This summer Athennian's Co-Founder and Director of Cloud Security, Shane Fast, sat down with CyberNews for an interview on cybersecurity threats, hybrid workspaces, globalization and more. Below you'll find the interview, as it appears on CyberNews.
Due to rapid changes in cybersecurity threats, hybrid workspaces, globalization, and other irksome factors, legal professionals tend to face unusual challenges.
To eliminate security-related threats, some choose to install powerful antiviruses or periodically update passwords. However, today’s guest strongly believes that well-defined processes and procedures aren’t always the key, and the only way to fix it is to take the time to think about removing human steps from the process.
To find out more about different types of entities and where can they be essential, we sat down with Shane Fast, Director of Cloud Security at Athennian – a software firm that provides a modern legal entity and corporate secretary management cloud platform.
How did Athennian originate? What has your journey been like since your launch?
We learned about the havoc and ruin caused by not having our agreements formalized the hard way. Several years ago we spent the better part of a year working on a project to implement machine learning towards making forecasts on electrical power outputs of wind and solar farms based on a variety of inputs (such as weather patterns, geographical, and relevant historical data).
We managed to get a prototype working and got ourselves some funding interest, but we did not have any formal agreement between each person on the team in place yet. None of us recent engineering grads thought to even incorporate yet! Discussing those details is where things fell apart very quickly. After working on anything for several months with nothing in writing, questions like “What should be our percent split?” or “who should be reported as the CEO?” can get very heated.
As expected our venture collapsed. Many months of wasted work. A group of engineers with an ax to grind on legal perhaps.
We decided to set a new path, but with some legal basics squared away first. Serendipitously, we met up with a lawyer who also had an ax to grind. He walked us through some basic items, but must have taken interest in our team because shortly after that we teamed up! Together, we were originally looking to make it easier for new companies (particularly startups) to have their legal situation squared up.
Our initial approach was to create a simple question-and-answer flow that would generate the appropriate paperwork automatically at the end. However, we realized that generating the content of a legal nature came with a myriad of issues. “Is this actually legit?“, “Will it work in my jurisdiction?“, “If there’s something wrong, who do I talk to?“…
Clearly, we had to pivot.
We got into building document tools with a variety of attempted features to see what stuck. We tried just about everything with mixed results. It was a hard couple of years. I suppose we got lucky eventually because when discovered an opportunity with Global Entity Management in the corporate legal space, I was skeptical at first. Frankly, I don’t think most of our team knew much about the topic at that time, because I sure didn’t. However, after exploring it there was clearly a gap.
Can you introduce us to your entity management platform? What are its key features?
Entities can take many forms (corporations, trusts, partnerships…) and are a hidden cornerstone of modern society. Did you order food recently with your phone? Your phone was built by a Corporation/entity, the app you made the order on is also an entity, as well as the restaurant you ordered from. Did you enter an office building or grocery store? Each of those is defined by a specific entity just for the building. Have you watched a movie lately? There is an entity for each and every licensed film. They are everywhere, in many things you buy, watch, and interact with on a day-to-day basis!
Entities are essential for a number of reasons, such as compliance with governments, tax efficiency, and defining ownership structures between stakeholders. As a result, a lot of documents and information are generated. There is a ton of entity information that is being managed by old premises solutions, spreadsheets, or on paper in lengthy binders, adding to a significant overhead cost to manage and update these records. Simply, Athennian aims to address this by providing a comprehensive cloud solution.
Some of Athennian’s features include:
- A central place for digital minute books and documents
- Managing corporate compliance
- Automating manual processes, particularly around document automation
- Visualizing corporate structures with org charts
- Managing Equity
- Reporting and analytics on all the above
- Access and analytics to provide stakeholders with access to an online digital experience, housing entity information with the permissions and restrictions that each client sets
In your opinion, what are some of the most challenging issues surrounding entity management?
I would say one of the most challenging issues is migrating data into Athennian. Many clients have home-brewed solutions that can make onboarding unique events. It does also pose a great opportunity to gain a deeper understanding of the industry.
On each new client onboarding and migration, we get to learn new about new use cases and special exceptions, which we can apply back into our application, further increasing our value to the whole customer base.
How did the recent global events affect your field of work?
On recent global events, I don’t have much to comment on other than remaining informed to digest internally on how to continue doing what’s best for Athennian’s users, Athennian as a company, and all Athennian’s stakeholders. However, I would like to zoom out a bit and comment on a generational trend. Since the advent of the internet, information has been much freer to travel the world.
