Sunday, October 16, 2016

InfoScary (Part 1) : A Pessimistic View on Information Security


With the success of "Shark Week" this past summer, our focus on Outside Counsel Guidelines and Terms of Business Management, and a brimming list of new updates to share on an old theme, we're kicking off the Halloween fright season with "InfoScary," and focusing on information security and confidentiality management.

First up, comes a fascinating story from the Legal Technology Insider (known also as "The Orange Rag," because of it's roots -- It was originally paper based... distributed on orange media to prevent photocopying). They note: "Dentons trials NetDocuments & pessimistic security model" --
  • "Dentons is set to launch a proof of concept of NetDocuments’ cloud-based document management system, as the 7,300-lawyer firm also moves closer to locking down its files to all but those immediately involved in its matters. Dentons is a long term iManage client but, as part of a five-year plan put in place by global chief information officer Marcel Henri, will review its DMS and knowledge management arrangements in two years’ time."
  • "The trial comes as Dentons also moves closer to a pessimistic security model, under which documents are only accessible by staff who are granted access by the firm. Fears over security, particularly sophisticated phishing attacks, where a hacker tricks staff into handing over confidential login details and assumes their privileges, have led a number of firms to discuss increasing their internal security measures. However, for reasons of convenience, cost, and resources, the vast majority of law firms still operate an optimistic security model, whereby documents are often restricted but the default position is that they are accessible across the firm."
  • "Henri told Legal IT Insider: 'There is a push within the firm for a completely pessimistic security model; it’s what clients expect. The business gets it but of course some parts of the business are resisting it because it limits your ability to share knowledge and content. Firms have invested heavily in search but what is a search if everything is locked down?'"
  • Dentons is currently trialing a pessimistic security model in Germany and Henri added: 'Whatever solution we go with, whether it be iManage or NetDocuments, it will most likely be under a pessimistic security model... ne scenario we have discussed is to draw a line in the sand and say that, from a given date, we will apply a pessimistic security model and lock things down. In order to be able to share best practice and model documents, you are going to have to put more effort in the qualification of those documents and you are going to have to clean them and profile them, which is an extra workload.'"
  • "he decision follows recent high profile security breaches and leaks such as the Panama Papers. Henri said: 'In light of the many recent security breaches that have made the headlines, I simply don’t think firms will have a choice.'"
We've covered these issues before, but it's fascinating (and quite informative) to see such a prominent firm so publicly discuss its plans in motion. We previously noted:
  • "There has been a growing legal industry shift towards adopting 'members only' internal security models, where only individuals that are members of a particular matter team can access sensitive client data, or 'hybrid' models where matters in specific practice groups or geographies default to closed access, while others remain open."
  • "According to the just-published ILTA technology survey, the number of firms moving to a "pessimistic" security model grew by 50% in the past year. (Though, for context, we note that the survey reports that 6% of firms have embraced the closed or hybrid confidentiality model.)"
I'd be remiss if I also didn't note that given the complexities associated with managing complex and often overlapping information access and security policies, firms look to commercial solutions. And the ILTA technology survey highlights the growing adoption of these solutions (and the market leader):
  • 81% of firms now report using software to manage ethical walls and internal confidentiality controls – a 16-point jump from last year.
  • Intapp continues to lead in this category, serving 79% of firms with 150+ lawyers using commercial information security software.
For more information about enhancing information security and confidentiality management, there's no better voice than webinars and case studies of peer firms: Intapp Walls Webinar Library.

No comments:

Post a Comment