Enterprise Search Security
Enterprise search answers an important knowledge management challenge – quickly connecting people with information that can help them be more informed and effective. But the technology also increases the potential for mistakes that create real liability for law firms.
In practice, enterprise search increases the risks of ad hoc or legacy approaches to confidentiality management. These tools make it easier for lawyers and staff to leverage existing work product and other information stored electronically. But they also expose unforeseen pitfalls. That’s because enterprise search make it easy for individuals to find or accidentally stumble upon restricted information.
Real World Examples of Search Surprises and Breaches
Several firms have faced situations after introducing search applications where sensitive internal or client documents were inappropriately or accidentally exposed to unauthorized individuals:
A lawyer drafted a termination letter for a client and did not secure the document stored in the firm DMS. A staff member discovered the letter, which was to be delivered to a personal friend, whom she warned. This created significant exposure for the firm and those involved in the breach.
The HR department was storing sensitive documents in the DMS without setting security. Several people found their performance reviews and compensation data via search, along with those of their peers... This resulted in some embarrassing, emotional and uncomfortable discussions.
A lawyer subject to an ethical screen accessed a related document returned by a search query. That access was recorded in the system, creating a paper trail of the breach.
A managing partner was using the firm trust and estate lawyers for personal matters. They stored sensitive financial documents in the DMS with inadequate security. Conducting unrelated searches, staff stumbled upon these and circulated details about the partner’s personal finances internally.
Because search tools provide unexpected visibility across the firm, information once secured through obscurity is now subject to greater exposure. That exposure may come through innocent searches or deliberate user exploration. And even if firms employ measures to limit access to sensitive documents, information may still be exposed in other systems.
While most search tools respect the native information security settings set in firm document management software, failure to set those restrictions or keep them up to date creates new exposure. Today, security through obscurity is no longer an option. That’s why firms must adopt confidentiality software when they roll out enterprise search.
The Intapp Solution – Intapp Walls
Intapp Walls centralizes and automates information security management to prevent omissions that can lead to search accidents with serious consequences. It provides native support for standard search tools including Autonomy iManage Universal Search and Recommind Decisiv Search.
Intapp Walls instantly enforces newly-created or modified access controls and reacts immediately to changes as users create or modify documents. Most importantly, it updates restrictions in real time and is transparent to end users, so they can continue to search with the knowledge that anything they can see, they’re allowed to see.