LTNY15 and the Year of Data Breach

February 02, 2015
Robert Cruz

Looking forward to another year of meeting customers, friends and colleagues at the annual eDiscovery Industry reunion. Like every year, I will be amazed by the marketing genius on display on billboards and booth signage that can manage to connect legal document review to the theme of the day - whether it be big data, IoT, BYOD, cloud, social, or InfoGov.

But, this year will likely be different. As you no doubt know, 2014 was the year of the high profile Data Breach. 2015 will be the same due to the unfortunate exploits of Sony and others that are being hacked at the moment I am writing this post. It will be different because the nature of security incidents and actors is fundamentally different. Today's malicious attacks are being spawned by well organized ecosystems of participants that use big data (hey, there IS a use case!) to persistently probe potential targets in search of vulnerabilities, learning along the way to be more precise and effective the next time.

For more than a few at LTNY15, the safeguards in-place to deal with today's cybersecurity threats consist of some combination of 3rd party features bolted onto document management products, incredibly complex data encryption, and alligator-filled moats. Clearly, these traditional information security approaches are not equipped to address the new Breach reality.

So, given the increasingly specialized nature of cybersecurity, how can I assess how well LTNY15 vendors can protect my data - and my client's data? Here's a few tips:

First, if you are in the NY Metro area, pick up your company directory and look for the guy with Security Operations in their title. Find out their schedule from Tuesday to Thursday. Offer to take them on a field trip to touch antenna with other security gurus and enjoy lunch with the Halal Guys (and if you think eDiscovery is already too geeked out, just wait...). Unfortunately, most will be too busy investigating open security incidents.

Absent that, here are 5 ice breaking cybersecurity questions you can ask while waiting for that next demo to load:

1. Who is your security leader? What are the credentials of this person, and what experience do they bring in the security industry? What is the size and depth of their team that manages data protection?

2. What core technologies do you use for data protection? Understand what technologies are being used (i.e. their own vs. licensed from 3rd parties), and the depth and breadth of expertise surrounding those technologies. Have they deployed data loss prevention and encryption for data in motion and at rest? Are they using advanced (e.g. non-signature based) capabilities to detect and block targeted attacks? What are their investment priorities in these areas?

3. What happens when a security incident arises? Walk through an example - "your security team notices some unknown party attempting to access client data. What happens next?" Do they have processes in place to report breach, and in what time period? Perhaps not totally fair questions for the Demo God, but have someone follow-up with a walk-through of the process.

4. Do you have audited security protocols? Related to the previous question, sharing documented processes is not an unreasonable request, even if requiring an NDA. Make sure the response includes operational aspects, not just data center physical facilities (i.e. what is being done daily to ensure data is being protected, what data governance systems are in place, etc.).

5. How many people will have access to my data? For services, an often missed consideration is that data breach is the result of internal actors, or by inadequate internal controls that do not limit access to client data. Again, should be an easy question for those responsible for the protection of sensitive information

The example of Sony has forever changed the information security business. LTNY15 provides a great opportunity to re-assess the capabilities of your strategic eDiscovery suppliers to ensure they can address the new realities of data breach.