The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/80353
case studies Some additional technologies that should be considered are intrusion prevention/detection systems (IPS/IDS), data loss prevention (DLP), security information and event management (SIEM) and vulnerability scanning. Other areas to consider are yearly third-party audits, physical/building security, video surveillance and special security concerns for certain countries/regions. Clients have helped push our security agendas to the forefront. With many of us tasked to implement new security mechanisms, bridging the gap between our groups is not only a good idea, it's a requirement. The information management team relied on the security group to assist with generating Exchange and eVault reports. Bridging the Gap: Our Firm's Story Some encounters are purposeful and deliberate. Others are fortuitous. For our firm, the dialog that began between information security and information management was both. It began with information management's need to securely transfer data between other firms and clients. Once the dialog began, there was no shortage of overlapping projects. That list of projects has continued to grow and includes the following: FTP/SFTP Setup. Our records department was fraught with high volumes of data that needed to be transferred securely to other firms due to attorney departures. In addition, litigation support needed to move internal data easily and quickly. Established procedures for encrypting data released on portable media were in place, but they were time-consuming and cumbersome. As FTP is one of the fastest methods of transferring data, it seemed the logical solution; however, much discussion was necessary to determine specific requirements and reach consensus on the best outcome. Activity Monitoring. It could easily be assumed that monitoring activities would fall strictly into an information security "bucket." However, by monitoring certain systems and activities — such as actions taken by a user related to documents in a DMS — the information management department can glean valuable insights. For example, requests for client-related documents might preclude a departure or a client request for transfer, and proactive steps might need to be taken to facilitate the proper release of information. We watch any system usage that is out of the ordinary and recommend monitoring key systems, such as email, DMS and file shares. There are many solutions on the market, although a simple SQL reporting job will do the trick without requiring exorbitant amounts of time and money. Our information management and information security departments have worked together to identify a need and a solution, but collaboration is most effective when communication and escalation protocols are created to thwart any activities that may compromise security or bypass policies. "Big Data" Management. File-shares historically have been managed with no rhyme or reason. Our records department came in and brought some structure and organization to the content. We applied tools to organize data, sorting and moving according to client, matter or responsible individual. But unlike the hard copy world, getting additional storage went beyond clearing a few feet on a shelf. We needed storage with appropriate security and permissions. This afforded us an opportunity to strategize with our information security staff to address a long-standing risk management concern. We collaborated to create a solution that would best meet long-term goals for regionalizing and centralizing file shares. Legacy Data Clean-Up. The information management team recognized the sensitivities surrounding the over-retention of unnecessary data, and the information security team understood the toll the volumes of stored data took on our internal systems and the risk that this posed the firm. It is often best to focus on areas of high risk and identify "low-hanging fruit" with which to make marked progress and improvement. Departed user mailboxes were in this category and were our first line of focus. The records management team relied on the security group to assist with generating Exchange and eVault reports to ensure that unused mailboxes and vaults were removed. Our continued collaborative efforts will whittle down the volumes of unnecessary data that we had been retaining needlessly, ultimately improving system performance. Security Audits. Many of our larger clients, particularly financial institutions, are subject to intense regulatory scrutiny; and they, in turn, are auditing all of their vendors. We are now working to comply with their rigorous security requirements. The work of our groups overlaps on setting and following policy and compliance guidelines, and we must communicate effectively so that we respond to the audits with a full view of the organization's paper and digital content. Litigation Holds. While each firm may have different processes for dealing with preservations, a partnership between the information management and information security groups can help establish a defensible protocol that optimizes people and processes, and that leverages features within existing technologies — such as Exchange 2010 — to increase compliance and aid in reporting and required information sharing. Technology Evaluations. Now that we have discovered the benefits of partnering closely on various initiatives, our work together is just beginning. We continue to evaluate: 40 Peer to Peer