Extract from Victoria Blake's article "In-House Legal Security: Control Data Access to Manage Risk"
User Privilege, Identity, and Risk As the legal office moves more and more into the Governance, Risk, and Compliance (GRC) space, legal departments are more and more being asked to understand and move fluidly in the GRC functions. At the heart of the GRC function is security: protecting against liability, protecting against threat, protecting against chaos. And at the heart of security is the concept of privilege and identity, e.g., some users can do what others can’t. Many of the most common security threats come via compromise of a privileged user. Each additional node of privilege increases the risk to the entire system.
Consider this use case:
Somebody in the legal department clicked on the link in that phishing email. They unwittingly installed malware on their machine, which tracked keystrokes and captured their passwords. In the background, a malicious third-party signs into their account as a fully accredited user. Deepening on the level of access the person had, the malicious actor can now download huge amounts of data, can see and export personally identifiable information (PII), and might even be able to access the communication layer by digging into the API (a method of communication between two different software systems).
I wanted a certification that separates me from my peers. Upon discovering CEDS, I was convinced this was exactly the type of distinction I had been seeking. Since achieving CEDS certification, I’ve noticed immediate recognition from my organization, colleagues, and current and prospective clients.They acknowledge they are more comfortable working with a person who has taken time to seek such certification. CEDS has certainly been worth the small investment and should continue to beget returns for years and years to come.
Andrew Bayer, CEDS
I get bombarded with all kinds of e-discovery stuff – news, blogs and whatnot. Let me tell you, you guys send the absolute best! I send it to all my partners and sales folks. I said, who are these guys? I have to get to know them better!
Kevin Glass, CEO
As a trial lawyer, day-to-day information processing is daunting for my client service. I’ve come to rely on ACEDS to keep me on the ‘edge’ of the curve on e-discovery. It’s a source I ‘ping’ ASAP.