally in schools, while the use of handwriting with pen and paper is rapidly declining and is no longer even being taught by many schools.

Today, kids don’t write notes to pass in class, they text. We don’t handwrite and send letters—we send emails. Who will remember things like the flow of a great fountain pen, the smell of a freshly sharpened pencil, the feel of writing on a crisp piece of linen paper? They already seem like relics of a bygone time.

However, pen and paper are far from dead. They are both adapting to new technologies and our relationship with them is changing. New technologies such as digital pens, digital paper, handwriting recognition and more, are pushing handwriting, as well as how we record our thoughts, into the 21st century.

Digital Pen—A digital pen captures analog handwriting and translates it into digital data that can be displayed as handwriting or converted to text. These include Microsoft’s Surface Pen, Samsung’s S-Pen, the iPad Pencil and others. These smart digital pens allow pressure sensitivity, giving different line widths and colors choices, to better approximate using a real pen, pencil or even a brush. Digital pens are now inextricably part of how certain computers like the Microsoft Surface Pro, iPad Pro, or Samsung tablets operate. They can act as a pen, a pencil, a brush, or a computer mouse, to point and click.

Digital Paper— For digital pens to work well they require the digital equivalent of paper. This comes in the form of applications like Microsoft’s OneNote and Word, Evernote, and others. These applications approximate the work and flow of a paper notebook and make taking handwritten notes quick and easy. They are maturing with new and highly improved features like handwriting recognition, voice recognition, and audio recording.

11Practice Innovations | January 2017 | Volume 18 | Number 1

The Pen is Dead. Long Live the Pen.

Writing vs. KeyboardingWhy write rather than type? Without a doubt keyboarding is a faster than handwriting, but handwriting—digital or analog—may be a better choice. According to a 2014 study done by UCLA and Princeton that investigated the effectiveness of different styles of note-taking, students who took notes by hand had better retention and understanding of the discussion than students who took notes on a laptop. The study concluded that typists have a tendency to just transcribe only what they hear, while manual note-takers apparently apply more critical thinking, reframe ideas into their own words, and decide what is important about what is being said. Further, when you keyboard during a meeting on a laptop, it gives the impression that you are not listening and some believe it is perceived as a barrier between you and your client. While writing notes, whether on paper or on a tablet, there is no vertical screen and there is no barrier.

The future of digital pen and paper is bright. The next generation of ink management technology will likely be interactive. You will be able to make simple gestures with a digital pen and do anything you can do with a normal keyboard. Interactive digital ink will transcend just doing handwriting recognition and will encompass the recognition of equations, formulas, shapes, diagrams, musical notation, and more.

Technology is enhancing the humble, everyday pen, giving it new and more powerful abilities. Our love affair with the pen is far from over. There is just more to love. Long live the pen.

Sources“Fare Thee Well My Pen—The Demise of the Pen, Nick Bilton,” New York Times, July 23, 2014, http://www.nytimes.com/2014/07/24/fashion/the-demise-of-the-pen.html

“As Society Sheds Paper, an Industry Shrinks,” Adam Belz, Star Tribune, October 31, 2013, http://www.startribune.com/nov-18-2012-as-society-sheds-paper-an-industry-shrinks/179601951/

“No Room for Erasers, As Technology Deletes Pen Businesses,” NPR, November 7, 2013, http://www.npr.org/2013/11/07/243230361/no-room-for-erasers-as-technology-deletes-pen-businesses

“How the Ballpoint Pen Killed Cursive,” Josh Giesbrecht, The Atlantic, August 28, 2015, http://www.theatlantic.com/technology/archive/2015/08/ballpoint-pens-object-lesson-history-handwriting/402205/

“Why You Should Take Notes by Hand—Not on a Laptop,” Joseph Stromberg, Vox, March 31, 2015, http://www.vox.com/2014/6/4/5776804/note-taking-by-hand-versus-laptop

UCLA-Princeton Study: “The Pen Is Mightier Than the Keyboard Advantages of Longhand Over Laptop Note Taking,” Pam A. Mueller and Daniel M. Oppenheimer, January 16, 2014, http://pss.sagepub.com/content/25/6/1159

“Lawyers Should Take Notes by Hand,” Sam Glover, Lawyerist.com, June 17, 2014, https://lawyerist.com/74436/lawyers-take-notes-hand/

“The Palmer Method,” Wikipedia, https://en.wikipedia.org/wiki/Palmer_Method

“Spencerian Script,” Wikipedia, https://en.wikipedia.org/wiki/Spencerian_script

“Learning Cursive Handwriting All Over Again,” Mark Tucker, WriteAnalog.com, January 9, 2015, http://writeanalog.com/learning-cursive-handwriting/

“Cursive Handwriting is Disappearing from Public Schools,” T. Rees Shapiro, Washington Post, April 4, 2013, https://www.washingtonpost.com/local/education/cursive-handwriting-disappearing-from-public-schools/2013/04/04/215862e0-7d23-11e2-a044-676856536b40_story.html

12

Is Virtual Reality Finally Ready for Business Use?

