eDiscovery users must segregate their highly sensitive data from everyday ops.
Information assets maintained by law firms, corporate enterprises, and third-party service providers are constantly under siege from growing, ever-evolving cyber-attacks. As a member of the eDiscovery community and due to the highly sensitive nature of the data you process and store, your firm has a target on its back and for good reason.
eDiscovery and investigation platforms hold multiple petabytes of pre-indexed and easily searchable data, which makes them a treasure trove for mining sensitive information, and in the event of a targeted attack, hackers have the ability to access valuable ESI built into the platform.
The Challenge of Overlapping Requirements
eDiscovery platforms traditionally leverage a mixture of service accounts and data repositories that end users leverage to read and to write while also having an elevated local administrator account reading from these same repositories. The overlapping requirements can make it difficult to scrutinize/examine federated identity solutions and to provision the environment security controls necessary to combat ransomware, brute force, and/or spear phishing attacks that are the leading mechanisms for malware and credential theft.
When conducting security audits for clients across the globe, from Toronto to Tokyo, GeorgeJon’s team of security consultants are often faced with a recurring set of factors that undermine the security and integrity of environments. The most notable and pervasive are as follows:
- Service accounts are rarely rotated due to the complexity and/or limited understanding of eDiscovery platforms
- SQL database permissions are overly permissive and common hygiene items are discarded
Why You Should Silo Systems
At GeorgeJon, we advocate for segregating your eDiscovery platform from the everyday operations of your company/law firm. By keeping your eDiscovery operation siloed, you gain an additional layer of defense against the spread of ransomware, credential theft, and virus/malware propagation that can occur when a malicious party gains access to a user account on your primary IT ecosystem. In addition to a siloed eDiscovery practice, your organization can realize additional security gains by employing the strategies listed below, all of which will significantly reduce the areas of exposure that these data warehousing platforms maintain:
- Adhere to a strict platform maintenance schedule to apply mission-critical security patches
- Leverage a federated identity provider in order to reduce password reuse and enable two-factor authentication
- Perform scheduled account password rotations through a privileged access management (PAM) tool
If you found this information helpful and would like to tap into GeorgeJon’s wealth of knowledge and experience, please contact us for a security audit consultation at your convenience.