Entrusted with their clients’ most sensitive business information, law firms must prevent the spread of breaches between matters and litigants, demonstrating that data in their custody and control is adequately protected and actively risk-mitigated.
Law firm IT teams manage critical client evidence in rolling data collections, host large volumes of data in deal rooms and review tools, maintain large document management systems to centralize work product and expertise, and support critical attorney work in protecting client privilege in review and production, as well as administer hybrid cloud applications across the world to support these activities.
Managing security across heterogeneous systems with accountability to segment data for multiple clients and matters poses several challenges, including:
Like attorneys, security professionals honor the principle of “least privilege” or allowing stakeholders access to information only for the most legitimate business purpose – also known as Zero Trust security. Cybersecurity best practices from the MITRE ATT&CK Framework assume that systems are actively compromised, and requires working proactively to stop the lateral movement of malicious actors. Attackers employ multiple techniques, often compromising a low value system via endpoints, public cloud, or authorized third parties to gain a beachhead before moving laterally to gain access to more high value assets.
To combat these threats, law firms must enable real-time visibility, understand their threat profile, and map out bad actors’ potential attack pathways, enhancing the organization’s ability to precisely scope compliance control regimes and execute a least privilege security posture.
Zero Trust security has been adopted as a common framework by the world’s most highly-regulated businesses and serial litigants. Banks complying with industry security standards like PCI-DSS, the SWIFT Customer Security Program, and new regulations like the Payment Service Directive (PSD2) are setting new standards and accountability for supporting least privilege principles – postures also expected of their Counsel and other parties with custody of data.
Following the Zero Trust model, organizations determine how transactions flow across the entire business ecosystem and how users and other systems access applications, services, and data. They create micro-perimeters across dependent applications, services, and other resources, apply granular policies and control, and continuously monitor for any suspicious behavior or anomaly — the tell-tale signs of an intrusion.
The Adaptive Security Platform® (ASP) enables Zero Trust security by giving you: