Talk to an Expert
Search
Close this search box.
hamburger menu

Three Security Risks Lurking in Your eDiscovery Environment

How To Plug These Security Holes Right Now

Over the course of my fifteen-year career as a technology consultant, I’ve audited hundreds of eDiscovery environments. I’ve been privileged to work with thousands of bright and capable eDiscovery specialists in all major industries and on almost every continent. These people amaze me. They are diligent, focused and committed to their careers and companies. Yet, even with all of this dedication, I’ve continually encountered something that troubles me. Nearly every eDiscovery environment I’ve audited contains security holes. These holes exist despite the very best efforts to secure client data. 

The Panama Papers, a motion picture based on the real-world experiences of the law firm Mossack Fonseca, foregrounded the fall-out of security leaks. We all know how damaging it is to be in those public crosshairs. I really don’t want to see this happen to you, your company, or your clients. So, in this thought piece, I want to outline the three most common security holes I see in nearly every eDiscovery environment I’ve audited. These security holes might very well be in your environment. I also want to offer you practical and ready-to-implement steps you can take right away to plug these holes.

Who This Counsel Is For

I recognize that I’ve made a strong claim above. Nearly every eDiscovery environment I’ve audited does indeed contain security holes. But even if your organization does not have the security holes I’m about to describe, that doesn’t mean you won’t benefit from considering my counsel. Security is as fluid as a river, subject to new threats and continual disruptions. The people who want to steal your data and hold it for ransom are clever and nimble, never ceasing in their efforts and tactics. This means vigilance never goes out of style.

One of the biggest mistakes I see organizations make is believing that security is something you do one time, then you’ve got it licked. That is not a healthy way to think about security. So, from the very start, my first piece of counsel is this. Change your mindset about security. Don’t view it as something you do once in a while. Don’t think that passing an annual security audit means you are not at-risk of a breach. Think of security like electricity: always flowing, necessary for getting work done and, if wrongly used, it will burn down your business.

Here is who I see being at-risk of eDiscovery security breaches. This includes any organization that:

  • Takes possession of another entity’s data for the purpose of reviewing matters. This might include litigants in a dispute, audits to satisfy regulators or even internal investigations.
  • Migrates data from clients’ internal IT systems to external systems where the review will take place.
  • By virtue of taking possession of the data, therefore bears responsibility to protect the integrity of the data from accidental or intentional exposure.

If your organization engages in this activity, my advice here could be crucial for protecting your brand and giving clients real peace-of-mind. Here are three steps you can take right now to plug those security holes:

  • Uncouple your eDiscovery environment from your general IT environment.
  • Eliminate shared logins.
  • Adopt identity management tools.

Let’s take a closer look at each of these ideas.

Uncouple Your eDiscovery Environment From Your General IT Environment

The first security hole I usually encounter comes from “coupling.” In the technology world, systems are “coupled” when they are somehow integrated together, connected if you will. Many organizations make this unnecessary mistake. I have yet to encounter a scenario where general IT systems and eDiscovery systems have to coexist in the same environment and be connected. These systems can be separated with little to no impact on users and performance.

Most organizations involved with eDiscovery recognize the need to protect client data. However, they are often nominally aware of the threat of coupling. Here’s the risk as I see it. The IT environment, for most organizations is where malware, ransomware and viruses tend to penetrate—not the eDiscovery environment. This is well-documented these days. High profile cases often show that malicious code was embedded in the IT systems of hacked organizations for months or even years.

If your IT environment is not separated from your eDiscovery environment, you’ve potentially given hackers a bridge to your clients’ data. Of the eDiscovery audits we’ve conducted with organizations who’ve been hacked, the general IT environment is often the breach point. We’ve seen some companies attempt to address this with firewalls, password managers and the like. Usually, these efforts are not enough to truly sever the bridge. To fix this, you need hard barriers.

The solution I recommend is actually pretty straight-forward. The way to federate your eDiscovery and IT environments is by taking these steps.

