Information assets maintained by law firms, corporate enterprises, and third-party service providers are constantly under siege from growing, ever-evolving cyber-attacks. As a member of the eDiscovery community and due to the highly sensitive nature of the data you process and store, your firm has a target on its back and for good reason.
eDiscovery and investigation platforms hold multiple petabytes of pre-indexed and easily searchable data, which makes them a treasure trove for mining sensitive information, and in the event of a targeted attack, hackers have the ability to access valuable ESI built into the platform.
eDiscovery platforms traditionally leverage a mixture of service accounts and data repositories that end users leverage to read and to write while also having an elevated local administrator account reading from these same repositories. The overlapping requirements can make it difficult to scrutinize/examine federated identity solutions and to provision the environment security controls necessary to combat ransomware, brute force, and/or spear phishing attacks that are the leading mechanisms for malware and credential theft.
When conducting security audits for clients across the globe, from Toronto to Tokyo, George Jon’s team of security consultants are often faced with a recurring set of factors that undermine the security and integrity of environments. The most notable and pervasive are as follows:
- Service accounts are rarely rotated due to the complexity and/or limited understanding of eDiscovery platforms
- SQL database permissions are overly permissive and common hygiene items are discarded
At George Jon, we advocate for segregating your eDiscovery platform from the everyday operations of your company/law firm. By keeping your eDiscovery operation siloed, you gain an additional layer of defense against the spread of ransomware, credential theft, and virus/malware propagation that can occur when a malicious party gains access to a user account on your primary IT ecosystem. In addition to a siloed eDiscovery practice, your organization can realize additional security gains by employing the strategies listed below, all of which will significantly reduce the areas of exposure that these data warehousing platforms maintain:
- Adhere to a strict platform maintenance schedule to apply mission-critical security patches
- Leverage a federated identity provider in order to reduce password reuse and enable two-factor authentication
- Perform scheduled account password rotations through a privileged access management (PAM) tool
If you found this information helpful and would like to tap into George Jon’s wealth of knowledge and experience, please contact us for a security audit consultation at your convenience.
ABOUT THE AUTHOR
Jordan McQuown, Vice President of Technology.
Jordan is responsible for constructing and evergreening George Jon’s technology (application and infrastructure) portfolio. Over the course of a 17-year career in the IT consulting and eDiscovery industries, he has established himself as an authority in information technology, cyber security, electronic discovery, and digital forensics. Jordan’s work has been published in numerous industry-specific publications, including the American Bar Association’s Cybersecurity Handbook and Information Security Magazine, and regularly speaks as a Subject Matter Expert (SME) on the eDiscovery Security, Application (NUIX and Relativity), and legal conference circuits. Jordan holds a B.S. in Computer Networking from Pennsylvania College of Technology, and is CISSP, GCFA, GPEN, GCIH, GSEC, VCP, & CCNA accredited.