Is data security your organization’s greatest worry? If not, it should be…
This blog post is brought to you by Raul Cuervo, Ediscovery Manager at Kroll Ontrack
I recently had the pleasure of spending time with a partner and client at the largest law firm on the planet. During our conversation, he asked me a question that I have not been able to stop thinking about since. “What do I consider to be my greatest risk/fear as a company?” I began to think of several things, such as competition from behind the firewall solutions, the downward pressure on processing/hosting fees, etc. His response was totally different than I expected. “Your greatest risk/fear should be someone hacking into your servers, stealing my client’s data and putting it up on the Internet!” WOW!
Emphasizing Data Security
We have all, as of late, been hearing news stories about individuals stealing intellectual property and personal information from corporations and even countries! Such stories spur obvious questions, such as “how does this happen?” And, “how do we protect our law firm/corporation from the vulnerabilities that are a reality of today’s world?” After spending an hour with this partner and going through the client safety and data security concerns he wakes up daily worrying about, I was sold. More emphasis needs to be placed on data security.
Fortunately, I was able to answer his question about data security with the utmost confidence. My data center is like Fort Knox. With 20 PB of active data stored across four data centers around the globe, Kroll Ontrack has a fully redundant infrastructure and monitors customer data 365X24X7 through ingress and egress monitoring, surveillance systems, dual biometric and personnel badge access. Having been in the ediscovery business for about 13 years, I can absolutely say that is not the case for a large majority of providers. It is not uncommon for a “data center” to in essence be a closet with a rack of several servers, which is “protected” by a receptionist at the front desk, whose main responsibility is to answer telephones and greet guests.
8 Key Data Security Questions
As a professional in the industry, I am certainly proud of the efforts, attention and expense Kroll Ontrack places on the security of our customer’s data. The idea of sending client data to a place where security is an afterthought at best should be truly frightening to my clients. So, if data security has not previously been at the forefront of your concerns for your clients, I hope this message resonates and changes your behaviors and perhaps the questions you ask prospective providers. Here are 8 questions to consider the next time you need to leverage a third party:
- How is access to physical premises controlled?
- Have you asked for Security audits? Have you/vendor done Penetration testing(Pen testing)?
- Where is the data stored/maintained?
- What is your chain of custody process and how is it managed?
- Who has access to my data?
- Can I limit access and permissions?
- How is access to my data controlled?
- Any of these are good questions to ask and should be. Also have you toured the facility?
What are your greatest fears or risks as a company?
Ediscovery Manager, Mid Atlantic & S.E. Region