  1. Segregate your authentication systems (how users login) at the domain level. This means users are logging into a completely separate set of systems to do their eDiscovery work.
  2. Leverage identity management tools to authenticate your users. This usually means they are accessing your eDiscovery environment through a browser that is passing authentication to an application, not a traditional login. This degree of separation provides a hard barrier between IT and eDiscovery systems. Users literally cannot introduce viruses and ransomware into the eDiscovery environment.

This approach substantially limits the risk of your IT environment unintentionally poisoning your eDiscovery environment.

Eliminate Shared Logins

The second security risk I often encounter comes from shared accounts. Here’s how this usually works and why organizations engage in this behavior. Many eDiscovery reviews involve the ingestion of client data into the service provider’s environment. The EDRM describes this as “Processing” ESI (electronically stored information). The ingestion process is crucial to a successful review. Unfortunately, these processes usually do not run themselves. They can run into roadblocks that only administrators can solve due to their technical skills and elevated privileges.

Depending on how much data is being ingested, Processing could be a simple and quick task, requiring just a few hours. Or it could take days to complete—especially if terabytes of data are involved. These types of matters are the big dollar engagements that most eDiscovery organizations really want. If it takes days, multiple administrators will need to oversee this process to ensure it goes well. After all, they need to sleep too. This is where shared identities come in.

If Processing lasts for several days, multiple administrators will be involved. But they do not want to log in and log out as individual users because that could interrupt the ingestion process in most mainstream eDiscovery applications today. This is an inherent limitation in how most of these applications work. To overcome this, many administrators “take over” the login credentials of other administrators. This is a problem for three primary reasons:

  • The audit log will not reflect the actual behavior (logins, logouts, system changes, etc.) of a real administrator.
  • The accountability for “who did what and when” gets completely lost. To the system, it can appear as if one user did everything even though multiple people were involved.
  • Access governance is a nightmare because it is almost impossible to discern if users are authorized employees or rogue individuals.

But these problems are compounded by two additional factors. Most administrators have elevated privileges, which they need to do their jobs. This means they sometimes have admin-level access to the entire eDiscovery environment, which makes their credentials particularly powerful and dangerous. If hackers get access to their credentials, it’s game over. But because of the application limitations, administrators have to share credentials with other administrators. Every time they share, they put their login credentials at-risk.

Here’s how I encourage you to think about this. The big-ticket eDiscovery engagements that you probably really want also put you at the greatest risk of compromised access and credential sharing. It’s a real conundrum.

I have two recommendations to address this issue. First, have you heard of credential vaulting? These types of tools, from companies like CyberArk or Thycotic, can fix this problem. Here’s how:

  • Organizations deploy a credential vaulting solution and apply it to individual users. This means users are logging directly into the credential vault, not the eDiscovery application.
  • The credential vaulting tool provides access to the eDiscovery environment for authorized users. In some instances, the user may not even know the login details for the eDiscovery application.
  • At any given time, users on the system can be verified as authorized or identified as potentially rogue. This allows for real-time control of access to eDiscovery resources.
  • The credential vault creates an audit log, which reinstitutes true accountability at the individual level.

The second solution I recommend leverages workflow automation like Rampiva. Here’s how they work:

  • Organizations deploy the tool and create user accounts for administrators.
  • Users login to the tool and access the eDiscovery environment indirectly, by way of a browser.
  • This allows administrators to launch Processing jobs and monitor progress.
  • In many instances, this is all that is required to complete processing. Only if a job encounters issues does an administrator then need to login to the eDiscovery environment. Even if this occurs, administrators do not need to share credentials.

This approach reinstitutes true accountability at the user level. It also dramatically reduces the need to share valuable credentials.

Adopt Identity Management Tools

The third security risk I frequently encounter has to do with identity management. Organizations often encounter the challenges I’m about to describe when they adopt some of my recommendations above but do not pair those with identity management tools. For example:

  • Some organizations don’t federate IT and eDiscovery environments, requiring users to login to different systems.
  • Some organizations adopt credential vaulting and workflow automation tools. These also come with separate login requirements.

