Steps to take to protect your company from the Heartbleed bug

Ideal Integrations is the "Outsourced CIO" columnist for TEQ magazine.

Ideal Integrations is the “Outsourced CIO” columnist for TEQ magazine.

By Ideal Integrations, Outsourced CIO, TEQ magazine

The Heartbleed Bug is certainly causing some security concerns in the technology world this week.  We want to give you a few thoughts on what to do about the Heartbleed bug.

What The Heartbleed Bug Is:

The Heartbleed bug is a vulnerability in the OpenSSL cryptographic library that allows stealing of information normally protected by the SSL/TLS encryption used to secure the Internet.  OpenSSL is open-source software that is widely used to encrypt web communications.  SSL/TLS is what normally provides secure and private communication over the Internet via websites, email, IM, and VPNs.  According to CNET, an attacker can exploit Heartbleed to essentially “get copies of a server’s digital keys then use that to impersonate servers or to decrypt communications from the past or potentially the future, too.”  Heartbleed is being taken so seriously because OpenSSL is widely used.

What Steps Your Organization Should Take:

Numerous technology providers have already provided a signature to prevent the bug, so check your environment to verify it is active and current on all subscriptions.  We also highly recommend you take steps to fix the issue by changing your certifications and resetting passwords to ensure you are protected.

Once all components of your infrastructure have been patched, we strongly suggest that you reset the passwords associated with those accounts.  All of these steps together will help to protect your environment from any threats from the Heartbleed bug.

What Steps You Personally Should Take:

We suggest that you also protect yourself personally as over half of all websites are potentially susceptible to this problem.  Be on the lookout for spammers  trying to take advantage of this situation and luring you to fake password reset websites.  Always go directly to the website in question and change your password there.

Click here for another great article on the matter of changing passwords and protection.

Should you need any further assistance or have additional concerns, please don’t hesitate to reach out to our team at communications@idealintegrations.net.

A Managed Risk: Outsourcing Practice Support Services

By Sal Mancuso and Jackie Flynn

Should Law Firms Seriously Consider Managed Services for Practice Support Departments?

In an effort to reduce law firm capital expenditures and relieve IT of unnecessary burdens, law firms nationwide are examining whether they should outsource their litigation support hardware and software infrastructure requirements. While some firms are making significant infrastructure investments to retain more eDiscovery and hosting services internally as a means to provide added value to their clients (think WilmerHale, Sidley Austin and Reed Smith), many are looking to offload the hardware and software headaches that arise when managing large volumes of data internally. In the below conversation, UHY Advisors’ Jackie Flynn speaks with Salvatore Mancuso, the past director of practice support at Proskauer Rose LLP, to explore the pros and cons of procuring managed services and when it may be a viable option for a law firm.

Q: What is your definition of managed services for a practice support department?

SM: Law firms who have in-sourced all or some of their eDiscovery services, that typically are available through service providers, now have the option to outsource different layers of their department. For me, a good starting option for a firm is to consider how best to manage its underlying eDiscovery infrastructure ‒ turning your software over to a provider who will supply the hardware is one such option. This mindset is not new for firms. In years past firms, through facility management services, have outsourced their mailroom, word processing and reproduction centers. Having a third-party provider manage back office support of eDiscovery services is an interesting solution as it allows a firm to take advantage of evolving technology without taking on the direct cost and management of new software and missing out on real-time software updates. The ideal solution that best fits each individual firm really depends on the firm’s value system and culture ‒ does it want its litigation/practice support department to be considered a cost of doing business or a potential revenue source?

Q: What services do you think make sense for a law firm to outsource?

SM: Firms should assess their needs by looking at their department at different cross sections: people (management, project management, project coordinators, technical analysts, systems analysts, etc.), type of litigation supported (large and slow-paced versus small and quick-paced), core software, support software (MS Access, text editors, utilities, etc.), hardware (file servers, SQL servers, virtual servers, etc.) and overall P&L. Is the department an operational cost or a source of revenue for the firm? Can you get any of the above layers at a lower cost and higher quality? Will outsourcing these services generate a better product, increase productivity or increase profitability while delivering high-quality client service?

