Interview: Baker & McKenzie CIO charts digital pathways for legal giant

The legal business as we know it today is nothing short of a mega cross-jurisdictional global services industry, a spirit that is epitomised by one international brand in particular – Baker & McKenzie.

The market leading firm represents nearly all of the 100 largest and more than half of the top 500 companies on the Forbes list, serviced by over 4,100 lawyers based at 75 offices in 47 countries. Last year, its revenue rose 2.2% on an annualised basis to $2.43bn (£1.55bn).

Technological stewardship of this legal giant falls to Global Chief Information Officer (CIO) Dan Surowiec, whose rise through the ranks has accompanied incremental adoption of innovative techniques.

“When I joined back in 2000 as a web systems architect, we were just starting to acknowledge and deploy internet technologies for the benefit of the brand, and what such a move could (and currently does) offer to clients. But it came in wake of the Internet bubble having burst, so there was a bit of lag in adoption early on.

“However, by 2004 the pace of digitisation rapidly advanced to a situation where today as an IT department of a global law firm, we have to be on our toes to keep up with the demand for services from our lawyers.”

Meeting those demands is a team over 500 IT professionals with Surowiec at the helm. “I have nine direct reports including four regional IT directors, and five functional technology directors (viz. infrastructure, global support, business solutions, development and information security).”

“The team structure allows ad hoc local IT projects and ensures all business and technical requirements of managing partners and directors at various offices are communicated back via our organisational structure through to the global team.”

The IT team leader is no stranger to working long hours. “It’s a global world and Baker & McKenzie’s world is certainly global! So it’s not uncommon for me to be in the office by 6am and then work at home until 9 or 10pm at night.

“When it’s a standard support issue, I don’t necessarily get involved. We have engineers on standby to cover all of our time zones up to Level 3 support. However, if there is a major incident, a process is in place to alert me.”

And the CIO is not one for outsourcing much. “We have built a shared services centre in Manila, Philippines which we leverage for many functions. It's ‘in-sourcing’ of sorts – they are our own employees handling the data and processes. This mitigates the need to involve third parties as I have viable, reliable capability in-house.”

A number of IT processes including human resources, payroll and finance are conducted at local offices, in accordance with corporate standards set by the Global CIO. “Where we do outsource on occasion, third parties have to agree to our robust due diligence procedures when executing the arrangement.”

Data security remains a worry for every law firm given client confidentiality clauses in the legal business.

“Even normal correspondence has to be made doubly-secure. Because of the large number of jurisdictions we operate in around the world, demand variations in line with both international and domestic privacy regulations have to be accommodated. Furthermore, our lawyers are also on hand to ensure we have all the regulatory information we need to carry out our duties.”

Surowiec has stepped up audits and is often on the road. “If I take 12 months as a benchmark of 100%, then I am on the road 30 to 35% of the year. It’s never enough given the pace of change and need for innovation. However, beauty of technology is also that it makes global communications and coordination possible with colleagues spread around the world.”

“In recent years, we’ve continually improved audit processes, security functions and cross-jurisdictional compliance. The demand for this is not just internal, clients – as they should – often ask us how we secure information. Due diligence processes – both internally and for vendors under contract – has been strengthened since 2009 with continual refinements and expansions.”

All global data transmissions are encrypted by default. Baker & McKenzie is also deploying a cloud-based secure file sharing method akin to an enterprise Dropbox solution with encryption in transit. Surowiec’s team also goes heavy on raising awareness levels within the firm.

“The weakest link in any organisation is the security awareness level of people which varies from person to person. Part of my role as CIO is to make sure our colleagues are aware of their obligations when it comes to protecting information.”

Mandatory briefings for new staff intake, digital training programmes and annual security awareness exercises designed by the CIO help achieve that objective. Yet, security considerations are not stifling initiatives such as BYOD.

“There are a number of issues that need to be dealt with when it comes to bringing personal devices into the office. The core issue is one of safeguarding corporate data. I don’t see much difference in usage profile whether a device is company owned or a personal IT asset. Supporting different devices from a corporate connectivity standpoint is generally straightforward; it’s the working out of security protocols that’s paramount.”

