How Safe is Your Data Center?

September 23, 2016

Rachel Teisch

This was the topic of Legaltech News’ story on 10 best practices for data security and what you need to know about how and where your information is stored, by Christine Yi of Conduent.

When you are outsourcing some or all of your eDiscovery process to a third-party service provider, you’re also outsourcing data security—potentially putting your or your client’s most valuable and sensitive assets, data, at risk.

Any single factor or combination of factors can compromise data security: technology may not be up-to-date in protecting against all known threats; processes may have holes in controlling and monitoring data; and/or the people themselves may not understand or adhere to information-related security policies.

Below are 10 best practices to look for:

ISO 27001 and Industry Certifications:
An industry benchmark for evaluating an organization’s security, ISO 27001 shows that data centers are following best practices for managing data. Some industries have additional requirements, like financial services firms (i.e., Payment Card Industry Data Security Standard). Internationally, countries have also put standards in place—for example, the Hong Kong Monetary Authority now requires businesses to validate that third-party providers have security controls and breach remedies in place.
Infrastructure Compliance and Uptime:
A threshold for infrastructure led by think tank Uptime Institute, is Tier 3-plus certification which ensures facilities are 99.982 percent available to users.
User Access to Applications and Information Systems:
Features to look for include strict documented access control policies based on business needs and client requirements, two-factor authentication, and password storage using industry-standard mechanisms.
Data Encryption:
Data centers need to protect data both at rest and during transmission, using 256-bit AES SSL encryption to safeguard data going over the network. Similarly, they should encrypt all stored documents, rendering them unreadable without the proper credentials. (This is especially important for data involved in data transfers.)
Chain of Custody and Audits:
In case of an incident, you will need to know what happened. Chain of custody for all data and user actions in an application (i.e., user logins, coding edits, etc.) and an auditable historical record for each file processed, loaded into, exported from or deleted from the review tool, can show what happened and when.
Data Center Intrusion Detection and Monitoring:
Proactive and reactive alert systems triggered by any suspicious activity (i.e., malicious intrusions) should be part of network, service, and application activity monitoring.
Physical Data Center Security:
Extensive physical security that include mechanisms such as 24/7 staffing and monitoring, zoned keycard access, biometric scanning, and monitoring and logging entrances and exits, can deter malicious activity.
Redundancy:
In layman’s terms, redundancy means back-up. It refers to network, hardware, power and geographic. Multiple layers of redundancy (at a minimum, two database tiers, two storage tiers, fault-tolerant application server clusters and multiple Internet service provider connections) can provide immediate failover capabilities, ensure data is safe and maximize uptime.
Disaster Recovery and Business Continuity:
Documented plans and processes to weather a disaster are critical. The most robust data centers have frequently updated and tested incident response plans, disaster recovery protocols that validate the availability of redundancy along with data replication (in real time) to a geographically isolated secondary data center.
Employee Screening and Training:
Finally, employee screening and training is the starting point (and also potentially a weak link) for data center security implementation. Data centers should use rigorous applicant- screening processes, including background checks where allowed under relevant law, ensure employees have relevant certifications, and undergo rigorous information security training.

Not all data centers are created equal. But by understanding the potential risks and best practices for information security, you can more successfully manage your electronic evidence and eDiscovery obligations.

How Safe is Your Data Center?

World Environment Day: Programs making a difference in the Philippines

Collaborative synergy: Maximizing contract review through human-technology partnerships

Digital transformation of government technology and services enhances constituent experiences

Digital payments: More than just convenient

Creating connections in California: Sharing good news about secure payments for citizens

Adopting digital payments to avoid the “road less traveled”

Four ways digital payments can streamline your financial operations

Earth Day 2023: Reflecting on investing in our planet

Honoring legacies by embracing equity

ConduentCares, India: Sustainability efforts for our environment and communities

Why updating OMB race and ethnicity data standards matters for health equity

Three key strategies for small to mid-sized healthcare payers in the Medicare Advantage market

When Reducing Costs, Cutting Customer Experience Isn’t the Answer

Driving Toward Sustainable Cities: Enhancing accessibility and optimizing passenger flows

For telcos, simplifying convergence is the best way to deliver customer service excellence

Policy, engagement, families take center stage at National Child Support Enforcement Association 2023 Policy Forum

Podcast: Getting Total Rewards Right in an Evolving HR and Benefits Environment

From Bare Minimum to Enthusiastic – Ways to Engage Your Workforce

Engagement and Enthusiasm at NCSEA Policy Forum 2023

Conduent Transportation helps expand campaign to aid and assist vulnerable members of the public