Peer to Peer: ILTA's Quarterly Magazine
Issue link: https://epubs.iltanet.org/i/1502513
22 P E E R T O P E E R : I L T A ' S Q U A R T E R L Y M A G A Z I N E | S U M M E R 2 0 2 3 R E A S O N # 5 Learn About Immutable Backups Many firms have policies calling for immutable - unchanging over time or unable to be changed – backups to be in place. But some entities do not completely implement this action called for by policy. The survey offers some valuable information leading one to access internal procedures and subsequently consider areas of opportunity in this important area. R E A S O N # 4 View Several Common Flaws Page 8 of the survey lists ten or so bullet points showing the percentage of respondents lacking an important security control. Reviewing this benchmarking information and then comparing these practices to one's internal practices is a value-added activity leading to some obvious ideas for quick-hitting improvements. R E A S O N # 3 Understand The Value Of A Risk Register Relating To Zero Trust Another great content element on Page 8 (one of my favorites, obviously) also covers the compelling reasons to not only implement Zero Trust, but fully document all exceptions in a Risk Register. Restricting access in a structured, thoughtful manner goes a long way towards "stopping the bleeding" should (when) an intruder gains access to a law firm's systems. R E A S O N # 2 Learn About The Concept Of Lateral Movement Defenses. The survey shares there are two products in the market which provide this level of comprehensive protection, yet 65% of reporting firms believe the control is in place. There's a bit of a disconnect in those two statements. In my view, there is a lot for everyone to learn in the definitional sense about this area (I know I did). Page 6 of the survey is a good place to start. R E A S O N # 1 Learn Why Compliance Does Not Equal Security Frameworks like NIST, FedRAMP, SOC2, or CIS are all helpful, but they are for the most part point-in-time snapshots of information to be documented. Security is, of course, continually changing. The survey alludes to the type of paradigm which is arguably most helpful (dynamic orchestration). ILTA F E A T U R E S Kenneth Jones is Chief Operating Of ficer at Xerdict Group LLC, technology subsidary of Tanenbaum Keale LLP