P2P

31 I L T A N E T . O R G T he "new normal" of work-from-home (WFH) has ushered in what is likely to be a new normal of security threats. This shift was particularly challenging for ALSPs and other legal technology providers that have always relied on a strong defensive perimeter to secure highly sensitive data and the professionals accessing it: the structured and unstructured data hosted for forensic activities, document review, analytics and many other projects concerning litigations, investigations and legal operations. For more mature legal technology and services companies, data security and controls are a core competency – as evidenced by ISO 27001 certifications and SSAE 16 and AT 101 audits. As such, while made difficult by supply chain constraints and work disruptions, the transition to WFH was supported by the requisite expertise, experience and established protocols that are resident in such organizations. But for IT departments within legal and elsewhere already resource constrained – and for whom the latest security patches, updates and testing are just another item on a long list of juggled priorities – the transition necessitated by COVID-19 introduced greater risk. And the speed and wholesale adoption of this new footprint presaged potential security lapses. As noted by Julie Brill, Microsoft's corporate vice president, deputy general counsel and chief privacy officer, during the recent WireWheel Spokes Privacy Technology Conference: "What we found [was that] companies went through a digital transformation that normally would have taken about four or five years in the space of eight months." In short, data security and governance issues arising from the transition to the cloud, endpoints moving outside the corporate firewall and other adoptions during the coronavirus pandemic (think increased use of collaboration tools and personal devices) have posed considerable security challenges. WFH Is Not Going Away This is not a time bound event to get through. Working from home is not going to go away – at least not entirely. "The polling that we've seen," continues Brill, "has shown that over 70% of people who have been able to work online would like to continue to work [from home] at least part time, and I don't know if it's going to increase but it's certainly not going to go back to 'normal.'" (Brill, 2020) There are, however, forces that may limit WFH adoptions when the necessity of a pandemic no longer insists on them. For example, clients that chafe at WFH document review, rightly or wrongly, may request – and pay a premium for? – a hardened review center implementation. Similarly, highly sensitive projects may require the physical security of the document review center's cameras, security guards, controlled ingress and egress and myriad other measures that cannot be duplicated at home. And of course, the nature of computer forensics requires work in physically secure areas, if not actual cleanrooms. Consider also, for those who pursue government contracts, that FedRAMP "high-level baseline controls" require significant endpoint and user controls that are more complex and perhaps more costly to establish outside a set perimeter. These, and other challenges discussed here, may portend that WFH may not be an option for everyone in every circumstance. Both Employees and Employers See Value in WFH Employees have found that they enjoy WFH – at least some of the time as the polling noted by Brill implies – while employers have found that, not only does productivity not

• Cover