After a while, the proliferation of user credentials can become a real problem. How users store and manage passwords can also put their accounts at-risk of breaches. But there’s an even bigger problem. Not all systems require the same type of process for logging in, particularly two-factor authentication, usually by way of a mobile phone. In other words, if a user logs in to five different systems over the course of their workday, two of these might require two-factor authentication but the other three do not. This is not a best practice.

To address this issue, I often recommend a single-sign-on identity management tool. Companies like Okta create these solutions. They’re usually very affordable and they fix a lot of problems. Here’s how they work:

  • An organization deploys a single-sign-on solution for their users. They establish user accounts and make sure to enable two-factor authentication (this is available in most of these types of tools although it’s often an optional setting).
  • A user starts their day by logging in to the single-sign-on environment. When they do, they are taken to a portal that provides them with access to all of the applications and resources they need to do their job. Over the course of their workday, they usually don’t need to login to anything else.

This type of solution has a lot going for it:

  • It’s far more secure because it requires two-factor authentication.
  • It simplifies the user experience and makes it easy for them to login one time—not five or more times.
  • It does not require users to manage, store or recall passwords for individual applications.
  • It creates an audit log to maintain governance and accountability.

Final Thoughts

Most of the eDiscovery environments I’ve been privileged to audit do indeed have security holes that put their organizations at unnecessary risk. In this thought piece, I’ve presented three potential solutions that can make a real difference.

  • Federate your general IT environment from your eDiscovery environment.
  • Eliminate shared identities, usually due to application limitations.
  • Adopt identity management tools.

These three solutions can significantly enhance your security stance. Even so, I also recommend that you think of security as something that requires ongoing vigilance. Security is never one-and-done because the value of client data is simply too enticing for cybercriminals. If you have questions about any of the points I’ve raised in this thought piece, please know my door is open.

More Articles

Linkedin
Solutions
Community
About

© GeorgeJon Inc, all rights reserved

Scroll to Top

Talk to an Expert

"*" indicates required fields

Your Name*
Hidden
This field is for validation purposes and should be left unchanged.

Talk to an Expert
We use cookies to personalize content and provide you with an improved user experience. By continuing to browse this site you consent to the use of cookies. Please visit our privacy and cookie policy for further details.
I understand

Nico Van der Beken

ADVISORY BOARD MEMBER

Former Big 4 Partner and renowned forensics expert Nico Van der Beken is a key member of our Advisory Board. Following a distinguished career assisting major law firms and corporations involved in criminal, civil, regulatory, and internal investigations as a partner at KPMG Switzerland, Nico today provides advisory services to global eDiscovery businesses. Employing his specialized knowledge in Investigations, Intelligence, Diligence, Digital Forensics, Cryptocurrency Forensics, Data Analytics, eDiscovery, and Cyber Response, Nico provides expert insights into the European market and steers strategic growth for GeorgeJon.

In an industry where knowledge is power and experience begets performance and profitability, GeorgeJon is constantly absorbing and documenting real-world solutions to proactively improve client systems. Tapping the knowledge of a 25-year industry veteran augments this knowledge base with a client-side focus and market-specific insights. A leader of Forensic Technology teams at PwC, Deloitte and KPMG, and a co-founder of the Swiss office for Stroz Friedberg, Nico aligns GeorgeJon’s proven solutions with client expectations and needs.

Nico is also the co-founder of Undecom, the first global internet search platform specifically designed to congregate investigators, forensic experts, detectives, intelligence professionals, security experts, and customers from all over the world. He holds an Executive MBA in Technology Management from the Université de Fribourg and a Master of Science in Industrial Sciences from Hogeschool West-Vlaanderen.

