We can always learn from the public and nonprofit sectors. Many times these organizations must work virtual information technology miracles, without the means available to the enterprise sector. In fact, some of their IT security lessons are particularly important, given how nomadic data has become in the age of the "cloud".
One such standout organization is Lawyers Without Borders (LWOB), a nonprofit based in New Haven, Connecticut. LWOB marshals together hundreds of volunteer lawyers from the world’s most prestigious firms to work on cases worldwide. These legal pros offer their varied services pro bono, in the interest of supporting the rule of law, economic development, conflict resolution, and the promotion of peace.
A Noble Cause Facing Data Leak Risk
LWOB also relies on workers on assignment -- sometimes operating in some of the world’s most challenging places. From these locations, they collect, share and exchange information and documents that must be safely parked and accessed.
The files include training manuals, international and human rights legal analysis, evaluation and assessment reports, and trial observation reports. During collaboration, too, the files must remain secure. Without the online sharing platform, these documents would be subject, at borders and airports, to inspection and seizure.
Many of these files house highly sensitive material -- so there is the potential those working with them could fall into harm’s way, at the hands of unfriendly governments or individuals who oppose the human rights and freedoms LWOB promotes. The consequences of such a breach could be dire, to say the least.
"There have been documents, which if leaked, would endanger volunteers and partners with official reprisal", said LWOB founder Christina Storm. "On some occasions, there is so much sensitivity involved that I’m not even comfortable with third parties shredding the documents. We need absolute failsafe security".
Implementing International Cybersecurity
With those stakes in mind, let’s examine what LWOB did to protect its assets. Paper was out of the question, as LWOB learned early on, given the bulk of such files, and the ease with which they can be seized or stolen. So LWOB required a highly secure electronic format for its documents.
Initially, LWOB used email- and file transfer protocol (FTP)-based systems. Regrettably, neither proved secure enough for LWOB’s needs. Later, LWOB experimented with in-house and outside SharePoint file-sharing applications, but one such solution was soon compromised and needed wholesale decommissioning. LWOB deleted all the files that system held -- with no time to spare.
Absolute Failsafe Security
Through trial and error, LWOB was able to define its needs clearly. It knew it needed a highly collaborative system, but not just any consumer-grade sync-and-share or storage solution would work here. Security was paramount. The solution had to allow data sharing across geographic boundaries, while retaining control of who had access to the data.
It wanted the following capabilities, which are all things that the private sector is, or should be, leveraging already:
- Granular permissions: Sensitive documents like those LWOB deals with must not be lost in cyberspace. LWOB cannot afford having these files floating out in the open, where they can be found and taken. Only very specific people with assigned rights to the files can have access privileges. Controlling and keeping track of who can access what information is crucial.
- Complete control of data residence: For organizations such as LWOB, it is crucial that there are not multiple copies of documents living around the world. The documents’ ideal locations were in secure data centers, sited out of the countries where these files originated from.
- Information Rights Management (IRM): Forget hackers -- we users are often the weakest link in the chain of custody for data. Sometimes we accidentally externalize data ourselves, without the assistance of outsiders. IRM protects the file at the document level -- making the content itself the enterprise border perimeter. In the event a document is sent in error, the ability to un-share data is critical. Similarly, that power applies if someone who once did have rights to a document has had the access privilege revoked.
- Complete data encryption: The LWOB solution also needs to encrypt the file. That way, if, somehow, a device carrying it was hacked, the information in the file would remain unusable. Many solutions scramble data at rest or in motion. However, LWOB needed to encrypt data in use for the protection of the users at both ends of the collaboration process.
- Rapid end-user provisioning: The LWOB lawyers need the ability to share content quickly, and with only the right users. To maintain speed (which is often equivalent to security in LWOB’s field), it’s crucial that the solution be capable of quickly inviting and getting onboard a new user to a workgroup.
- Ease of use: The solution must have a streamlined and intuitive interface, because not everyone is tech-savvy. Sometimes, the end user must adopt the system on the fly, and delays can throw a wrench into the carefully-planned operations the organization carries out.
- Mobility: Given how LWOB’s lawyers must travel worldwide, the solution must reach out-of-the-way places. It must have a mobile format, while still retaining its IRM capabilities. Naturally, it requires support for applications for iPhone, iPad and Android devices.
- Global capabilities: The solution must function in multiple languages, and its provider offer customer support around the globe.
These are stringent requirements -- but necessary for LWOB over the long-term. Another way of looking at it is like this: Let’s imagine you needed to store something priceless, with a third party. Then you would want the strongest and most reliable security provider, with the most outstanding and proven A1 track record. For LWOB, that solution was Intralinks VIA.
Don’t take my word for it. As Storm said: "With Intralinks, we’re in control, and have no worries or doubts about people seeing what they’re not supposed to see or not seeing what I want them to see". This highly secure approach certainly applies in our enterprise business world, as well. As LWOB says: "If it’s good enough for multi-million dollar financial deals, it’s the right product for us".
Well, we at Intralinks think: If it’s good enough for the real-life superheroes of LWOB as they fight worldwide injustice, then …
Daren Glenister is the field chief technology officer for Intralinks, a global provider of secure collaboration tools for highly-regulated industries. Glenister interacts with the company’s enterprise customers across the Americas, gathering valuable feedback that helps steer the direction of the company’s award-winning secure collaboration solution, Intralinks VIA. Glenister has 20 years of experience in security, software and customer relationships. Prior to joining the Intralinks team, he was vice president of technical sales of the security division at CA Technologies.
For more on the important work that Lawyers Without Borders does, please visit their website.