Sanjeev Gandhi Sanjeev Gandhi, vice president and head of Intapp Consulting, Intapp.

With alternative fee structures and alternative legal service providers, modern law is increasingly rife with options beyond the law firm, giving the traditional legal model a run for its money.

Sanjeev Gandhi has spent the past seven years watching this change play out. In that time, he was a consultant at PricewaterhouseCoopers (PwC), where he worked with many of the UK's Top 20 law firms.

Gandhi was announced this week as the vice president and head of consulting at Intapp. In his new role as leader of the Intapp Consulting Group, Gandhi will work with law firm leaders to develop technology and data strategies, as well as guide them through a changing marketplace.

Legaltech News recently caught up with Gandhi to chat about his career, law firm technology ups and downs, and how cyber incidents are impacting the legal sector's reputation.

Plugged In

Why the move to the legal technology industry? I've been working with the sector for years. What's changed significantly in the last couple years is law firms have begun to realize that technology is no longer just a capital expenditure. It's not just a cost.

If you look at the progressive law firms that I've been working with, they now see technology and data as a way to build a competitive advantage and improving their brand. Executed correctly, technology is a key enabler for firms to deliver their strategy. So if you're looking at post-merger integration, scalability across international jurisdictions, improving your margins, depending on whatever the strategy is, technology and data are at the heart of that

If I take that into consideration, because of the way the market is moving, it just makes sense for me to come in and work with clients strategically to actually see [implementation] all the way through.

You say it's the more progressive law firms leveraging technology and data. Where is the overall market moving? I think it's all moving that way. I think the progressive ones, the global elite, the global firms, they've been at least at this for the last five years. And now, they've been learning from the big four about how they went through transformations over the last 15 years. And law firms are beginning to realize that actually, other law firms are now doing this, and, 'If we don't start making those moves, we're going to fall behind.' It's tried and tested, and now were seeing it move down to the mid-market and top 100 firms.

With technology implementation, where do law firms fall short? One is too often, there's not a strong enough business case to actually justify spend. They look at the cost size of the business case without looking at the value upside. 'This is what it's going to cost for us to deliver,' as opposed to, 'We need this much money to do something,'

Secondly, law firms have not really picked up on the data-as-an-asset concept. Data historically has not been governed very well. There's not real data taxonomy across the whole firm. There's very little governance and data strategy around how legal can deliver data to different parts of the firm, by geography, office by manager, sector, and practice group, and if you can get your business case right and focus on data supporting your business, that will give you great leaps forward.

What are some of the ways firms can be leveraging data as an asset? Fundamentally law firms are businesses, we shouldn't forget that. And for a business to be successful, for whatever the vision for the firm is—maybe it's being the most profitable firm, having the greatest number of clients, being a full service firm – whatever their strategy is, the key performance indicators at the board level have to cascade all the way down. The board-level KPIs, the vision of the firm, have to be put into a strategic KPI model, and that needs to cascade down the firm. You can talk about KPIs, but if you don't have the data to underpin the KPI, you're never going to be able to drive behaviors by using KPIs.

Where are progressive firms succeeding? In the UK market, less in the US though we're seeing it more, firms have come together through M&A combination, and what that has driven in the last five years is a level of complexity in their application landscape, infrastructure landscape, and data architecture. And what firms have begun to realize it's sub optimal to run so many applications and infrastructure. So firms are beginning to simplify their landscape and architecture, and in doing so are actually freeing up cash to invest in the right areas.

What sorts of impact are breach events like the Paradise Papers having on client perception of law firm security? The whole cybersecurity thing, the whole governance around, 'Who's got access controls, rights and things, is critical for law firms. They hold confidential information, they are working on confidential deals. As the papers that came out demonstrate, there's information they have that is sensitive. And law firms need to realize that the reputational damage of not doing this correctly could be significant.

And I see them beginning to realize. I think the responsibility for this does not reside with the CIO. This needs to sit at the global board level. Because it's too easy to say it's just a CIO problem. The reputation damage to a law firm, it could be irreparable.

Do you think it's going to have any impact in the way law firms invest in security, or expedite security investment? That was the presumption with Wannacry and the Panama Papers. Will it have some impact on the way law firms behave when it comes to security? I think law firms don't like to be scared into purchasing advice or buying technology. Generally, law firms and lawyers are quite conservative and they understand the risks, so I don't think it has an impact. It just brings it front of mind.

You might get a burst of energy or conversation, but firms work under a budget, they make sure their clients have that budget for the next two to three years, and they'll make sure it's in there. Will it expedite it? Possibly. But it's not going to expedite it faster that they make a decision in the next three months on it. They're very deliberate professionals.

Are there some things they actually could be doing to help their reputations in these instances to help breach response efforts? It comes down to having data security. Law firms need to start right at the top. They need to actually allocate accountability and responsibility for these things not down to the CIO level. They need to start taking accountability for data security for breaches for the way things are stored on the document management systems, all of that at all levels. And if you can get accountability to sit at that level, I think that will make a big impact in terms of where the investment goes also in terms of the level of attention it receives across the firm. Partnerships they will respect the board [more than] being told from someone in business services that you need to do something. Sometimes [the CIO] does not carry the same weight.