Now that it has been a generation, people have grown to expect more transparency in all things as a result of having magnitudes more information available (particularly through social media). We can see this trend growing momentum in the entity space globally, especially around transparent reporting on entity structures and UBO (Ultimate Beneficial Ownership). People are demanding to know who stands to benefit from many opaque complex legal structures.
Entities are a tool, and just like any other tool, they can be used for good and for ill. While most people are good actors and use entities to stand up for good and proper businesses, there are people who use entities for unsavory activities (such as money laundering). Governments are steadily becoming more friendly to implementing legislation to promote UBO and transparency as demand for it increases worldwide. As a result, Athennian aims to be in a position ahead of this trend to help good faith actors to comply with new legislation rolling out.
Why do you think companies often hesitate to try out new and innovative solutions that would enhance their business operations?
Having the knowledge about why any particular company hesitates to try new things would make any of us a great salesperson. Together we can easily think up dozens of great reasons any company might hesitate (lack of budget, internal team skills, current workload, they don’t like my ugly face, …). Since this is a complex, multivariable problem I’ll opt to take a more self-reflective approach.
Despite working in tech, there are often times when I’ll also resist trying new things. I think there are times when resistance and hesitation are well warranted. For example, in any given week, I’ll get dozens of cold emails asking for a conversation or to try out some new tech. Will they potentially be useful? Maybe, but I’ll ignore dang near all of them because they are not relevant to the few selected problems I’m trying to solve right now.
Unfortunately, there is a universe of things I can be doing, but I’ll only be able to accomplish a few of the within the time I have, therefore I will only choose the most important. I’ll be actively focused on looking at tools/technologies/solutions for the problem I’m trying to solve. Knowing that I imagine most other companies have the same mindset and focus. So I’d say the question then becomes “What big problems are they trying to solve, and how do I get in their focus when they are looking to address it?”
With remote work becoming the new normal, what are some of the best practices companies should adopt to collaborate on and exchange sensitive data securely?
First, with anything related to best practices and operational security, I’d argue there is a tendency to create a myriad of rules and etiquette that pile on, creating a heavier and heavier cognitive load. Like a juggler, starting off with a few balls is fairly easy, but it becomes more difficult as more balls get added.
Eventually, balls drop. Yes, have well-defined processes and procedures when dealing with handling data, but also take the time to think about removing human steps out of the process (for example, say you have a 90-day password rotation in the policy. Are there places where it can be programmatically applied to force people to change it rather than having to remind people or simply trust that they are remembering to do it?). This is not to sound mean, but rather a means to remove as much friction as possible.
Secondly, when it comes to sharing sensitive data the easiest way to think about it is the Eliminate > Relegate > Automate. In this framework, start with Eliminate. Remove any unneeded cases where sensitive data is being shared. This is the easiest to do and will have the biggest immediate impact. Next Relegate, because if there are cases where sensitive data needs to be shared can it be limited? Can a smaller subset be shared? Can we limit the time data is shared? Can Roles be defined on who can access certain data?
Finally, automate. If there are frequent cases of sensitive data sharing that can’t be eliminated or relegated in a satisfactory manner can we automate controls that audit/log who has accessed the data? Can we automatically scrub sensitive information out? Can we automatically assign and remove access?
What other tools do you think can greatly enhance legal operations?
In terms of tools to improve legal operations, I have a bias toward security/compliance tools given my current role. First a shameless plug - Certainly Athennian is a great tool to give legal teams superpowers.
Automating workflows and making work a breeze for lawyers and paralegals alike! I’d also like to shout out Tugboat logic. A tugboat is a tool we use to help with our compliance obligations. It has saved our team tons of time gathering evidence, establishing new controls, and managing client questionnaires. I really love it!
What technological advancements in the legal field do you hope to see in the next few years?
Over the next few years, I have high hopes for more integrations to be built to assist legal operations to connect their stack of tools together more seamlessly. Athennian is certainly investing heavily in growing our integration capabilities with direct integrations (like with DocuSign and iManage) and with our API. My hope is that clients will be excited to build on top of our systems to create amazing workflows we haven’t even considered yet!
And finally, what does the future hold for Athennian?
Looking down the tunnel of time, I think Athennian is well positioned to grow into multiple markets. We are well on our way into the US market and I’m excited to get more into markets across the world (EU, Asia, South America, …)