01 Apr Secure Document Sharing Alternatives for Time Matters 15
Time Matters 15 Has Ended Its Watchdox Integration – Here’s The Secure Document Sharing Alternatives.
3/10/2017 Update: We’ve relocated from Orange County, CA to Dallas-Fort Worth, TX! This move means our legal tech services have now arrived for law firms in the DFW area.
Time Matters is an on-premises case management system from Lexis-Nexis, and is currently in Version 15. We have over 15 years of experience with the software, and it is our preferred on-premises law firm case management system for many reasons – one of which was its ability to securely share documents, seamlessly from within the software itself.
Unfortunately, the document sharing service used by Time Matters – called Watchdox – was acquired by Blackberry and, for unknown reasons, has become increasingly unreliable. I recently upgraded a client to Time Matters 15 and was entirely unable to demonstrate the new document sharing functionality – because Watchdox was failing out and not working. This spotty reliability is not a Time Matters or Lexis-Nexis issue, but it obviously can tarnish their brand, so it comes as no surprise that Lexis-Nexis made the decision to end the Watchdox integration with Time Matters effective March 31, 2016.
So, where does that leave law firms using Time Matters 15, who still wish to have secure document sharing capabilities? Law firms already using a full-featured document management system (such as NetDocuments) may already have similar features built into those systems. For other firms, we list below some secure document sharing alternatives for law firms, starting with two simple options that may work for many attorneys.
Simple Options: Secure Email & Whisply
We suspect many law firms and attorneys will return to simply emailing documents to third parties, despite the well-known security risks that come with email. At minimum, these law firms should be employing a secure email solution – something like Sendinc, which offers a free plan as well as a free Outlook plugin. The nice thing about Sendinc’s Outlook plugin is that you can send secure emails by checking a box, while all your other emails are sent normally. You’ll also get a confirmation when the recipient opens your secure email as well.
Another tool is Whisply, offered by the folks behind Boxcryptor. Whisply is currently free for use (but likely will move to a “free-mium” model at some point), and allows users of Dropbox, Google Drive, or OneDrive to securely share their documents with third parties over the web. Whisply creates a sub-folder inside whichever of the 3 cloud services you’re using, uploads your encrypted document to it, and then allows you to generate both a link and an optional PIN to send to the third party (with a cool option to send either to the recipient via SMS). Best practices here would be to send the link and PIN in separate emails, although you wouldn’t necessarily need the PIN at all if you sent the link via an encrypted email (such as with Sendinc).
While neither of these secure document sharing alternatives have the more advanced features that were supposed to be part of Time Matters’ integrated Watchdox solution (e.g. auto-expiration, granular permissions, etc.), many law firms really didn’t need those features. Plus, both of the above solutions are simple to use, don’t require a huge learning curve, and are free.
DropBox is a well-known cloud storage provider, offering 2GB of storage for free, with additional storage requiring a paid account. All DropBox account levels allow for documents and folders to be shared with third parties, via a link that you can then email to that third party.
What about the features? Only paid plans allow you the ability to set a password for the third-party, or to set an expiration on their access rights. On a free plan, anyone who gets a hold of the link will be able to access the related document or folder, and their access rights continue indefinitely (until you manually revoke them). DropBox supports restricting users to read-only rights (versus edit rights), but again this can only be done on one of their paid plans. DropBox also supports versioning, but only for a 30 day period on their free plan – paid plan users get longer versioning history periods (ranging from one year to indefinite, depending on plan). DropBox’s biggest hole, though, is its lack of document check in/out capabilities.
How secure is it? DropBox itself is secure. It uses SSL/TLS for data in transit, it encrypts data at rest using 256-bit AES encryption (although the encryption key is managed by DropBox), and it supports two-factor authentication. We suggest that law firms considering DropBox still use an encrypted email solution – again, something like Sendinc – to email any shared document access links to third parties, particularly if using a free DropBox plan.
Box is another well-known cloud storage provider. While Box does offer a free plan for personal use, the free plan lacks any of the secure document sharing functionality we’re looking for – so, you’ll have to use a paid business plan to access the goodies. All of Box’s paid business plans support secure document sharing, with the only real difference being the size of storage available and the maximum file size limitation.
[RELATED: 3 Reasons We (Still) Love Time Matters]
What about the features? All of Box’s business plans come with the same secure document sharing functionality that was previously promised (but only intermittently delivered) by the Watchdox integration with Time Matters: secure sharing, automatic expiration, granular permissions (e.g. view only, restricted download access), tracking of user access and changes, versioning, and document check in/out.