Amy Mejia

SENIOR DIRECTOR, HUMAN RESOURCES

Amy Mejia has spent her career enhancing people operations and leading strategic HR initiatives for growing companies across a wide range of industries. She develops and evolves GeorgeJon’s HR processes and programs on a daily basis, including talent management and development, employee engagement, compensation/benefits, and much more. She is perpetually focused on helping GeorgeJon achieve ever-evolving goals by optimizing company-wide productivity and satisfaction.

Amy holds a Bachelor’s degree in English from Northeastern Illinois University, a Professional in Human Resources (PHR) Certification from the HR Certification Institute, and is a Society for HR Management (SHRM) Certified Professional (CP). She is a Chicago native and mother of two young boys.

Kaya Kowalczyk

SENIOR DIRECTOR, MARKETING

Kaya drives GeorgeJon’s marketing strategies and initiatives. She is responsible for overseeing all aspects of marketing, branding, and communications to enhance the company’s visibility, attract target audiences, and support business growth. Works closely with the executive team and collaborates with cross-functional departments to achieve marketing goals and ensure alignment with the company’s overall objectives.

During Kaya’s 18 years at GeorgeJon, she has excelled at myriad technical and business roles, developing a comprehensive understanding of GJ’s operating model while implementing programs that nurture the sustainable growth and healthy maturation of the organization. 

Reynolds Broker

CHIEF OF STAFF

Reynolds is the primary advisor, spokesperson, and tactical right hand for the Executive Team (Founder, COO, CTO). As an innovative strategist, consultant, and implementer, he spearheads the successful execution of mission-critical projects and strategic initiatives across the organization, specializing in organizational alignment, business operations governance, and marketing/communications management. His diverse professional and educational experience is rooted in the technology, corporate finance, and government affairs sectors.

Reynolds holds an International MBA in Corporate Finance and Spanish from the University of South Carolina and a bachelor’s degree in International Affairs from the University of Georgia.

Darrin Hernandez, CPA

VICE PRESIDENT OF FINANCE

Darrin Hernandez is the Vice President of Finance for GeorgeJon, responsible for ensuring corporate financial vitality, including accounting strategy, cash flow, reporting, forecasting, budgeting, and legal/insurance/tax compliance. Possessing a unique background that meshes accounting & finance expertise and executive management with emerging technology initiatives, Darrin is uniquely qualified to bring stability and foresight to GeorgeJon’s financial endeavors.

Over the course of his twenty-year career in corporate finance and accounting, Darrin has established himself as an authority in tech-enabled services and SaaS businesses. Prior experience in the cyber-security, bookings management as an online marketplace, and digital transformation consulting spaces provided invaluable insights for anticipating and adjusting to the ever-changing landscape that permeates the tech industry. Being nimble, adaptable, and prepared is necessary to deliver stability for fast-growing companies, and Darrin is the man with the plan.

Darrin has a B.S. in Accounting from Northern Illinois University and is a Certified Public Accountant. He lives in Chicago with his wife and two kids.

Allison Jessee

CHIEF REVENUE OFFICER

Allison Jessee is the Chief Revenue Officer at GeorgeJon. With 20+ years of experience in sales, account management, and customer success, Allison has demonstrated a profound commitment to driving growth and success for both GeorgeJon and its customers. She delivers deep industry knowledge, strategic vision, and an endless passion for innovation to guide customers through the complexities of data ecosystems while future-proofing operations.

Allison’s expertise in sales automation, strategy and sales execution, and customer relationship management makes her the ideal leader to guide GeorgeJon’s revenue growth.

Formerly Vice President of Customer Success at GeorgeJon, Allison led a team of customer success managers dedicated to optimizing eDiscovery ecosystems and data management solutions for some of the world’s leading law firms and corporations. Her collaborative approach with the sales, marketing, and tech teams has been instrumental in developing and executing strategies that have increased customer retention and satisfaction.