Q: Do you think the quality of services you would receive from a third party could compare to an in-house employee?

SM: If we are talking about hardware and software services, then yes, I would be comfortable outsourcing to a third-party provider. In fact, the level of support they provide might be similar or even better. But outsourcing your in-house consultative staff to a third-party provider is not as straightforward. If we think back at the facility management example, the quality of staff is not always at the level one expects once the outsourced party takes over a department. In my experience, you tend to get inexperienced and junior staff to run the underlying services built into the contract. As a buyer of staffing services, you have to ask yourself, will you have control of the hiring process to ensure the experience and knowledge required to run an effective department?

For me, successful departments always come down to the quality of the personnel. Project management, as an example, is a key component to running a successful department – one that I would not recommend outsourcing. This position requires a thorough vetting process, looking at credentials, previous experience at law firms versus at a service provider and assessing the years of experience one has in a project management capacity in the industry. In fact, today there is a trend of service providers attracting project management personnel away from law firms. Why? Because there is not enough training and mentorship in the marketplace. I have learned that the best project managers are the ones that have been in the trenches and worked under proper mentorship and training.

Lastly, consider the firm’s perception of your department. How will the department be viewed if the staff is not at the level required or at the level the attorneys were accustomed to before the change? One should never undervalue the significance of using qualified and experienced staff.

Q: Why do you think outsourcing a firm’s practice support IT infrastructure is becoming an attractive alternative to law firms who currently manage client data internally?

SM: There are numerous reasons why a firm would and should consider outsourcing the IT infrastructure, including:

  • Immediate scalability of software, hardware, storage and staff
  • On-demand services and 24/7 support, particularly outside business hours
  • Increased flexibility in procuring new technologies
  • Dedicated qualified support resources
  • Real-time upgrading of hardware and software
  • Effective and straightforward budgeting of annual expenses
  • Ability to effectively utilize cheaper storage and introduce an effective retention policy

 

Storage alone competes with other costs in the firm and is hard to budget for since case volumes are unknown at the start of a matter. For example, the average case size is quickly growing as new cases cost 20 times that of matters from five years ago.

Q: Do you think this type of service is geared toward large or small law firms?

SM: It depends on the model and culture of the firm as well as the type of litigation supported, not necessarily the number of attorneys a firm employs. A single plaintiff practitioner with a booming caseload may have just as much need for a managed services solution as a 500 litigation attorney law firm. There is no one size fits all answer for this service.

Q: Do you think outsourcing hardware and software infrastructure gives a firm the opportunity to upgrade to new technologies?

SM: Yes. The largest upside to exploring a managed services solution is the opportunity to upgrade and/or introduce new technologies to the firm without the upfront capital costs. The practice support desktop environment is different than most user groups within the firm. Using an outsourced solution provides greater flexibility to install third-party applications and better support of the user’s needs. Outsourcing the IT infrastructure also avoids potential security issues and political headaches that may occur within the firm with new software installations.

Q: Does outsourcing provide an opportunity to “clean up” old cases?

SM: Yes. Most of the managed services models I have assessed use a per-GB/month pricing scheme. Even those that use a subscription model base the recurring cost on GBs. Using the GB model, a firm may elect to keep inactive cases in-house and move active billable cases over to the outsourced provider. This alone should prompt a firm to clean up its practice support data storage. Since you need to account for each GB, there is an opportunity for case remediation. A good portion of data that takes up space on our servers is residual data that dates back since the inception of the department. There is also a possibility for cases to exist in more than one environment. For example, think of a firm that migrated from Concordance or Summation to Relativity. A firm may elect to keep all Concordance legacy databases in-house but use the outsourced provider to host data for new matters in Relativity. It will be important to define at the onset of the transition period what is currently active and stays internal versus new matters.

Q: Does outsourcing provide an opportunity to develop a better data management policy or case archiving protocol?

