Leading South African law firm embodies trusted advisor status with a modern security and data governance platform

The comprehensive solution advantage approach

Every industry is becoming digital, and every company generates data, so compliance, risk management, and data privacy are top priorities, especially for law firms. Data governance on a global scale is dynamic, and every year, countries enact new industry or regional data privacy regulations and standards. The impact shines brightest on law firms that help clients navigate legal complexities and mitigate risks across industries and locations. Webber Wentzel, a full-service law firm based in South Africa with 150 years of experience, creates an innovative company culture that was awarded the 2019 Legal Advisor of the Year Award, and followed up with its 2020 Legal DealMakers of the Decade award.

The firm recognized that its mission to support client requests while maintaining changing regulations and standards needed an information security management and data governance platform that could meet standards such as the Protection of Personal Information Act (PoPIA). Webber Wentzel also wanted a solution that would be compatible with the firm’s goals for sustainable, transformative business growth in a heavily regulated industry. PoPIA provides data privacy rights and consumer protections in South Africa. And while protecting privileged information and client data was always a top priority for Webber Wentzel, it saw an opportunity to move beyond the obligations set forth by legal frameworks and be more proactive for its clients.

The firm recognized that investing in information security, compliance transformation, and expanding the knowledge and capabilities of its IT practitioners would also solidify its position as a trusted advisor and create a sustainable competitive advantage. The solutions it chose needed to model the high standard of trust and reliability that the firm’s clients expect from its award-winning position as a coveted risk and compliance counselor.

The firm deployed a comprehensive set of Microsoft tools to build a platform as a service (PaaS) solution, including the Microsoft 365 E5 all up, Microsoft Purview Compliance Manager, Microsoft Purview Data Loss Prevention, and Microsoft Secure Score. “Efficient digital organizations find ways to accelerate every aspect of its processes, people, and technology,” says Warren Hero, Chief Information Officer at Webber Wentzel. By collaborating with Microsoft security and data governance solutions, Webber Wentzel can focus on more strategic initiatives with General Counsel and internal business units rather than spending time on manual tasks. The firm gathers and stores ample amounts of highly confidential legal information, and it wanted to centralize data from employee insights on Microsoft Teams, client information on Microsoft Dynamics 365, and financial data from Workday, and bring it all together into Microsoft Purview Records Management.

“Our clients ask us interesting questions about how to prevent future risk and legal actions and want to understand our security posture in real time,” says Hero. “With Microsoft Purview Data Loss Prevention, being able to apply endpoint data classification on the fly helps us mitigate and automate aspects of data loss prevention that wasn’t possible before.”

With the control and visibility that Compliance Manager and Secure Score provide, no other integrations were necessary, and the firm was able to deploy the solutions quickly without needing other resources or support. Now, Webber Wentzel can respond to client evaluations and questionnaires with data-driven evidence-based decision making and with more agility, providing assurance that demonstrates the privacy and compliance expertise and technical proficiency that the firm’s clients want in an advisor.

“In the past, we’ve devoted months and many meetings to answer certain client questions,” says Hero. “Now with Compliance Manager, we send them reflections of the data, and the way the data is applied gives clients confidence that we’re comfortable mitigating risk.”

Communicating value through data

Data telemetry is highly important for organizations built around a “time is money” business model. “Microsoft Purview Compliance Manager is basically an umbrella that governs what we protect, from multifactor authentication to our data loss prevention policies,” says Bethuel Lebepe, IT Security Analyst. “Compliance Manager assists us in identifying risk which we then write policies for and apply the policy programmatically against the risks.”

The firm uses insights gleaned from automated Secure Score reports to guide policy and help improve its security posture at scale. Monitoring its Secure Score helps Webber Wentzel assess its security posture across identities, data, devices, and apps to pinpoint opportunities to improve overall security and compliance. Its initial score was around 24 percent, but the firm’s compliance scores now hover around the high 80s, percentage-wise. The passive improvement happened with just two people managing the environment with the help of built-in Compliance Manager templates.

Security and compliance are not an afterthought at Webber Wentzel. The firm considers it a responsible investment that not only reinforces trust in its platform security and data management capabilities, but one that has a tangible return. “We understand precisely where we want to make investments moving forward,” says Hero. “With the upgrade to the Microsoft 365 E5 security suite and Compliance Manager, we can reduce the combined security and operational costs by about 10 percent.”

The firm’s steering committee for information security uses Secure Score results as a critical indicator. It reports results to General Counsel and internal business units that are now easier to understand, using data visualizations and real-time analytics that help capture attention with easily digestible information.

“The partnership with our internal and external clients to codify and show the outcome of our Secure Score trends are important,” says Hero. “Our ability to demonstrate our trajectory is one of the most powerful ways to generate trust.”

Simple tools, powerful practitioners

Improving internal efficiencies with easy-to-use tools and automation is secondary to the investment in the skills and contributions of Webber Wentzel’s security practitioners, who work behind the scenes to preserve its position as a trusted advisor. “Security professionals often become disillusioned and disheartened by their work,” says Hero when discussing mundane tasks. “With the Microsoft security ecosystem, we now have opportunities for our people to engage in less tedious, more meaningful work while accelerating our security capabilities.”

For Webber Wentzel, compliance must be proactive to give peace of mind. It’s built into the client engagement process from the start, which is why the firm guides its compliance initiatives and information management and security platform investments with help from Compliance Manager. “Compliance Manager is crucial for helping ensure that we meet client requirements,” says Sara Banda, IT Security Manager at Webber Wentzel. “We use the out-of-the-box assessment templates, but we also customize templates to suit our environment and client requirements.”

Webber Wentzel plans to maintain its momentum as a market leader and support future growth with sustainable digital transformation initiatives, including deploying more automated technology and continued investment in the knowledge and capabilities of its developers, lawyers, and IT practitioners.

“When we implemented Microsoft 365 E5 and Microsoft Purview Compliance Manager, I was blown away,” says Lebepe. “The data telemetry and visibility gave us better control of our environment—that’s what helps us sleep.”

Find out more about Webber Wentzel on Twitter, Facebook, and LinkedIn.