It’s been a while since the dominant theme in The American Lawyer ‘s annual law firm technology survey wasn’t the economy. Make no mistake: The struggling recovery—renewed for yet another season—is still a force to be reckoned with. But responses by the 82 law firm technology chiefs who took our sixteenth yearly survey, and follow-up interviews with nearly a dozen of them, reveal that the top focus has shifted from dollars to data:

Namely, how do firms make information accessible to lawyers—the longtime goal of knowledge management—without making it too accessible?

Many of the most promising technologies, like mobile devices and cloud computing, are creating an environment where anywhere-anytime access to data is the rule. But at the same time, these technologies are raising serious concerns about security and confidentiality. Firms are finding that they need to walk a fine line, leveraging the efficiencies of the new technology while keeping control over sensitive data.

Firms aren’t the only ones taking a hard look at how data is being stored and accessed. Clients, the law firm CIOs report, are adopting an increasingly proactive stance on the issue. They’re demanding on-site security audits and—as part of the request for proposal (RFP) process—are issuing questionnaires that aren’t, as one tech chief put it, “seven or eight questions long, but 70 or 80.”

The economy, of course, also weighs heavily on technology departments. At first, our survey numbers appear to paint a rosier picture compared to last year. Capital budgets checked in at an average of $4.7 million, up slightly from $4.4 million in 2010. And 66 percent of firms chalked up an increase of at least 5 percent—last year, just 50 percent did. But in open-ended responses on the survey, and in follow-up phone interviews, several CIOs noted that the additional spending was for foundational upgrades: improvements to the network, new desktop computers, and enhancements to e-mail and disaster recovery that just couldn’t be deferred any longer.

“If you don’t invest in technology for two-and-a-half or three years, which has generally been the case, you’re going to have to do these things now,” says one CIO who asked not to be identified. “There were a lot of things we had to move to, like Windows 7 and Office 2010, because clients are moving to them, and vendors aren’t going to be supporting the old stuff for long. But you need the foundational improvements before you can move there.”

Continuing cost pressure is among the factors leading firms to explore cloud-based technologies—applications that run on a vendor’s infrastructure and that are located far off-site. Instead of buying and maintaining their own servers and storage, firms pay subscription fees, which converts big capital expenses to ongoing and, in theory, more manageable operating expenses. Nearly two-thirds of firms (63 percent) report using some type of cloud-based solution.

In reality, costs haven’t always dropped as much as firms hoped: A fifth of cloud users say that the savings have not been as much as expected. For some applications, costly network upgrades may be required, and sometimes subscription models can be more expensive in the long run than simply running the equipment ­on-site.

Indeed, firms are starting to discover that the economics of the cloud can vary widely among applications. The growing size of in-boxes, for example, combined with the cost of hiring an administrator to manage an e-mail system—upward of $100,000 a year—can make a compelling case for moving e-mail to the cloud. “It’s something we’re looking hard at,” says Edward Macnamara, chief technology officer at Arent Fox. “Microsoft’s list price for putting all of our users on their hosted solution is less than the cost of one Microsoft Exchange administrator.” Yet only 35 percent of firms using the cloud have offloaded e-mail functions there, and typically those consist of spam and virus filtering, not full-blown e-mail management and storage. The issue, says Macnamara, is “how do we provide the right legal and business security to the data we put there?”

And there’s the rub. For many firms, the cloud is still a worrisome place for storing sensitive data. Of firms that are using cloud services, 61 percent say that security remains the biggest challenge. Of firms not using the cloud, 70 percent fret about security.

The security fears help explain why law firms are embracing the cloud mainly for noncore functions. While 35 percent use the cloud for HR applications, for example, only 8 percent use it for document management.

But some firms are finding other ways of making cloud computing work for them. Due diligence, understanding the security and policies of a given provider, is part of the equation. But so, too, is a notion of a workable middle ground with the cloud. “One idea is to use an application that is in the cloud, but keep documents on your own physical equipment,” says Brian Conlon, chief information officer at McDermott Will & Emery.

Clients, too, are focusing on how and where their data is stored and accessed. In open-ended survey questions and follow-on interviews, several CIOs pointed to an increasing number of audits, questionnaires, and on-site inspections of data systems and procedures. Here it is not the cloud that’s behind the heightened vigilance, say the tech chiefs, but a “spilling down,” as one CIO put it, of traditionally corporate regulatory requirements like HIPPA (the Health Insurance Portability and Accountability Act). Clients need to know not only that they are in compliance, but that their service providers, including their law firms, are too.

While this makes for more work, such security checks can be good for a firm. “The questionnaires coming in from clients help us frame our information security strategy,” says Brett Don, chief information officer at Dickstein Shapiro. “[They] emphasize that you’ve got to make sure that your procedures, like departing attorney and legal hold processes, are up-to-date and accurate.”

For yet another year, 100 percent of the firms surveyed support BlackBerry devices. But that number is starting to warrant a Roger Maris–like asterisk, as within firms the number of lawyers actually using BlackBerrys continues to slide. An eye-popping 96 percent of respondents report users on iOS, the platform that powers both Apple’s iPhone and its iPad. That’s up from 77 percent in 2010. And 67 percent of firms count Android users among their ranks, up from 43 percent last year. Tablets—not even a product category two years ago—are now supplied by 7 percent of firms, though many more report lawyers buying the devices on their own (to no surprise, these devices are largely iPads). Indeed, only 4 percent of firms say that they have no tablet users.

For CIOs, the consumerization of IT—devices designed largely for personal use making their way into the workplace—has both positives and negatives. On one hand, the breadth and easy availability of user-installable apps has dramatically boosted the capabilities of mobile devices, particularly tablets. “Reading attachments has been the first step,” says Gerard Haubrich, chief information officer at Drinker Biddle & Reath. “But now we’re seeing apps that give you a remote desktop, or help with things related to litigation, like jury selection.”

On the other hand, managing devices—and data—has become far more complicated. What happens when lawyers leave their firm and take their personal devices, which also contains work product, with them? What if they use a cloud-based app like Dropbox, which stores documents on a third-party server over which the firm has no control? And most important: How do firms keep data safe without hampering lawyers’ ability to work in new, creative ways ["Herding Apps," October]?

The good news is that firms are finding solutions. A new generation of mobile device management software, products like Good for Enterprise, from Good Technology, Inc., and Mobile­Iron’s Virtual Smartphone Management Platform, are letting firms deploy mobile hardware while ensuring that key security measures, like passwords, encryption, remote wipes (of all data, or just work-related information), and, if need be, restricted access to worrisome apps, are in place. “A lot of new players have jumped in,” says George Gazdick, chief information officer at Squire, Sanders & Dempsey, whose firm chose Zen­prise MobileManager, from Zenprise, Inc., to support iOS, Android, and Windows Phone 7 devices. “And they’re giving us the comfort level we need.”

So far, firms have largely avoided the Big Brother route: 83 percent of firms allow users to download any app they want, while fewer than 20 percent track which apps are being installed. Instead, they have focused on educating users on safe smartphoning (e.g., don’t use Dropbox for work), and steering them to vetted solutions, like using their firm’s SharePoint portal to transfer documents to mobile devices, instead of using a cloud-based service.

Steps like these may make the CIO’s day longer and more complex, but they are essential as more lawyers embrace these devices, whether or not their firms do too. “The horse is out of the barn here,” says Dickstein’s Don. “We have to balance use with the risk to the firm. You’re not going to stop lawyers from using these devices, but you can guide their decisions, and lead them in the right direction.”

Alan Cohen is a freelance writer in New York. E-mail: alanc31@yahoo.com.