“It’s like dreaming with your eyes open”—VR Developer

We are rapidly entering a time where space—the distance between people—will have little relevance. Even at this moment, distance is verging on extraneous. A news story breaks in Tokyo and seconds later a goat herder on the Serengeti in Africa can view it on his mobile device. The speed of communication and information dissemination is bridging communication gaps that existed for eternity. The next evolution will allow people to interact with others unlike ever before. Virtual Reality (VR) is this emerging technology ushering us into a new realm. We will delve into VR momentarily, but first we need to understand why now.

How Did We Get Here? We are experiencing an era of exponential growth in several key technological spheres. I call this the Trinity of Forces: processing speed, memory, and AI. The first force states that computer processing speeds are growing exponentially. Known as Moore’s Law, the concept is that computer chip speed doubles every 12-18 months. This is significant. Think of it this

way, the $1,000 computer you purchased in 2001 had the processing power of a gnat’s brain. In 2010, that new $1,000 computer processed as fast as a mouse brain. In 2024 it will process as fast as the human brain. Roughly by 2040 that $1,000 computer you buy from Amazon.com will process as fast as the collective brains of all of humankind. This is exponential growth of processing power.

By Joseph Raczynski, Manager, Technical Client Management, Thomson Reuters, Washington, DC

13Practice Innovations | January 2017 | Volume 18 | Number 1

Is Virtual Reality Finally Ready for Business Use?

The second of the trinity is the exponential growth of memory. Cloud computing has become cheaper and more easily accessible than ever before. In fact, we are at a point where infinite memory will almost be free. Viewing the graphic you can gauge the direction we are headed. In 1956 a memory device the size of a closet had 5MB and cost $120,000. Fast forward to 2005 and 128 MB totaled $99, but then in 2014 we were able to jump to 128 GB priced at $99. This is exponential growth of memory.

The third force of the trinity is Artificial Intelligence (AI), that is, the creation of code-based algorithms which are adaptive and able to evolve rapidly (i.e. computers teaching themselves to learn).

When weaving these three elements together you have a platform for technology to thrive in an explosive fashion.

The Year of VRVR is a slice of sci-fi we have been anticipating for decades. Incubating in a state of inertia, it has been waiting to leverage the Trinity of Forces to rise. Widely discussed, 2016 is the year of VR. Virtual Reality in all of its forms is reliant on technology becoming faster, smaller, and more adaptive, which is happening all around us right now and is pivotal to understanding the business evolution for VR.

The Nomenclature of VR • Virtual Reality (VR)—typically refers to computer

technologies that use software to generate realistic images, sounds and other sensations that replicate a real environment1 using something over the eyes and ears to view and hear. No question VR is the term that gets bantered about most frequently, however there are two other terms that are integral.

• Augmented Reality (AR)—essentially uses a device over your eyes and layers digital information on top of what you see in front of you. This could be text on top of what you are looking at (a text message that just came in) or notifications popping up on your

viewing lens as you walk down the street—perhaps 30 percent off if you walk into Starbucks immediately.

• Mixed Reality (MR)—is the newbie of the trifecta and some industry experts believe it has the most potential for adoption. MR is a newly minted phrase that mixes the best of VR and AR into one package. This medium places extremely realistic imagery over and around what you currently see with your eyes. The largest player in the VR space is Magic Leap, more on that in a moment.

Virtual Reality Emerging All Around UsThe aforementioned advancements in tech are leading us directly to the virtual door of VR for the enterprise. The investment in this space is moving forward faster than ever. In fact, according to Digi-Capital, who tracks this space, “almost $1.2 billion was invested in the first quarter of this year alone, with around $800 million going into Magic Leap. To put this in perspective, $1.2 billion dollars is 25x the level of AR/VR investment 2 years ago in Q2 2014.”2 Initially, many of the dollars are being spent on building out platforms. In addition, the gaming sector is certainly ahead of the curve on investment. Microsoft built the HaloLens which is one of the best examples of Mixed Reality in the market. HaloLens helps with a mundane task where we all might find ourselves needing assistance. For example, a pipe under the kitchen sink is cracked and needs to be replaced. Donning the HaloLens, you open the cabinet door to see the ailing pipe next to your disposal. The HaloLens kicks in and layers graphics on top of the real pipe with arrows and directions for how to dismantle the pipes with the proper plumber’s wrench. The Lens helps you through each step, offering guidance on how to fix the broken pipe. This technology can be envisioned in a myriad of ways to help in the enterprise.

