Matthew Ravden

I ran a panel session last week at the Legal Week Strategic Technology Forum on ‘Information Governance Best Practice’. I wanted to explore how concerned legal CIOs are about security threats and spear phishing in particular.

Also, how on top of compliance they are in terms of managing the huge amount of data they have and applying policies to it; and finally how predisposed they are to the idea of retaining more, rather than less, so they can apply business intelligence technology to deliver insights to the business.

Mimecast’s Chief Strategy Officer, Matthew Ravden, ran a panel session last week at the Legal Week Strategic Technology Forum on ‘Information Governance Best Practice’ focusing on security threats and spear phishing in particular.

On security, the reaction was unsurprising but also gratifying. No law firm wants to be the first to suffer a major breach, so there was a great deal of concern about the growing threat of spear phishing, as well as more mundane things like new strains of nasty viruses hovering at the gateway. But – and I have to declare that my panel consisted of three Mimecast customers – it was quite clear that these guys were happy to entrust the job of keeping out bad stuff, and bad people, to us. I talked about the fact that the Snowden/NSA saga seems to have created something of a cloud backlash, but most of the CIOs I spoke to here said that they felt sure that their data was safer in the cloud than it would be if they held it on-premise. This had a caveat – provided you choose the right cloud vendor. This was music to my ears, because we’ve heard a lot about companies insisting on holding encryption keys on-premise because they don’t want the cloud vendor to have theoretical access to it. And it’s ironic to hear this view touted as part of the post-Snowden paranoia, since Snowden created this furor by leaking documents from within.

On compliance, it’s quite clear that legal CIOs have their hands full getting a handle on the data management. And it’s not just data in digital form. Rooms full of files, CDs lying unencrypted in drawers. Lawyers who don’t want to listen to new ideas on good practice for managing data (and not leaving it on buses, or dictating loudly into machines whilst on trains). There’s a lot of cooperation going on between IT and risk and compliance teams, and that would seem to be a very good thing. But getting the information under control, perhaps into a single repository as opposed to multiple siloes, is a long and painful task.

By the time I got to the idea of ‘digital preservation’ vs. ‘defensible deletion’ it was pretty obvious that these firms, on the whole, have enough on their plates without entertaining ideas like ‘corporate memory’ and the suggestion that all data is useful, and it should be kept in perpetuity! Of course, it’s not that simple in the legal sector. Much of the data in the archive belongs to the law firm’s clients, rather than the law firm itself. So keeping it – and worse yet – analyzing it, could cause all sorts of complications.

They will get there, though. There was a presentation at the conference about the use of business intelligence tools to analyse data – albeit mostly financial data – to help the law firm get a handle on how much profit each lawyer is contributing to the business, and how well managed each case is from a commercial point of view. This may seem like baby steps, but if analysis of data in its early iteration can contribute directly to bottom line performance, then we’ll see more and more of it being deployed.

And I fully expect next year to be a different story altogether.


Here at the Legal Week Strategic Technology Forum this week I've been listening to, and participating in, various panel discussions around what constitutes good information governance in the legal industry.

This does seem to be a particular challenge to law firms because there are some very entrenched and outdated ways of working that are very hard to shift, both on the lawyer and client side. The CIOs and Information Architects at this event are clearly trying to make sense of this, and deliver value to the business, but it’s often a slow and painful process.

Matthew Ravden, Chief Strategy Officer, Mimecast chaired a panel discussion at Legal Week Strategic Technology Forum 2014 on ‘Best Practice Information Governance’

One of yesterday’s panel sessions was all about the use of so-called ‘consumer-grade’ services such as Gmail and Dropbox. As is so often the case, Dropbox was called out as the poster child for dangerous, non-compliant tools that end users inside law firms use to collaborate and send large files. There was a quite clear sense from the CIOs in the room that the use of Dropbox is not ideal, but equally, a somewhat disappointing tone of resignation that it’s too difficult to police. So although the room was split in half with those ‘for’ and those ‘against’, very few were advocating any kind of ban on its use. In fact, it seemed to be considered relatively low risk (in the grand scheme of things) provided the right Ts and Cs were in place to ensure ‘proper’ use, and an acceptance of where accountability might lie in case of something going amiss.

I’ll confess to finding this a bit mystifying. I wouldn't say that outlawing the use of certain tools is necessarily the way to go – all it’ll do is cause resentment, and force bad practice underground – but surely IT should be guiding users towards tools that fit squarely within the approved corporate framework, and keep sensitive material protected and discoverable. There’s clearly a belief that no matter what’s mandated, it’s very hard to enforce, particularly if the end users are head-strong lawyers. But if the tool that’s been suggested as an alternative offers an entirely frictionless, simple user experience, then it should be quite a simple task to affect a change. Shouldn’t it?

Mimecast’s Large File Send product, from an IT point of view, ticks all the boxes for security and compliance. But from the end user’s perspective, it can be pretty much invisible. You just send the large file in the same way you’d send any file. There’s a .lfs suffix if you care to look closely, and you get a pop-up window that gives you some options over how long you leave the file accessible for, if you want a notification that it’s been accessed, and so on.  But other than that, the message to the end user is, ‘you don’t even have to leave Outlook.’ Surely, for this particular use case of Dropbox, or Hightail, or WeTransfer, it’s a no-brainer?  Want to send large files? Go back to email!