“I acknowledge that BYOD reduces corporate financial burden. We’re taking a slow but sure approach on it necessitated by the broad level of application support that we have across our network, various software and hardware combinations and legacy estate that is gradually being replaced.”

So far the firm has adopted BYOD for smartphones and tablets but jurisdictional take-up and its speed varies. “It’s not an all or nothing approach, as ultimately, I do think BYOD is a good thing. However, colleagues using BYOD have to accept a policy of disabling their personal device if it gets lost or stolen before we enable corporate functions on it.”

Surowiec feels there no such thing as a ‘closed enterprise’ in the digital age. “As a global organisation, there has to be a realisation that people handling our data are not always Baker & McKenzie employees. It’s an extended enterprise with partners going forward.”

While the Baker & McKenzie tech chief is trialling an IaaS-type private cloud network, he reckons that’s just one step from moving into the public cloud. “The latter has many advantages in terms of cost efficiencies; speed of deployment and response time, which no CIO should ignore over the long term.

“Public cloud, at the appropriate time, could enable us to lower capital expenditure on IT infrastructure. Nevertheless, we have to be patient. We are taking ‘a wait and see’ approach to public cloud adoption and for some legal precedents to be set.”

However, what of the annual headline expenditure on IT? “Interestingly enough, in the business of innovation you’d always like more money! We spend between 2 to 4% of our annual revenue on IT; the figure fluctuates every year but is in line with legal industry benchmarks.”

Surowiec demands scalability when it comes to legal software and vendors willing to work in line with his customisation parameters. “The trying to sell a generic platform requiring us to adapt won’t get very far with my team.”

His latest in-house project is the Dynamic Publisher platform. “It’s a tool used by our lawyers to collate multijurisdictional analysis, online, in an interactive format mitigating the need to skim through a linear clunky Word document to find the information they want.

“First project demonstration took place in October 2013; as of today we have 46 different variants in play across our global offices.”

But with all that talk of expenditure and innovation – is he a businessman or tech specialist first? “There’s a very fine line between the two and its blurring fast. I would like to say that I am a businessman first and tech specialist second.

“It goes back to my accounting background and academic work at college. I am savvy with gadgets, yet have a deep realisation that all this technology is meaningless if it's not accomplishing the purpose of changing the way we do business. Internal and external pressures are pushing Baker & McKenzie into thinking of new ways of delivering legal work products.”

However, Surowiec says it’s unrealistic for legal sector CIOs to claim “we’re becoming the business.”

“We can’t supplant the legal intellectual analysis and capacity of a classically trained lawyer. I see myself and my team as enablers, the fundamental vehicle for creating a knowledge chain within the organisation and ultimately disseminating that out to the clients.”

“There is not a single project I hear anymore that doesn’t involve an IT component of some sort. So we are becoming a part of conversations where we weren’t involved in the past.”

“In general, the real challenge for CIOs is about how we drive top-line revenue growth through innovative use of technology, rather than merely reducing costs or increasing efficiencies. When we demonstrate that, and in incremental numbers; we become a more critical business partner to the board.”

Reflecting on his professional journey, Surowiec says 1990-1999 was a great decade to embark on a career in the IT industry, as he did. “I am a person who is not very change averse by nature and enjoyed the evolution around me as ‘tech’ became a household term.

“Over the years, I’ve worked as a developer, operations IT executive and a systems administrator and it all helps you understand and manage colleagues’ expectations as a CIO. I am not afraid to think outside the box because there are many ideas which might seem farfetched today, but have the potential to become the norm tomorrow.

“The only way you’ll know whether an idea is going to take-off or not, is by backing it and taking it through to conclusion. There’s no harm in thinking a little bit laterally from your current strategy. Don’t be afraid to make mistakes, but make sure you learn from them and always focus on the customer.”

CV: Dan Surowiec

2011 – Present: Global CIO, Baker & McKenzie
2005 – 2011: Director of Global Infrastructure, Baker & McKenzie
2003 – 2005: Global data centre manager, Baker & McKenzie
2000 – 2003: Lead architect of web systems, Baker & McKenzie
1999 – 2000: Consultant, Whittman-Hart
1996 – 1999: Software engineer, NCR Corporation
1996 – 1998: Financial Specialist, NCR Corporation