There are several companies that have received the largest investments in this space. Most notably is Oculus ($2 billion) who has partnered up with Facebook to introduce VR to the masses. There is little question Mark Zuckerberg predicts his company will be virtual reality based. Have you seen 360 degree pictures or videos on Facebook recently?

A little known company Magic Leap ($4.5 billion) is the best funded. This quiet startup based out of sandy Ft. Lauderdale is making major waves in the industry. Remaining under radar, they coined the term Mixed Reality (MR). Checkout the video which shows what their lenses could do in the near future: (VIDEO). Aside from these companies, other names of note include Blippar ($1.5 billion) and Mindmaze ($1 billion).3

14

Is Virtual Reality Finally Ready for Business Use?

The Reality of VR in the Enterprise—the Forming of an Experience

Google Smart Contact Lens

The enterprise is probably five years from adoption of VR or honestly, MR. One of the first uses will undoubtedly be connecting people from around the world in one location. Imagine your team of four people needing to meet to discuss a project, Donna in London, Isabelle in Jakarta, Atif in Pakistan, and Neal in South Africa. Currently you could conduct a conference call, WebEx, GoToMeeting, or the best option, a Cisco Telepresence meeting. Soon you will be able to connect to all four people using a set of spectacles. Choose your location for the meeting, the surface of the moon, Amazon rainforest, or sitting on a coral reef. Using glasses you can see each person, as if they were with you. Read their gestures, hear the intonations and feel tactile feedback with devices held in your hands while experiencing what it feels like to be in the Amazon.

Google ImagesAnother impact on the enterprise will be the eventual disappearance of computer screens, monitors and even mobile phones as we use them now. Instead the lenses we wear will display all of the information for our eyes to read and interpret. Picture sitting at a desk with a large wall near you. Your lenses project multiple screens into your eyes which you interpret as on the walls, email, a video chat, your kids photos on one side, and perhaps a document you are writing. MR allows for people to interact with their tangible physical environment, adding a layer of realistic information on top. One day soon you will not be able to tell the difference between reality and VR/AR/MR with the advances in vision displays and tactile sensors. Google is another company in this space. It recently patented contact lenses with the ability to take pictures of the user’s field of vision.

The key to this evolution in for businesses is shrinking technology. Currently the stigma of wearing a large boxy contraption over the eyes is not palatable for work. That said, as we inch closer to VR, one of the reasons 2016 has become the year of VR is due to better screens on mobile devices (true HD video), which can be slid into a headset to interpret. Quite simply the headsets we see on the market now, like the Samsung Gear VR by Oculus, have two magnifying glasses an inch from your phone, powered by software that splits your screen into two related, but slightly different perspectives of what you are seeing. Combine that with the internal accelerometer and gyroscope that all phones have currently and the device knows when you are moving your head so that the screen can react to the motion. You feel like you are seeing something first hand.

Amazing times are ahead with VR/AR/MR. The enterprise will be forever altered by this form of information delivery. As an aside, I would encourage you to dip your toe into this space if you have not already done so. For $2.85 Google Cardboard is a device which allows you to turn your iPhone or Android into VR. There is truly no way to explain it better than experiencing the technology for yourself and, because it is so inexpensive, it is worth the effort. With this experience you can begin to see the transformative affect that VR will have on the enterprise.

Mixed Reality Video

Sources1. “Virtual Reality,” Wikipedia, https://en.wikipedia.org/wiki/Virtual_reality

2. “AR/VR investment hits $1.7 billion in last 12 months,” Digi-Capital, April 2016, http://www.digi-capital.com/news/2016/04/arvr-investment-hits-1-7-billion-in-last-12-months/#.WBZKLtUrKUl

3. Ibid.

15Practice Innovations | January 2017 | Volume 18 | Number 1

Is Virtual Reality Finally Ready for Business Use?

Images1. Somack Holidays, http://www.somak.com/tanzania/arusha

2. Wikimedia Commons, https://commons.wikimedia.org/wiki/File:PPTExponentialGrowthof_Computing.jpg

3. PC World, http://www.pcworld.co.nz/slideshow/540621/pictures-data-storage-then-now/?image=2

4. Forbes, http://www.forbes.com/sites/leoking/2014/07/15/google-smart-contact-lens-focuses-on-healthcare-billions/#12da580c1dfa

5. Joseph Raczynski - Magic Leap, https://www.youtube.com/watch?v=hPLKL_B1gGA

16

What are the risks and rewards of moving from an on premises to an “in the cloud” strategy for serving up firm applications? Cost savings seem obvious, but there are numerous factors to consider. In the end, control over the user experience may be the most critical factor in making the decision. Read on to understand the key elements in evaluating the cloud at your firm.

With an on premises system, firms own and secure their data, can choose how to customize or manage the system, and, in essence, maintain full control over where the data resides and who has access to it. As well, it may be an advantage to pay an upfront CapEx that can then be depreciated and amortized; this is typically the preferred accounting method for many cash-based businesses, such as professional services organizations operating as partnerships.

