The quarterly publication of the International Legal Technology Association
Issue link: http://read.uberflip.com/i/116777
ask the expert Are there new pressures influencing the way firms and legal departments traditionally have managed data? Todd: New pressures include the sheer volume and varying types of data we're seeing users capture and store, including video, sound, very large PDFs and even databases — none of which belong in traditional stores with our work product. Some firms are putting a storage cap on personal drives and saying you can manage it however you wish, but that's all the storage you get. Another major issue is data outside the firewall. Users increasingly are accessing sensitive data on mobile devices, and that's easy to lose track of and even easier to misplace. The less security on the device, the easier it is to move around. This is a real challenge for IT professionals. In the ILTA Technology Survey this year, we got a lot of comments about data in motion being the number one security issue for law firm CIOs and security people — how to secure it and how to govern user behavior. It's very difficult. Adam: As Todd mentioned, mobility comes to mind. End users want to be able to access their data from pretty much anywhere and have full access to work all the time, wherever they are. This can create a strain on storage environments. Technologies like VDI can also be very taxing on the storage environment and have definitely caused IT to re-evaluate security processes. Eric: For me, there are new pressures with the variety of potential sources of data in the corporation around social media such as Twitter, Facebook, YouTube, etc. Another data management pressure is from using software-as-a-service and storing documents in the cloud and cloud-based applications, including how to manage, preserve and collect data in these services. Sean: We're feeling pressure from the increasing demand for client security reviews and audits. The other very acute problem on the horizon is that the Department of Health has finally published their regulations around the HIPAA and HITECH acts, specifically the ones pertaining to business associates. The majority of law firms, through their representation of doctors or health care organizations, typically fall into that category, and there are now some very clear fines and penalties involved if personal health information is not handled in an appropriate manner. How have changing client security demands influenced the way data are managed? Sean: The risk of maleficence by individuals within a firm and pressures from the client to segregate data out to only the appropriate people challenge the optimistic security model of most document systems. Firms really have to look at much more sophisticated ways of layering options on top of traditional 98 Peer to Peer knowledge-sharing models to segregate our client data more accurately with very specific security demands. Todd: I think the change in client security demands is our salvation. Law firm technology is incredibly difficult due to the relative autonomy and the influence of our attorneys over our decisions on the intersection of security and ease of use. This balance is delicate. Corporations have stronger centralized administrative authority, so they can dictate stronger security practices. The bad guys understand this, as do our clients. So clients are pushing their outside counsel for a security sensibility that's more in evidence. These stronger demands are a huge help because they give us some leverage. We can tell a partner that his client is asking for this, and we're obligated to deliver it. Adam: In the past, storage would be in multiple locations and on different hardware platforms, but nowadays there tends to be just a single platform that holds all the data. When you centrally manage it like that, it gives you a tighter grasp on everything as a whole, and it gives you better control over how you want to do DR planning and other strategies of that nature. Eric: From the corporation side, we need to protect the privacy of our customers and our own employees. A lot of data that we generate is confidential to the company. We also need to protect our IP, a lot of which is done through access controls and other means. When we're storing our data in the cloud or with a business partner, what we really want to know is where our data reside, who has access and what controls are in place. We want to know that our business partner is taking as much or even better care of our data than we're doing internally, to feel confident that everything that is supposed to be confidential and private stays that way. What's more important in data management, the technology or the process? Adam: I'd say process is more important. Organizations should sit down and decide what they want to accomplish. Then, depending on what you want to store, manage, back up or recover, the plan will drive the technology. And there are a lot of platforms and vendors you can leverage to meet your needs. Eric: I'm going with option "C" — people. When we have the right people in place who can verify that the processes are working and that they're logical and not a burden on our customers or business users, we'll always find the right technology solution to be able to implement processes that enable us to manage the data in the most efficient way possible. Sean: In many respects, available technology informs process and process informs technology. But stepping back and looking at it,