SM: Yes, since we are faced with the challenge of finally dealing with dormant data and determining if we should move it to a different environment. This process will require hard decisions on how to manage the data as well as an opportunity to create a starting point for new policies going forward. The cost for outsourcing should motivate a firm to better handle data for closed matters as do service providers.

Q: What happens to the software already purchased by the firm, should outsourcing become a reality?

SM: Some software can be transferred with no problem, and some will have to be renewed after they lapse or run out, either by the firm or the new provider. One important consideration is the need to build in maintenance contracts as the new provider takes over your prepurchased technologies. For example, if a firm has already purchased Relativity, the firm can opt to maintain ownership of its Relativity licenses with maintenance fees and licensing as the software is still owned by the firm. However, it will be hosted on the provider’s servers. Also, some third-party applications – such as LAW Pre-Discovery Processing and text editors – may already be a part of the providers’ tool kit and will not need to be purchased or renewed. Finally, some licenses may never be outsourced as they are best used when locally installed by the firm. It is extremely important to involve the firm’s IT resources in determining which practice support systems work with the current firm’s environment. For example, transcript management databases that allow for streaming video may not work properly when hosted by an outside provider.

Q: Can an outsourced solution increase a practice support department’s billable hours? How so?

SM: I believe it can increase a department’s billable hours. Currently, a practice support professional may spend time focused on managing the current database environment which cannot be billed back to clients. If that task is removed, the project manager may be able to use the newly available hours for billable tasks. Today, a limit exists for what in-house project managers can do based on time constraints. If a team can quickly scale up and down based on its caseload, it can offer additional consultative work that would traditionally be outsourced based on team’s overall bandwidth.

Q: Some firms are interested in outsourcing their infrastructure as well as the people to a third-party provider. What are the challenges one should consider with choosing a fully outsourced approach? What about the concern of losing legacy knowledge on existing long-term cases?

SM: Well, by outsourcing people, I think of the services that once were internalized now being handled by staff that is no longer on the law firm’s payroll. The first challenge is in maintaining a certain level of quality and consistency in the service offering. Another challenge to be concerned with is the inherited knowledge one gains by working on the same client-related cases or with the same case teams that would otherwise be compromised if the staff were outsourced. You will most likely see turnover right from the start as most staff would be reluctant to stay with the absorbing company. The other such style would be to simply bring in new staff as part of the service offering as law firms have done in facility management solutions for their reproduction and mailroom centers. Since experienced project managers and analysts are highly sought after in the market, I am not convinced the law firm would get a good return on its investment by outsourcing staff.

Q: Can a managed services model provide firms the cost savings they think it will?

SM: I truly believe it can. As mentioned earlier, it depends on the value system of the law firm. If the law firm recognizes the value of the services its litigation/practice support department renders is the same or better than the value of the services provided by an external service provider, then it is a no-brainer. Regardless of how the law firm chooses to deal with the costs associated with managed services, the savings can be measured in dollars, overhead, risk associated with managing client data and the burden it has on the internal IT department.

Q: Can you provide a few tangible examples of where cost savings can be seen?

SM: Yes, in areas such as storage fees (live, offline, disaster recovery systems and backups), labor (personnel, database administrators [DBAs], IT hours), maintenance and upgrades of storage fees and maintenance and upgrades of hardware fees.

Q: Can you predict the IT departments’ reaction to a decision to utilize a managed services provider to take over the infrastructure and storage needs of a practice support department?

SM: You would be surprised as most IT departments I know would welcome the solution. It means one less headache for IT to manage and certainly one less set of data to ensure is available should a disaster occur.

Q: Would a managed services contract start at a certain point in time or would the plan include an option to offload all data currently being stored and hosted by the firm?

SM: I envision the plan starting on a go-forward basis at the outset and include legacy data as time and case milestones permit. It would be very difficult to move all data in one fell swoop. Prioritizing the data by most-active to least-active cases, and certainly by data types, such as client original data versus the underlying processed data or hosted data, is the way to approach the challenge. So, a contract can start at any time as long as it speaks to the classifications of data and builds in tiers based on aged data.

Q: Do you believe a managed services model can create an opportunity for a data remediation exercise for dormant data?

SM: Absolutely. After all, as with any data migration, it is an opportunity to perform some spring cleaning. I recommend, if a data disposition plan is not already in place, formalizing one that distinguishes data between dormancy and a closed state. The latter should involve the three options that most vendors will provide to a client. One: destroy. Two: return. Three: maintain at some recurring monthly cost. For the former, this is a good time to look into tiered storage where the secondary storage facility can be used to house dormant data that can be easily restored within a reasonable time.

Q: How will these services be billed back to a client?

SM: The recovery of costs is dependent on the value system each law firm places on its internal eDiscovery services. Some firms build in the cost as a value-add to other billing elements already in place, and yet other law firms have attempted to create a fee arrangement that mimics the service provider industry.

Q: Do you envision a managed services contract including after-hours support?

SM: For me, that would entail another level of service that one could tack on to the contract depending on the resources the solution provider has in place. If a law firm is looking to achieve a 24/7 service level operation and costs are an issue, one way to deal with this issue is to identify a managed services solution that can support overflow of an existing in-sourcing solution. The first thing to do is decide on which cross section to extend through the managed services solution: administrative/technical support, transactional services or project management. I can see relying on an outside entity to provide after-hours support on the technical support and transactional services end; however, project management is not a service I am willing to outsource.

Q: Do you think a managed services provider should include a clause for a first right of refusal on new matters requiring external processing or hosting services? Why or why not?

SM: That aspect of the service line is for the law firm to define as part of the Service Level Agreement. Personally, that would not work for me as my organization is currently supporting an in-sourced model. The main driver of outsourcing is the need for infrastructure and services, not necessarily as an overflow support solution.

Q: Security is a major concern when contemplating a managed services solution. What concerns do you have about data breaches and protecting client confidentiality?

SM: Security is a very important part of the assessment process. Some clients require a certain level of certification, penetration testing and auditing before they would even contemplate sending over their data. If the solution is one that is solely based on infrastructure and is intended to be the environment where all client data will reside, the security of the managed services solution should be assessed and tested by the law firm’s IT personnel as well as tested against one or two of your corporate clients’ security protocols. Clients will need to be reassured that their data will remain secure, restricted on the matter level, accessed by law firm members only and not on a multitenant network environment. For some law firms, hosting data through a managed services provider that uses a top-tier and fully vetted and tested storage and security solution could provide them favorable feedback in attracting business.

Q: How will the transmission of data be affected?

SM: The speed by which data travels to and from the managed services environment is critical. Depending on your current environment, you may see slower or faster speeds. For instance, if your law firm centrally deploys its network via a data center, your data may already be slower than what you would be experiencing if it were local to the office. That said, assessment of transmitting data should be added to your checklist of items to vet when using a managed services provider. I recommend including your IT department during the vetting process. You should also find out if the managed services provider will allow for delivery and loading of data at its location instead of having data being copied from your location, which can make uploading and production deliveries more efficient.

Summary

Managed services can allow law firms to get back to doing what they do best – practicing law, not managing and storing data. In the end, the opportunity to increase profitability, utilize labor productivity and reduce the overall cost of eDiscovery expenditures will result in many firms deciding to move some, if not all, of their practice support infrastructure to a third-party provider.

This article was published in ILTA’s October 2013 white paper titled “Risks and Rewards: The Good, The Bad and The Revered”

About the Authors

Sal Mancuso has 25 years of experience in providing litigation and practice support, stemming from both the law and the service provider side of the industry. He is currently the Director of Client Services at RVM, Inc. NYC. Prior to RVM, Sal was the director of practice support for Proskauer Rose LLP and the litigation technology services manager at Willkie Farr & Gallagher LLP. Contact him at smancuso@rvminc.com.

Jackie Flynn is the Mid-Atlantic business development manager for the UHY Advisors eDiscovery and digital forensics practice. Flynn routinely consults with large domestic and international clients in the health care, telecommunications, technology, government contracting, energy and education industries with regard to formulating defensible collection plans, preservation strategies, data extraction, forensic analysis, targeted culling and document review. She can be reached at jflynn@uhy-us.com.

Electronic Discovery Vendor to Expert: It Is All About Trust

By Danielle Bethea & David Herman 

As everyone in the legal field can tell you, lawyer jokes seem to outnumber the lawyers some days. Jokes about eDiscovery providers are less common, but that may be changing. Recently, an attorney extremely knowledgeable about eDiscovery at an important New York law firm joked, “Do you know that there are now more eDiscovery vendors in the city than cockroaches?” The dizzying number of companies entering the field makes it hard for attorneys to find the right partner, and it challenges vendors seeking to develop long-term relationships with firms to differentiate themselves from the pack.

Consider that the exhibitor list for LegalTech New York in 2013 had 225 companies on it, and that only includes the ones who chose to be in the show.[1] With so many options, how does a law firm make the critical decision to use one vendor over another for a make-or-break case?

The answer lies in finding companies that both law firms and their corporate clients can trust to execute the sometimes incredibly complex tasks associated with the matter, often in a time frame that virtually defies the laws of physics. In theory, this sounds obvious, but in practice it is much more challenging to evaluate and develop those relationships. One emerging method is to visualize a “Pyramid of Trust,” which can help attorneys categorize and group the vendors they are currently working with or may be considering.

In order to fully understand the Pyramid of Trust, let’s take a moment to define the key terms that comprise it.

Webster’s online dictionary defines the word vendor as “one that vends or a seller.” As an example, the website states “We’re thinking of making a deal with that other software vendor.” The origin of vendor is Anglo-French vendur, from vende “to sell,” with a first known use in 1594.[2]

A solutions provider, according to The Free Dictionary, is “an umbrella term for an organization that offers any combination of computer hardware, software and consulting.”[3]

The word expert is defined by Webster’s as “having, involving, or displaying special skill or knowledge derived from training or experience.” The website’s examples include “We received some expert advice,” and “The company has become expert at adapting its products for new clients.” The word dates to the 14th century.[4]

uhf

The Pyramid of Trust

At the apex of the pyramid resides the “vendors” – the guys that are the “jack of all trades, experts of none” – the “handymen” of the industry. Next, in the middle, are solution providers – organizations that focus on a specific type of matter or have a tool that works best given a specific set of parameters. Last, but not least, at the bottom of the pyramid are the experts – organizations that have a pool of very technical, highly knowledgeable individuals that will provide services and often testify, opining on the results of the work that has been done. This often leads to ongoing service and support. As the level of trust increases, the foundation of the pyramid becomes more stable.

There are some key questions firms can consider for each eDiscovery provider, which will help determine where they reside on the Pyramid of Trust.

How to Identify a Vendor

  1. How long has the company been in business? Did it just spring up, or does it have the requisite experience to handle the need?
  2. How long have the key employees (the ones actually doing the work) been with the firm? A trustworthy organization has the ability to retain its employees, generally because they all share in a common vision.
  3. Are the tools that the company is using developed in-house or does it use industry standard software? In-house or proprietary software is not necessarily a disadvantage, but there is some merit to using commercially developed tools that have been tested by the “masses.”
  4. What security policies and procedures does the company have in place to protect the data it is handling? Federal regulations involving health, student and personally identifiable information have become much more stringent in the last five years, and if the company will be in possession of such materials, it is important to make sure they will be secure.
  5. If a small case expands in scope, does the company have the resources to “grow” with it?

Assuming that the vendor has been engaged and done good work on multiple occasions, it may earn the right to move down the Pyramid of Trust and become a solution provider, where the qualifications become much more stringent.

How to Identify a Solution Provider

  1. Can the company handle all aspects of the engagement ‒ pre-case consulting; assisting with the development of a discovery protocol; data mapping; development of a preservation plan, forensic collection; data extraction, processing, hosting, document review and production; expert testimony; and case closure?
  2. Does the company have a proven ability to deliver on time and within budget, based on the original scope for the project?
  3. Can the company think outside of the box to provide custom solutions when the scope gets tricky, or does it try and funnel everything through a single, rigid process?
  4. Can the company handle nonstandard forms of ESI, including structured databases, mobile devices, obscure email formats, backup media, email archiving platforms, etc.?
  5. Does the company’s culture support redundancy if a key person on its team of professionals leaves the organization or requires an unexpected period of time away from the office?
  6. Does the company document every request in a manner that can be used as part of an overall defensible approach, should the case go to trial?

