The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/900970
13 WWW.ILTANET.ORG BEST PRACTICES validating and assuring that the approach and value are sound. While frequent testing is possible with self-service disaster recovery, professionally managed DRaaS enables businesses to leverage the skills of data and recovery experts immersed in restorative challenges on a daily basis. This option can also assist in unburdening internal IT teams from the management of infrastructure at an offsite production site — allowing them to focus on more business-critical tasks that contribute more immediate and visible value to other areas of the practice. Proactive and Reactive Measures Working Together As security incidents continue to be more ubiquitous, consider a comprehensive approach to data security as equal doses of prescience and prudence. This due care should take into account both preventive and reactive measures. Perform a business analysis of your practice to identify the valuable and vulnerable areas that require a reasonable degree of protection, then incorporate these findings into both your recovery and security plans. In addition, it's important to encourage open communication between your IT team and other internal stakeholders to determine what kind of recovery options fit best with the overall business flow. As a legal practice identifies data confidentiality and availability risks and develops both a proactive and reactive approach to data protection, DRaaS can be a helpful tool in maintaining client confidence in the unfortunate event of a security breach. While proactive measures allow firms to defend against security aacks as much as possible, the possibility (or eventuality) of a breach should not be ruled out. To fully prepare and protect your assets, focus equal aention on reactive measures, which will ensure that IT systems are up and running in a timely manner should your firm need to invoke its security incident response plan. P2P are valuable and applicable to a wide variety of security threat applications. While many businesses might not be focused enough on restorative measures, the need to have this approach is being realized by IT leadership and C-suite executives as they see the connection between data security and business continuity. Businesses now realize that service disruptions related to data breaches do not only interrupt the firm's internal process flow and ability to provide service. They also damage the brand, causing legal and reputational liabilities, especially for those in industries that deal with confidential information almost exclusively. This correlation between data security and business continuity is perhaps one reason that 44 percent of vice presidents responding to the IDG Research study identified the inability to recover data and systems in less than a day as one of their biggest concerns around a security breach. Disaster Recovery Aligned with Security Goals One component of a restorative approach is being prepared to declare a disaster when a security threat may have successfully exploited a data vulnerability. In the moments of initial incident discovery and analysis, it might be best to immediately declare a loss or disaster occurrence and to enact a prepared, validated action plan. The situation awareness will likely be low at first, and it can be confusing, so ad hoc determination of appropriate reaction is oen best considered aer the restoration is enacted. With security threats looming, 64 percent of IDG respondents stated that disaster recovery (DR) should be incorporated into an IT security strategy, enabling a comprehensive security approach. One way to do this is by implementing disaster recovery as a service (DRaaS), which allows for secure, offsite IT systems and data replication. Enlisting the services of a DRaaS provider can enable legal practices to match their technical needs and recovery objectives to the right solutions, no maer the complexity of their IT environment. It is concerning that 62 percent of ALM's legal IT survey respondents do not test or are unsure of DR testing methods. Testing is an integral part of Developing a Two-Level Approach to IT Security DEREK BROST Derek Brost, Director of Engineering at Bluelock, is a certified Information Systems Security Professional (CISSP) with a 21-year background in information technology operations, architecture and security. Contact him at dbrost@bluelock.com. 64 percent of study respondents were most concerned with the loss of people's confidence after a security breach.