Prior to her tenure at GeorgeJon, Allison was the Vice President of Customer Success and Account Management at UPSTACK, where she played a pivotal role in launching and scaling a cloud-based platform for IT infrastructure services. Her experience also includes serving as the Director of Client Engagement at HBR Consulting, where she managed a diverse portfolio of clients in the legal industry and delivered strategic and operational solutions for Data Center, Network, and eDiscovery Hosting.

Ryan Merholz

VICE PRESIDENT, ENGINEERING

Ryan Merholz is the Vice President of Engineering at GeorgeJon. An experienced eDiscovery industry veteran, Ryan oversees our support, professional services, and security programs to ensure world-class customer experiences for our global client base.

Ryan’s service acumen and technical expertise was honed over 15+ years in the eDiscovery realm at Relativity, where he built and led customer support/success, program management and consulting teams. He led the transition of Relativity’s support organization to the cloud and evolved their approach to customer success management for service providers. He is also a passionate advocate for workplace inclusion, diversity and belonging.

Ryan has a B.S. in Electrical and Computer Engineering from Ohio Northern University and lives in the Chicago suburbs with his family. When not working, Ryan enjoys going to the theater, trying new restaurants, and walking his dogs.

Tom Matarelli

CHIEF SALES OFFICER

Tom Matarelli is the Chief Sales Officer at GeorgeJon. A proven eDiscovery innovator, thought leader, and community contributor, Tom’s leadership skills, global perspective and technical expertise provide deep knowledge to our global customer base. He brings 15+ years of experience in Governance Risk Compliance and Legal Technology to the GJ Leadership Team. 

Tom has held leadership roles at multiple eDiscovery technology providers, including Relativity, Vertical Discovery / Ligl, and Reveal. Starting his career as a CPA, Tom quickly moved into forensic accounting and investigations, eventually focusing on forensic technology for eDiscovery. He migrated this knowledge base to the software market, joining Relativity to build and lead their global advisory practice. He has helped law firms and corporations adopt AI-based workflows for eDiscovery, investigations, audits, and corporate compliance.

Tom holds a BA in Accounting and Marketing from Western Illinois University and an MBA in Finance from the University of Chicago Booth School of Business. He is active in the local community, mentoring Chicago Public School students and coaching little league baseball.

George Orr

COO / CHIEF OPERATING OFFICER

George Orr is a transformational leader who informs and drives the day-to-day operations of GeorgeJon. Working in close partnership with George Nedwick, CEO, he strategizes and implements both daily and long-term initiatives for the business.

Orr held multiple executive roles at Relativity, leading customer teams focused on support, professional services, customer success, and the growth of the certified professional community throughout his tenure. Orr was an original member of the Relativity “go-to-market team” in 2007, and helped grow the company in revenue and employees (5-1500). Orr brings his operational expertise and understanding of the eDiscovery customer landscape to the GeorgeJon team.

When not in the office, George can usually be found at a Pearl Jam concert or taking on new adventures with his family.

George Nedwick

CEO / FOUNDER

George Nedwick is the founder, owner, and principal architect of GeorgeJon (GJ). Under George’s leadership, the company has grown from an IT startup to an internationally acclaimed industry leader serving a global client base.

George is a world-class systems architect who has spent fifteen years perfecting a performant, scalable, modular eDiscovery framework that can be replicated and managed on a universal scale. Recognizing a deficiency in technical expertise, storage capabilities, and cost-effective oversight within the eDiscovery industry, George methodically built a team to address this challenge. This includes forging partnerships with hardware manufacturers (Dell), software providers, and leading industry software providers to develop best practice methodologies for optimized infrastructure, specifically designed to meet the demanding needs of eDiscovery users.

George has developed clients in multiple vertical markets, including multinational corporations, leading law firms, government agencies, consulting firms, and premium service providers. He has proven expertise in working with sensitive/classified data and is well versed in navigating complex international data export laws. George has also moved the firm into creation and delivery of proprietary hardware, specifically monitoring appliances that can be placed at client sites to allow for remote access and 24/7 monitoring of all infrastructure components.