| |
| |
  |
       |
 |
|
|
|
Tech Tips Options for Storing and Accessing Data Understanding the differences in security measures among document review options is an important part of establishing an e-discovery plan. Three commonly employed options for storing and accessing electronic data in discovery are housing data locally, accessing data through a Terminal Services environment, or utilizing the Internet to access data in a web-based repository. Each of these options has distinct characteristics that require careful consideration in formulating your e-discovery strategy. Housing Data Locally There is only one way to truly secure a computer: to connect it to nothing. Once you connect a PC to something else—anything else—there is some amount of risk involved. This risk is generally considered an acceptable cost of the convenience and business advantages of connecting computers to networks, servers, or the Internet. When people talk about housing e-discovery documents locally—in a law firm or corporate legal department—it is generally understood that the database where the documents are stored will be networked in some way to allow multiple users access to the same set of information. And while some lawyers think this is the safest possible place for their clients' documents—stored within the walls of the law firm itself—many fail to realize the security risks inherent with this approach. Studies show that the occurrence of internal hacking is far more common than external hacking. Roughly 80 percent of hacking incidents come from within a business entity, with just 20 percent from an external source. With internal firewalls almost unheard of in law firm environments, the risk of unauthorized—or even unintentional—dissemination of information within the firm is greatly increased. Another problem with housing data locally is the level security in a typical law firm or corporate environment. For example, certain security measures must be relaxed in order facilitate uninterrupted communications between law firm offices in different geographic locations or between law firms and their clients. The systems and settings that enable effortless transmission of desired information can also put confidential data at risk. If data is housed locally at a firm or corporation, some part of the IT staff must be dedicated to managing security measures. Besides increasing overhead expenses, this means that the firm must invest in costly hardware and software to ensure that the latest security upgrades are in place—an expensive undertaking for even one case. Terminal Services Environment Terminal Services is a multi-session environment that provides remote computers access to Windows-based programs running on the server. Microsoft developed Terminal Services as a configurable service to enable delivery of Windows 2000 desktop applications to diverse desktop platforms. Microsoft concedes, however, that the multi-user nature of Terminal Services "tends to expose flaws and shortcuts" in many applications.1 The Terminal Services environment works well for one physical location (LAN - Local Area Network), but if the system is intended for use in multiple geographic locations (WAN - Wide Area Network), there will be significant problems accessing the data. With this method, there should be concerns about the number of users supported by the infrastructure. For example, an application running a robust back-end database like SQL server will have serious degradation after about 10 users. Sessions can crash easily and connections can "hang" in the process because the system thinks a greater number of users are connected. A Terminal Services environment also presents significant performance problems when documents must be printed. Unfortunately, a Terminal Services environment also presents some security concerns. Because Terminal Services treats all users as if they are logged on locally, it's difficult to control access to the system while making documents available to all necessary users. Difficulties also arise with setting permissions, controlling account settings, and configuring and tracking other options that allow remote users access to do their work without jeopardizing system security. Regular monitoring of these issues must be carried out to ensure that security is not compromised. Web-Based Access The information security measures in place with any web-based document repository should include at least 128-bit SSL encryption with digital certificates, redundant managed firewalls, and advanced intrusion detection systems. Physical security is also critical. Servers housing client data should be stored at a secured co-location facility with physical security measures requiring biometric authorization (commonly a hand print or a retina scan) for access. The facility should have strict environmental controls in place and should protect the servers from damage during natural disasters. The information security or "virtual security" measures in place for data stored this way are far superior to security measures in local data housing environments or Terminal Services environments. While some people who are unfamiliar with advanced information security protocols suggest that information accessed via the Internet is unsecured and is susceptible to easy interception, nothing could be further from the truth. 128-bit SSL encryption has never been broken. In fact, security experts estimate it would take a trillion-trillion years to crack using today's technology. The physical security measures involved in this setup are also critical. At a co-location facility, physical barriers like building infrastructure are designed exclusively for the purpose of protecting sensitive information. No single law firm or corporation could replicate the advanced security measures in place in this environment without dedicating extraordinary time and resources to the effort. While most people have grown comfortable with the protection of Internet security protocols for personal purposes such as banking and online shopping, many lawyers have received misinformation about these protocols as they relate to e-discovery services. Asking the right questions of any e-discovery service provider is critical. With a good understanding of the information security and physical security measures in place, you will be in the best position to select the service that is right for you. Further Reading To read more about advanced Internet security for e-discovery, please contact us at edstandard@applieddiscovery.com to request a copy of "Applied Discovery Security and Infrastructure," our Fact Sheet which explains state-of-the-art physical security and information security in detail.  1 Microsoft white paper "Optimizing Applications for Windows 2000 Terminal Services and Windows NT Server 4.0, Terminal Server Edition," available at www.microsoft.com. |
|
|
|
|||||||||||||||
| Home | About Us | E-Discovery Services | Law Library | Client Resources | News & Events | Discover A Better Way | Contact Us |
| Copyright © 2008 Applied Discovery Inc. All rights reserved. Terms & Conditions | Privacy Policy (Safe Harbor) |
 | | |
 | Litigation | |
 | ||
| Antitrust - Second Requests | |
| ||
| Corporations | |
| ||
| Consulting | |
| ||
| The Applied Discovery Difference | |
| ||
| Client Success Stories | |
 |
||
|
| |
|
Case Summaries | |
| ||
|
White Papers | |
| ||
|
Court Rules | |
| ||
|
Articles | |
| ||
|
Model Orders & Sample Documents | |
| ||
|
Newsletter | |
| ||
|
Subscriptions | |
|
||
