Menu
Data Domain Security
Abracadabra! How to ward off evildoers and keep your data domains secure.
eDiscovery users must segregate their highly sensitive data from everyday ops.
by Jordan McQuown
Information assets maintained by law firms, corporate enterprises, and third-party service providers are constantly under siege from growing, ever-evolving cyber-attacks. As a member of the eDiscovery community and due to the highly sensitive nature of the data you process and store, your firm has a target on its back and for good reason.
eDiscovery and investigation platforms hold multiple petabytes of pre-indexed and easily searchable data, which makes them a treasure trove for mining sensitive information, and in the event of a targeted attack, hackers have the ability to access valuable ESI built into the platform.
The Challenge of Overlapping Requirements
eDiscovery platforms traditionally leverage a mixture of service accounts and data repositories that end users leverage to read and to write while also having an elevated local administrator account reading from these same repositories. The overlapping requirements can make it difficult to scrutinize/examine federated identity solutions and to provision the environment security controls necessary to combat ransomware, brute force, and/or spear phishing attacks that are the leading mechanisms for malware and credential theft.
Common Mistakes
When conducting security audits for clients across the globe, from Toronto to Tokyo, George Jon’s team of security consultants are often faced with a recurring set of factors that undermine the security and integrity of environments. The most notable and pervasive are as follows:
- Service accounts are rarely rotated due to the complexity and/or limited understanding of eDiscovery platforms
- SQL database permissions are overly permissive and common hygiene items are discarded
Why You Should Silo Systems
At George Jon, we advocate for segregating your eDiscovery platform from the everyday operations of your company/law firm. By keeping your eDiscovery operation siloed, you gain an additional layer of defense against the spread of ransomware, credential theft, and virus/malware propagation that can occur when a malicious party gains access to a user account on your primary IT ecosystem. In addition to a siloed eDiscovery practice, your organization can realize additional security gains by employing the strategies listed below, all of which will significantly reduce the areas of exposure that these data warehousing platforms maintain:
- Adhere to a strict platform maintenance schedule to apply mission-critical security patches
- Leverage a federated identity provider in order to reduce password reuse and enable two-factor authentication
- Perform scheduled account password rotations through a privileged access management (PAM) tool
Learn more!
If you found this information helpful and would like to tap into George Jon’s wealth of knowledge and experience, please contact us for a security audit consultation at your convenience.
About This Document
George Jon (GJ) is an eDiscovery infrastructure, product and process specialist, delivering performant, scalable, fault tolerant environments for users worldwide. GJ works with global corporations, leading law firms, government agencies, and independent resellers/hosting companies to quickly and strategically implement large-scale eDiscovery platforms, troubleshoot and perfect existing systems, and provide unprecedented 24/7 core services to ensure optimal performance and uptime.
George Jon’s (GJ) conclusions are informed by fifteen-plus years of conducting enterprise-class eDiscovery platform assessments, application implementations and infrastructure benchmark testing for a global client base. GJ has compiled extensive quantitative and qualitative insights from the research and implementation of these real-world environments, from single users to multinational corporations, and is a leading authority on eDiscovery infrastructure.
About the Author
Jordan McQuown
CHIEF TECHNOLOGY OFFICER (CTO), GEORGE JON
Jordan McQuown is an authority in information technology, cyber security, electronic discovery, and digital forensics. He has written Thought Leadership articles for the American Bar Association’s Cybersecurity Handbook and Information Security Magazine, and he is a regular speaker as a subject matter expert on the eDiscovery security, application and legal conference circuits.
Be the master of your domain. Let’s talk.