Sanjeev Gandhi Sanjeev Gandhi, vice president and head of Intapp Consulting, Intapp.

With alternative fee structures and alternative legal service providers, modern law is increasingly rife with options beyond the law firm, giving the traditional legal model a run for its money.

Sanjeev Gandhi has spent the past seven years watching this change play out. In that time, he was a consultant at PricewaterhouseCoopers (PwC), where he worked with many of the UK's Top 20 law firms.

Gandhi was announced this week as the vice president and head of consulting at Intapp. In his new role as leader of the Intapp Consulting Group, Gandhi will work with law firm leaders to develop technology and data strategies, as well as guide them through a changing marketplace.

Legaltech News recently caught up with Gandhi to chat about his career, law firm technology ups and downs, and how cyber incidents are impacting the legal sector's reputation.

Plugged In

Why the move to the legal technology industry? I've been working with the sector for years. What's changed significantly in the last couple years is law firms have begun to realize that technology is no longer just a capital expenditure. It's not just a cost.

If you look at the progressive law firms that I've been working with, they now see technology and data as a way to build a competitive advantage and improving their brand. Executed correctly, technology is a key enabler for firms to deliver their strategy. So if you're looking at post-merger integration, scalability across international jurisdictions, improving your margins, depending on whatever the strategy is, technology and data are at the heart of that

If I take that into consideration, because of the way the market is moving, it just makes sense for me to come in and work with clients strategically to actually see [implementation] all the way through.

You say it's the more progressive law firms leveraging technology and data. Where is the overall market moving? I think it's all moving that way. I think the progressive ones, the global elite, the global firms, they've been at least at this for the last five years. And now, they've been learning from the big four about how they went through transformations over the last 15 years. And law firms are beginning to realize that actually, other law firms are now doing this, and, 'If we don't start making those moves, we're going to fall behind.' It's tried and tested, and now were seeing it move down to the mid-market and top 100 firms.

With technology implementation, where do law firms fall short? One is too often, there's not a strong enough business case to actually justify spend. They look at the cost size of the business case without looking at the value upside. 'This is what it's going to cost for us to deliver,' as opposed to, 'We need this much money to do something,'

Secondly, law firms have not really picked up on the data-as-an-asset concept. Data historically has not been governed very well. There's not real data taxonomy across the whole firm. There's very little governance and data strategy around how legal can deliver data to different parts of the firm, by geography, office by manager, sector, and practice group, and if you can get your business case right and focus on data supporting your business, that will give you great leaps forward.

What are some of the ways firms can be leveraging data as an asset? Fundamentally law firms are businesses, we shouldn't forget that. And for a business to be successful, for whatever the vision for the firm is—maybe it's being the most profitable firm, having the greatest number of clients, being a full service firm – whatever their strategy is, the key performance indicators at the board level have to cascade all the way down. The board-level KPIs, the vision of the firm, have to be put into a strategic KPI model, and that needs to cascade down the firm. You can talk about KPIs, but if you don't have the data to underpin the KPI, you're never going to be able to drive behaviors by using KPIs.

Where are progressive firms succeeding? In the UK market, less in the US though we're seeing it more, firms have come together through M&A combination, and what that has driven in the last five years is a level of complexity in their application landscape, infrastructure landscape, and data architecture. And what firms have begun to realize it's sub optimal to run so many applications and infrastructure. So firms are beginning to simplify their landscape and architecture, and in doing so are actually freeing up cash to invest in the right areas.

What sorts of impact are breach events like the Paradise Papers having on client perception of law firm security? The whole cybersecurity thing, the whole governance around, 'Who's got access controls, rights and things, is critical for law firms. They hold confidential information, they are working on confidential deals. As the papers that came out demonstrate, there's information they have that is sensitive. And law firms need to realize that the reputational damage of not doing this correctly could be significant.

And I see them beginning to realize. I think the responsibility for this does not reside with the CIO. This needs to sit at the global board level. Because it's too easy to say it's just a CIO problem. The reputation damage to a law firm, it could be irreparable.

Do you think it's going to have any impact in the way law firms invest in security, or expedite security investment? That was the presumption with Wannacry and the Panama Papers. Will it have some impact on the way law firms behave when it comes to security? I think law firms don't like to be scared into purchasing advice or buying technology. Generally, law firms and lawyers are quite conservative and they understand the risks, so I don't think it has an impact. It just brings it front of mind.

You might get a burst of energy or conversation, but firms work under a budget, they make sure their clients have that budget for the next two to three years, and they'll make sure it's in there. Will it expedite it? Possibly. But it's not going to expedite it faster that they make a decision in the next three months on it. They're very deliberate professionals.

Are there some things they actually could be doing to help their reputations in these instances to help breach response efforts? It comes down to having data security. Law firms need to start right at the top. They need to actually allocate accountability and responsibility for these things not down to the CIO level. They need to start taking accountability for data security for breaches for the way things are stored on the document management systems, all of that at all levels. And if you can get accountability to sit at that level, I think that will make a big impact in terms of where the investment goes also in terms of the level of attention it receives across the firm. Partnerships they will respect the board [more than] being told from someone in business services that you need to do something. Sometimes [the CIO] does not carry the same weight.