If a company has proven itself time and again and it is on the short list of solution providers, how can it take the next step on the Pyramid of Trust and become the one that will work day in and day out with the case team on a bet-the-company case?

In today’s litigation environment, the answer often lies with two simple words: expert testimony. Does the solution provider have the expertise to testify about any technical event that occurred throughout the case life cycle? If the answer is yes, then the company may deserve advancement to the next level.

How to Identify an Expert

  1. Who will actually testify about the matter should it go to trial? Is the individual someone who has testified successfully before, or will your case be that person’s first experience in a deposition or hearing?
  2. Is the person an expert in digital forensics, the electronic discovery process, technology or on a specific software platform?
  3. How long has this person been working in the industry? While it may seem like someone who has just “gotten into the business” may serve as a good expert, much of the conveying of technical facts or the defensibility of a process comes down to experience.
  4. Make sure to take the time to vet the expert’s CV and identify the experience that relates to your project. What does the expert’s CV look like? Most experts do not spend all of their time just on testimony. They invest time in writing industry articles and on delivering education via CLE programs. Bear in mind that, much like on a resume, it is easy to skew or massage the facts.
  5. Interview the expert. Sometimes a quick phone or in-person conversation will reveal a personality characteristic that might not otherwise come through on paper.
  6. What references can be provided so that the firm can check on the past performance of the expert? Any true expert will have a host of individuals that are happy with the work provided and would be glad to candidly discuss their experience.

How do providers know when clients consider them experts? Sometimes, it is easy to tell. Candid communication tends to come out when time is of the essence and confidence in the work product is critical. In one recent case, a litigation support staff member sent us an email that read “I really appreciate the diligence on this. I can now forward this information on with complete confidence!”

While eDiscovery vendors may not yet outnumber cockroaches, remember that there are a lot of them and they are not all created equal. Just like attorneys generally focus on select types of law, so do discovery providers. The Pyramid of Trust represents an invaluable guide to find ones that can be counted on, time and time again.

Danielle Bethea & David Herman are senior project managers in the UHY Advisors New York City office. 

This article was originally published in FindLaw®, June 17, 2013



[2] http://www.merriam-webster.com/dictionary/vendor

[3] http://encyclopedia2.thefreedictionary.com/solution+provider

[4] http://www.merriam-webster.com/dictionary/expert

Apple’s Steve Wozniak Visits Pittsburgh

Steve Wozniak talked tech to a sold-out crown in Pittsburgh.

Steve Wozniak talked tech to a sold-out crowd in Pittsburgh.

Apple’s other Steve spoke to a sold-out crowd at Robert Morris University’s Speaker Series last night.

Steve Wozniak has always taken a proverbial back seat to his co-founder — the late great Steve Jobs — and he appears to be quite fine with that. Woz admits that he always just wanted to be an engineer and has never been concerned or interested with running businesses. He retold the grief of quitting his engineering job at Hewlett-Packard to officially found Apple in 1976. He didn’t think it was necessary to quit his full-time job to pursue his passion of building computers.

Woz provided fascinating insight into his early years as a computer engineer in the late 1960s and ’70s before co-founding Apple Computers with  Jobs. He’s a man that prides himself on smiling and having a sense of humor, recounting numerous stories of technical pranks that he would play on friends and fellow students while in high school and college. He created a TV Jammer in college that made television sets in his dorm tune in and out. He would fiddle with the reception as students tried to tune in the sets causing great frustration and ultimately laughter.

Jokes and pranks aside, as we all know, Jobs created the marketing sizzle of Apple while Woz created the steak. He single handedly designed the hardware, circuit board designs, and operating system for the Apple I and Apple II. In 1975 Wozniak tested his first working prototype, displaying a few letters and running sample programs. It was the first time in history that a  home computer generated a character displayed on a TV screen.

