Data security audits can be onerous and burdensome, but they’re a necessity of business practice — particularly in the legal industry, where confidential documents reside on virtually every desktop, laptop and notebook.
To help law firms understand their responsibilities, LexisNexis recently partnered with Lewis Brisbois to host a CLE panel event in Los Angeles: “How to Interpret and Meaningfully Comply with Audits?” The panelists included: Gordon Calhoun, chair of electronic discovery, information management and compliance, Lewis Brisbois Bisgaard & Smith LLP; David L. Hansen, director of compliance, NetDocuments; Aaron Laderman, regional underwriting manager, AIG; and Jeff Norris, CISSP, senior director of data security for LexisNexis Managed Technology Services.
We’ve been recapping some of the highlights of that discussion with a series of blog posts. In last week’s post regarding data security audits at law firms, we took a look at the idea of “co-education” – insurance companies, corporate counsel, outside law firms and data security providers all sharing educational information with each other – and the benefits of that open conversation. In previous articles (click here and here), we shared some of the overarching trends in data security audits and explored the art of interpreting data security audits.
This week, we take a look at how law firms can collaborate effectively with their outside partners – software companies, data security consultants, cloud service providers, etc. – in order to deploy the solutions that are needed to maximize data security.
- Vendors must rise to the challenge
“Law firms exist to do business and serve their clients, so if data security requirements become too much of a burden, they’ll just avoid dealing with it and put themselves at risk – because at the end of the day, they just want to get their work done,” said Hansen. “The solutions that we as third-party providers deliver to law firms need to be easy and workable. We need to do the heavy lifting with data security requirements for this all to work.”
- Bolster cloud defenses
“We’re a cloud services provider for a lot of large law firms so we take a hard look at the needs within the industry, the trends, the emerging threats and all the things we need to do to bolster our defenses,” said Norris. “We really take our time with helping clients set up their services with us and then partner with them on the data security audits they need to conduct.”
- Consider entire Information Governance environment
“When we review data security, we’re really talking about different components of information governance and what has traditionally happened is we have siloed each of those components,” said Calhoun. “We need to think about the entire information governance environment, not just the information itself, but also what’s required to secure the information within that environment.”
- Look around the corner
“We’re trying to look ahead to see where the regulatory requirements are going and where the new data security threats are developing,” said Hansen. “We’re developing technologies all of the time to address the security challenges we see coming so we can mitigate those potential risks for firms.”
To view a video clip including the panelists’ discussion about the value of co-education in data security, please click here. Next week, we’ll share our fifth and final recap post from the data security audits panel in Los Angeles.