How secure is it? Box itself is very secure. It uses SSL/TLS for data in transit, it encrypts data at rest using 256-bit AES encryption (and Box allows for user-managed encryption keys – the only provider we found with this option), and it supports two-factor authentication. We suggest that law firms considering Box still use an encrypted email solution – again, something like Sendinc – to email any shared document access links to third parties.
Google Drive is a cloud storage provider run by none other than Google. There’s two versions here: The personal Google Drive version offers 15GB of free storage (combined, however, across all your Google services, including Gmail), while Google Drive for Work has unlimited storage (or 1TB per user, if under 5 users). Both flavors of Google Drive seem to work generally the same, so they’ll be reviewed together.
What about the features? Google Drive supports setting file permissions (e.g. read-only vs. edit), and it supports versioning (by default, it will only keep 30 days or 100 copies – and you can change this setting on a per-document basis, although it will count against your storage limit). Where Google Drive falls down is its lack of auto-expiration of links when allowing third party document access, and its lack of any document check in/out capabilities.
How secure is it? Google Drive is fairly secure, but perhaps not as much as the other options. It uses SSL/TLS for data in transit, but it only uses a “minimum” of 128-bit encryption for data at rest (instead of the 256-bit AES encryption used by others). Google Drive, like all Google services, supports two-factor authentication. We also suggest that law firms considering Google Drive still use an encrypted email solution – again, something like Sendinc – to email any shared document access links to third parties.
OneDrive for Business
OneDrive for Business is a cloud storage service run by Microsoft. It is extremely important to make a distinction between two flavors here: OneDrive for Business (“ODFB”) is an entirely different product from the regular, personal version of OneDrive. We do not recommend the personal version of OneDrive be used by any law firm for secure document sharing – not only because it lacks critical features only present in ODFB, but also because the personal OneDrive does not encrypt data at rest.
What about the features? ODFB’s features essentially mirror that of SharePoint, so OneDrive for Business is as fully-featured as Watchdox was supposed to be (and as Box also is): secure sharing, automatic expiration, granular permissions (e.g. view only, restricted download access), tracking of user access and changes, versioning, and document check in/out.
How secure is it? OneDrive for Business itself is very secure (again, the personal version of OneDrive is far less so). It uses SSL/TLS for data in transit, it encrypts data at rest using 256-bit AES encryption (with separate keys for each document, managed by Microsoft), and it supports two-factor authentication. We suggest that law firms considering ODFB still use an encrypted email solution – again, something like Sendinc – to email any shared document access links to third parties.
ShareFile is a cloud storage service run by Citrix, and does not offer a free plan at all (although it offers a free 30 day trial). There isn’t a secure document sharing solution out there that is better than ShareFile as far as functionality, although many law firms aren’t likely to need all the functionality ShareFile can offer.
What about the features? ShareFile offers all of the features that were promised by the Watchdox integration with Time Matters: secure sharing, automatic expiration, granular permissions (e.g. view only, restricted download access), tracking of user access and changes, versioning, and document check in/out. At higher subscription levels, ShareFile can even send secure emails for you, as well as include dynamic watermarks on your shared documents, etc.
How secure is it? ShareFile itself is very secure. It uses SSL/TLS for data in transit, it encrypts data at rest using 256-bit AES encryption (with separate keys for each document, managed by Citrix), and it supports two-factor authentication. Unless you’re at a higher level of ShareFile subscription (which supports native encrypted emails), we suggest that law firms considering the service still use an encrypted email solution – again, something like Sendinc – to email any shared document access links to third parties.
While I suspect there’s a decent chance Lexis-Nexis will eventually have a replacement for its now-dead Watchdox integration lined up at some point (thanks in large part to its new API), I’m not at all sad to see Watchdox go – and neither should any Time Matters 15 customers who may have been using it. While in theory the ability to securely share documents from within the case management system is a great function, any functionality must actually work to be of any use. And, more often than not, the Watchdox integration simply wasn’t working.
What other secure document sharing solutions is your law firm using? We’d love to hear your solutions in the comments, or on our social media. If your law firm has questions about this recent announcement regarding Time Matters 15, are curious which alternative we’d recommend, or if you just need help with your Time Matters installation, give us a shout. OneDemand is a Time Matters certified consultant serving the Dallas Fort Worth region, and we have over 15 years of experience with the program – as a CTO installing and configuring it, and as an attorney and managing partner using it.
Scott J. Jackson, Esq.