Woz made it a point to tell the audience that he was the engineer and designer behind Apple’s first products and couldn’t imagine having a better partner in Steve Jobs to create what has been a true technological revolution. When asked how it might have been different if he partnered with Microsoft’s Bill Gates, he said that he couldn’t even imagine that scenario. He said it was his unique relationship with Jobs — the marrying of technical and marketing prowess — that set the foundation for Apple being what it is today.

Learn more about Woz at woz.org.

2014 Already? Guiding Imperatives for the Year Ahead

arBy Audrey Russo, President and CEO, Pittsburgh Technology Council

This fall, I participated in the first-ever, two-day City Lab Summit in New York City. Hosted by The Atlantic, The Aspen Institute and Bloomberg, the summit engaged the world’s urban leaders to discuss urban incubation and how cities fuel innovation for half the world’s population.

Attendees, including 30 mayors, engaged in continuous discussions ranging from technology, energy, architecture, work, politics, and the arts to data privacy. While I may have been the only Pittsburgh and tech association representative, the work done in this city and region finds common threads with other cities. The visions of every city are uncannily similar. We all want to be the best place to live and—there are aggressive strategies on which we should all be focused.

I left NYC after those two days, wondering if the immersion on the topics would leave me rejuvenated, proud to be part of Pittsburgh’s resurgence and prompted to invigorate new perspective.

As we close out 2013 (seriously? 2013?), my reaction to that time talking with people who are passionate about Detroit, Chicago, Memphis, Cleveland, NYC, Santa Monica, Seattle, Portland, Raleigh, Milwaukee, and more, is that there are several non-negotiable commonalities as we converge into a new year, as well as we welcome our new mayor, Bill Peduto, in January 2014.

While I was not necessarily rejuvenated, I had more clarity through the perspectives shared at this summit. Here are my operative findings that I believe ring true, for Pittsburgh, as guiding imperatives for the year ahead:

Being a sustainable city is no longer aspirational, it’s a requirement which must be embedded in the fabric of a metro region. It’s not a fad.

Being global is an imperative. It is evidenced in a city’s scorecard than includes diversity, trade, celebrations, local food establishments and demographics of corporate / civic leadership. These indicators should be regularly measured and disseminated.

Every city is supporting, in some shape, the incubator / accelerator entrepreneurship movement and most agree the demand for follow-along capital is waning.

Local mass transit is crucial. The U.S. preoccupation with car ownership is receding for people now exiting college.

A mayor’s role in building international business relationships is a core part of the job in building the economy. Doing business locally is equally as critical. Buy local, sell everywhere.

The next generation of our workforce wants to live in a place that has density and multitude of options for recreation, living arrangements and work. Work is not the ultimate attraction.

The rise of places with growth in music and local food establishments result when strong technology innovators are abundant. It may be an effective leading indicator of a metro area’s growth and appeal.

Tax incentives for businesses—both new and legacy—remains a feverish policy debate. But tax relief for new businesses seems to be prevalent.

Reliance on federal government for operational support has caused emergence of regional governments to build stronger local and regional tactics to build prosperity. Thriving regions have built durable public-private partnerships, which are locally focused with many strong global relationships.

The evidence of technology clusters as fertile ground for growth remains a focus for cities, but most agree that the mash up of ideas across disciplines and expertise is really the next generation of opportunity.

Helping universities commercialize technologies in research institutions is community work. Innovation in cities with research universities requires active community-based strategies to drive new company formation. Universities cannot successfully support the birth of new companies by themselves, they need strong & active civic and corporate partners.

Rebuilding communities decimated by business losses and poverty impact an entire city as well as a state. Neighborhoods must be salvaged and reborn.

Ensuring excellence in public education for K-12 is a priority. Poor public schools impede talent attraction, which severely impacts reputation.

A diverse arts community, which embraces traditional and non-traditional genre, is pivotal in talent attraction and global reputation.

A toast to all of you for the holiday season. Wishes of good health, prosperity and friendship.