Both options require you, as the ultimate owner of the information and the one who is relying upon it to run a business, to ensure that everything is being done to meet the business and regulatory needs for your operation. A business is not absolved of that responsibility, or, more importantly, the liability, merely by virtue of assigning that function to an external provider.

Nevertheless, at the end of the day, regardless of which option is chosen, the most important aspect of any software—no matter the delivery mechanism—is the user experience (UX). Here’s why.

Maturity MattersUser experience is about more than just user interface (UI). It considers accessibility, workflow, and other aspects of how users interact with a product.

Experience Matters“The cloud,” as a term, suffers from overexposure; it merely describes a delivery mechanism for software that would otherwise be locally installed. Depending on your own business’s capabilities, accounting preferences, or security posture, you may choose to run a system on premises or via a provider who hosts it for you “in the

cloud.” There are persuasive reasons on either side of the debate.

With a cloud offering, you may never need to worry about who’s looking after infrastructure—the physical systems—assuming your chosen vendor is respectable and does a decent-enough job of it; you are trusting the provider to secure, maintain, backup, and ensure continuity for the systems and data. If that alone isn’t compelling, for many, it’s trading-in the upfront CapEx (capital expenditure) in favor of a monthly OpEx (operating expenditure), which is preferable for many types of businesses including those who have variable growth and need the ability to scale up and down and those who don’t have the cash.

Cloud Choices Mature: What Works for the New Legal Business Model?

By Keith Lipman, President, Prosperoware, Bala Cynwyd, PA

17Practice Innovations | January 2017 | Volume 18 | Number 1

Cloud Choices Mature: What Works for the New Legal Business Model?

When it comes to software selection criteria, UX should always come first with features a close second. Users need an intuitive and enjoyable—or, at least, not painful—UX. A poor UX will absolutely hurt adoption; they’ll use it unwillingly, at best. Poor software adoption can negatively impact the very KPIs the organization aimed to improve in the first place.

As it happens, we’ve now reached a level of maturity in cloud offerings that further refines the discussion: the benefits of shared or “multi-tenanted” cloud versus nonshared or “single tenanted” offerings, which affects UX. Office 365 is a market-dominant example of a shared/multi-tenanted cloud with 60 million users worldwide and adding 50,000 users per month. Net Documents, a leader in cloud-based email and document management in the legal space, is also an example of a multi-tenanted cloud, boasting hundreds of thousands of users, and gaining. By contrast, examples of mature single-tenanted systems include iManage and Microsoft Dynamics CRM. There are pros and cons to each architecture.

A nonshared cloud means better control of upgrades. In a typical, multi-tenanted environment, upgrades cannot be rolled out individually to customers. They are delivered en masse, at the behest of the provider, not controlled by the organization. Unfortunately, there have been numerous instances of multi-tenanted cloud systems being upgraded and negatively impacting every user. In a single tenant cloud, organizations have greater control over rolling-out upgrades and the potential impact of system changes. As a side note, it’s typically more cost-effective for providers to deliver multi-tenanted environments; while this should then translate to lower pricing for users, it does not necessarily.

Many firms have, instead, chosen to deploy their own systems within the nonshared, Microsoft Azure cloud, which enables firms to build or install applications and run them entirely on Microsoft’s infrastructure—protecting their user experience by remaining in control

of upgrades and other rollouts. Many vendors offer this option, including Prosperoware, with its Umbria Cloud, which delivers the reliability of a robust infrastructure while maintaining an element of control.

Cloud Support and the New Legal Business ModelThe law firm operating model is evolving. Firms have become more dynamic in how they serve their clients and more agile with their system adoption and use of technology. In a market full of accelerating mergers, acquisitions, and lateral moves, which also includes cutting and shifting of resources at equal pace, it would certainly make sense to leverage the flexibility of a technology model which can readily scale with the firm—both up and down. To be successful today, firms rather need to focus more on people and process and on training more than just implementing solutions. What they don’t need to focus on so much anymore is the plumbing—infrastructure. The maturity of cloud offerings means firms now have the benefit of choosing which systems to use as well as how and when to use them.

When all the hype around “the cloud” started a few years back, there was little recognition of the fact that, in the long term, it was actually a more expensive proposition. The cost to own and run comparable systems internally was cheaper. Cloud options only made sense for those with inadequate datacenters, poor redundancy or disaster recovery plans, or little money to invest up front.

Today, mature cloud offerings can be an economically advantageous play, whether shared or nonshared; the considerations now are focused on UX and platform control. We’ve reached a point where good, robust offerings are price competitive and can deliver the best of both worlds. It makes sense to host systems in the Microsoft cloud for security, redundancy, and flexibility as well as greater control over end user experience—which, at the end of the day, matters.