The Hybrid Security Model
The Hybrid Security Model
Rethinking how we approach security in our document management systems
Law firms possess incredibly valuable and sensitive information, and the Internet fuels the growing vulnerability of that information from hackers. Data released by security firm Mandiant, based in Alexandria, VA, estimates that 80 major law firms were hacked in 20111. Clearly, we are not doing enough to secure our electronic files.
While the assumption of confidentiality is built into any discussion between a client and a lawyer, in reality a law firm may have only 10 matters out of 5,000 that are walled off from the general firm for confidentiality purposes. This means that hackers potentially have access to most of the firm’s content, including valuable trade secrets.
One of the biggest challenges in making matters confidential is that it hampers collaboration. When night secretaries or document processing centers need to work on a document, giving them access to the document creates one more task the lawyer must remember to do. Similarly, when the responsible lawyer wants to get a quick opinion on a particular clause from another lawyer, he needs to remember to give them access to the relevant document.
The hybrid security model
The hybrid security model introduces the concept of an owner for every engagement or matter and, without sacrificing firm governance or the ability to collaborate, gives the owner responsibility for identifying team members, managing folder structures, and keeping sensitive information confidential. In this model, all of these processes are seamless: none require the support of an administrator. Each firm determines the flexibility it wants to give its professionals, ranging from complete flexibility to fixed requirements.
Work-in-progress remains public
In the hybrid model, work-in-progress remains public in a clearly marked folder, such as “working drafts” (except where confidentiality is truly needed). Email and all other documents, including supporting material from third parties and finished content that is signed and executed, are secured as confidential to the matter team. In this model, the ability for lawyers to collaborate and to search for prior work product is not impeded.
The hybrid model takes into account the sensitivity of third-party supporting material, including emails. In many cases the legal documents the firm generates sanitizes what is confidential in the third-party content. For example, the engineer’s notes on a patent are more likely to hold truly confidential information than the patent itself because the notes demonstrate how the product actually works while the patent application provides a description of a specific feature or capability. In employment law, the email from a client describing the colorful details around employment discrimination is much more sensitive than the simpler narrative in the letter from the lawyer.
Email will always be an issue
A related email issue is that, from a cultural perspective, lawyers are like the general population in that they consider emails to be personal in nature. If firms want to encourage them to file their emails, lawyers are more likely to be compliant if there is some level of privacy and security. The hybrid model relieves that tension.
Making this model work
To make the hybrid model work, law firms need to make it very easy to create and secure folders to the matter team and to give end users the ability to manage who is on the matter team. It is also necessary to avoid the complication of processes that require each folder and document to be updated or re-filed each time a new user is added to the matter team. Additionally, it is necessary to ensure that a single addition of a new user to the matter team grants the new person access to all secure documents across folders in the matter (rather than requiring that each folder be updated).
Want to learn more about Cybersecurity & Risk Management?
Read more about Cybersecurity & Risk Management from our solution page.
Check our related articles
Until recently, globalization was a trend largely confined to big companies. Today, however, we’ve entered a new era where even small firms, recognizing the growth opportunities, are proactively broadening their global reach....01 February, 2013No comment