All of this is easy to say, of course, but it doesn't mean that lawyers will necessarily down tools and adopt a different service straight away. If they’ve got used to something, they won't want to change.

The solution may well be to personalize the problem – or rather, personalize the upside of using a tool like Large File Send.  For example, lawyers like to know when a client has accessed a file, or indeed sent them a file, and Large File Send will alert them as soon as this happens.  With something like Dropbox, it’s likely that the client will put the file on the service and then have to call or email the lawyer to tell them it’s there. Two steps rather than one.

As well as unruly lawyers, the CIOs in the debate pointed to clients’ own practices having a significant influence on the tools that are used to exchange information. But once again, I was left thinking that surely it’s in both sides’ interests to use secure, enterprise-grade technology rather than tools that put data at risk? The same rule applies, though. The experience has to be easy, or the client will stick to what they know best. Again, Large File Send can help here. If you want to receive a large file from a client, simply ‘request a large file’ using Large File Send and the client can upload the document securely and send it to you. They don’t even have to be a Mimecast client.

I resisted the temptation to launch into a sales pitch – in fact I was under strict instructions not to. But for goodness sakes – if you want to send large files, and send them securely – just go back to email!!


Today we’re pleased to announce the launch of our new Office 365 information hub.

Mimecast's new Office 365 information hub is a collection of Office 365 case studies, videos, white papers and articles.

The hub is a collection of Office 365 case studies, videos, white papers and articles for those considering a move to Office 365. The information will be kept up-to-date with the latest thinking and best practice from across the spectrum of IT influencers, system integrators and Microsoft partners.

By making the information easy to find and relevant we hope it will help IT teams about to embark on an Office 365 migration avoid common pitfalls and challenges.

If there’s anything you would like included in the hub please @reply us on Twitter (@mimecast) and we'd be happy to have a look.


If there’s one thing we can be sure about it’s that, at some point in the future, almost nobody will manage mailboxes on premises.  The dominant players look like being Microsoft with Office 365 and Google with Google Apps, though of course others may emerge.

Not surprisingly, then, pretty much every CIO in the world has taken a look at these platforms and adopted a stance.  The stance may involve proactive planning now with a rapid migration in mind, or it might be a case of keeping things as they are until the technology matures further.  Or there might be any number of interim steps that will make a migration easier at some point in the future.  I would wager that there is no CIO that hasn’t started thinking about migrating email, in its entirety, to the cloud.

The Road to Office 365 – It’s Not ‘If’ but ‘When’ and ‘How’

For the last few years Mimecast has positioned itself as a companion technology to Microsoft Exchange, optimizing our cloud services to deliver maximum value to on premises or hosted Exchange customers.  And now, of course, we’re also providing services for Office 365 customers, in both cloud-only and hybrid environments.  Of our 9,000 or so customers, almost all of whom are on some form of Exchange, we are seeing a growing number using Mimecast and Office 365 together.  With Office 365, we support very clear use cases that address specific customer needs that can’t be met by Office 365 on its own.  It could be a particular compliance or eDiscovery need, or a desire for a ‘cloud-on-cloud’ High Availability solution to protect against downtime.

Office 365 may be the eventual destination for most businesses, but that doesn’t mean there is a crazy rush to migrate there or indeed that it’s the only short to mid-term option.  For example, we’re seeing the Managed Service Provider (MSP) market booming, as smaller businesses offload their Exchange infrastructures and move to hosted Exchange suppliers.  At the other end of the scale, Exchange 13 is an attractive option for companies who want to keep their mailboxes on-site.  And we’re seeing a fair amount of hybrid deployment, with IT moving a subset of users to the cloud, with an independent archive like Mimecast’s giving them the flexibility to toggle mailboxes back and forth between on premises and cloud as they see fit.

But let’s not kid ourselves.  These are all interim measures, albeit interim measures that will be very profitable for those organizations operating in the space for some years to come.

The point, I guess, is that we’re all preparing for an Office 365 world.  At Mimecast, we are building out and optimizing our Office 365-specific portfolio so the use cases are crystal clear.  It’s not simply a question of offering alternative tools to those that Microsoft includes with its Office 365 SKUs, but showing how we offer additional layers of functionality that support specific customer needs.  That way, over time, we actually see ourselves becoming an accelerator, or enabler for Office 365 adoption, since we effectively remove short-term barriers to adoption.

Naturally, Microsoft is working hard to add functionality of its own and make Office 365 as robust and feature rich as possible.  Many of the ‘gaps’ that Michael Osterman calls out in his paper, Office 365 for the Enterprise: How to Strengthen Security, Compliance and Control, will be filled by Microsoft over the coming years.  So does that mean third parties will find it hard to build businesses within this ecosystem?  No.  In fact, as the platform matures, more use cases will emerge just as happened with Exchange many years ago.

Microsoft will certainly want to make sure that the common elements of customer need are properly served by Office 365 off the shelf, but this is a company, unlike Google, that has always been committed to its partners, and to the creation of a vibrant community of ISVs around its core platforms. Office 365 will be no different, and there will be plenty of room for third parties who can help customers not only see over the short term hurdles, but enjoy a first class, zero compromise cloud experience in the longer term.