Ways to mitigate security risks when planning a long-term technology strategy

The rise of ransomware and cyberattacks has made every law firm – large or small – aware that it is potentially vulnerable. As a result, firms are increasingly sensitive to the need to protect their data management systems from attack.

When the pandemic forced firms to support remote working, many had to re-evaluate how they approach technology and its interaction with employees. Some made the move to a cloud native infrastructure and others are still on the path to digital transformation. How can both ensure they have the best security risk mitigation plan for the long term?

Security is a journey

In the context of your long-term strategy it is important to remember that security is a journey, and it’s a journey that never ends!

Where do you start? What do you do first? Is there an optimal order for the work to be done? These can be difficult questions to answer, and the need is ongoing. You’ll be asking and answering many of them over and over.

This journey can take you from your on-premises solution, where the burden is 100% on you; to infrastructure as a service, where you might be splitting tasks with a provider 50/50; to platform as a service, where the breakdown might be closer to 20/80; to software as a service, where 90 plus percent of the work that you do to be compliant is on the provider. And how do you choose a provider?

It’s (almost) all about securing the data

First, we take the security journey primarily to protect sensitive customer data, and we understand that bad actors are very good at staying one step ahead of the measures meant to stop them. So, to use a metaphor, when your livelihood relies on breaking into safes, it pays to be a step ahead of the people designing the locks.

Firms must therefore be certain their partners are thinking long term, are determined to stay ahead of the bad actors, and that they have the capacity to follow through. Having the best, leading edge security systems, and the technical ability to maintain them on the cutting edge, are a good start — but there’s more to it than that.

It is also about being able to look ahead on the journey and understand where the legal and regulatory landscape is headed, and to be prepared for whatever may be on the horizon. For legal firms, this is about national and international regulation and standards, the changing shape of contract law, intellectual property, and client contractual obligations.

At this stage it is vital that your provider is qualified and ready to step into the role of invaluable partner/advisor. Because they must be able to help you identify where the current security gaps are, and where other gaps are likely to open as you move through your journey.

More tools in the security toolbox

At iManage, our deep partnership with Microsoft and pairing Microsoft Azure native infrastructure and cloud security together with iManage expertise makes these questions much easier to answer. Working together with Microsoft helps us develop and deliver a comprehensive long-term security strategy, as well as build out our core services.

For example, we have iManage Threat Manager and other security tools to protect the document management system (DMS) from within, so if it's happening within the DMS, we've got visibility. But in addition to that, we’ve got the Microsoft suite of threat detection, which brings sophisticated algorithms that sit outside of the DMS and monitor the service for atypical user behavior from without.

Bottom line, we've got you covered.

The security specialists at Microsoft work with us to personalize workload priorities and make sure the work gets done — taking much of that burden away from us. And by combining our security approaches, we increase the tools in our security toolbox. That’s good for us, and good for our customers and their data.

What can your firm do?

In the following video excerpt, security experts John Verry, CISO & Managing Partner, Pivot Point Security and Paul Edlund, Chief Technologist, Microsoft, join me to answer the question, What can people do to mitigate their security risks while they plan a long-term technology strategy? 

Please watch the clip below.