Tag Archives: Cybersecurity

August 6, 2024 · 10:04 AM

Granting Microsoft 365 Super-Admin Privileges to eDiscovery Service Providers is Very Risky and Unnecessary

By John Patzakis and Chas Meier

In a world where data breaches are not just possible but expected, securing sensitive information becomes paramount. However, in many cases, organizations are unnecessarily handing over the security keys to the kingdom to eDiscovery Service Providers by providing them with very heightened security privileges to their Microsoft 365 tenants. This is because the more manual methods relied on by service providers often involve gaining high-level permissions usually only reserved for senior trusted IT directors and executives within the client organization. Such broad access can lead to unauthorized data access, including creating new accounts for others outside the organization, data overcollection, and unintended data modifications and even deletions. These unnecessary accommodations can cause severe irreversible damage, security breaches and overall complication with compliance efforts.

Clients are often told such high-level security access is absolutely necessary. In truth, service providers only resort to such measures when they fail to utilize best practices technology. In many cases, service providers, once they gain elevated administrative permissions, simply run basic scripts that they position as proprietary, which have little functionality other than the bulk download of M365 data. These scripts only work if very high-level access is granted to the user of the scripts. Once the service provider completes their mass data download from M365, they are off to the races with their traditional highly lucrative eDiscovery workflows of excessive data volumes due to overcollection, extensive processing and project management, and final eventual staging into review, all leading to excessive costs and unnecessarily extended timelines.

In contrast, our customers believe X1’s strategy for M365 Data Access is unique and disruptive to legacy approaches still utilized by many service providers. We designed our approach to maximize security, enhance operational efficiency, and ensure economic advantages for our clients, setting new benchmarks that challenge conventional industry practices.

  1. Uncompromised Security with Read-Only Access
    X1’s approach to accessing client information in a read-only least privileged manner exemplifies our commitment to security. In our approach a client grants read-only permissions to the X1 Enterprise solution licensed and controlled by the client, through an application that also remains under the control of our client and has a built-in expiration. No X1 employee ever needs to have access to or personally utilize the client’s M365 credentials. There is no ability for X1 to create new accounts or even delegate M365 permissions. This approach eliminates the risks associated with more invasive access levels that other eDiscovery providers often require.

    X1’s methodology ensures that the data remains pristine and untouched throughout the eDiscovery process. This approach not only supports stringent compliance with legal and regulatory standards but also shields organizations from the pitfalls of unauthorized data manipulation. It significantly reduces the potential for costly security incidents, reinforcing the trust our clients place in us to handle their most sensitive information.

  2. Index-in-Place: Elevating Data Integrity and Efficiency
    Our “index-in-place” technology stands in stark contrast to the traditional data extraction methods employed by many service providers. These providers often relocate substantial data volumes from clients’ M365 tenants to their environments—a practice driven by the desire to increase hosting volumes and, consequently, revenue. This not only introduces significant security risks but also strains client resources and infrastructure.

    By indexing data directly within its native environment, X1 maintains the integrity and security of the data. This approach significantly reduces the exposure of data to external threats during transfer and storage. It also enhances the speed and accuracy of search and collection processes, enabling quicker responses to legal inquiries and reducing the overall time and cost of eDiscovery.

    Moreover, this method highlights our principle of avoiding the “fox guarding the henhouse” scenario, where providers have incentives that might conflict with client interests. Our clients appreciate the transparency and integrity of keeping their data within their controlled environment, free from unnecessary external manipulation or exposure.

  3. Transparent Pricing Promoting Efficiency and Reuse
    X1’s innovative pricing model stands out by encouraging the efficient reuse of tools without penalizing clients for data volume. This approach directly contrasts with the common industry practice where costs escalate with the volume of data hosted or processed. Our pricing structure is designed to align closely with our clients’ needs for predictable and reasonable costs.

    By not charging based on data volume, we foster a more sustainable and rational use of resources, allowing our clients to plan and budget more effectively. This pricing strategy supports not just cost savings but also promotes a more strategic use of eDiscovery tools, encouraging practices that are both economically and environmentally more sustainable.

Conclusion
X1 is dedicated to setting a higher standard for secure, efficient, and cost-effective data management solutions in Microsoft 365 environments. Our innovative approaches to read-only access, index-in-place technology, and volume-independent pricing ensure that our clients receive unparalleled service that prioritizes their security, operational efficiency, and financial well-being.

We invite you to join us in this transformative journey and experience the peace of mind that comes from knowing your data remains in place until you target a collection to migrate into review. For a demonstration of the X1 Enterprise Platform, contact us at sales@x1.com. For more details on this innovative solution, please visit www.x1.com/x1-enterprise-platform.

Leave a comment

Filed under Best Practices, Cloud Data, compliance, Cybersecurity, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, ESI, Information Access, Information Management, m365

Tagged as , , ,

June 15, 2017 · 8:22 AM

eDiscovery Tech Can Effectively Address Key Cybersecurity Requirements

Organizations spent an estimated 122.45 billion USD in 2016 on cybersecurity defense solutions and services, in a never-ending effort to procure better firewalls, anti-malware tools, and intrusion detection and prevention systems to keep hackers out of their networks. However, recent industry studies clearly demonstrate that threats posed by insiders (whether through malice or negligent conduct) dwarf those from the outside.

In fact, industry experts assert that employees are inadvertently causing corporate data breaches and leaks daily. The Ponemon Institute recently surveyed hundreds of companies in its 2016 Cost of Data Breach Study.  Among 874 incidents, the survey revealed that 568 were caused by employee or contractor negligence; 191 by malicious insiders and only 85 incidents purely attributed to outsiders.

An insider is any individual who has authorized access to corporate networks, systems or data.  This may include employees, contractors, or others with permission to access an organizations’ systems. With the increased volume of data and increased sophistication and determination of attackers looking to exploit unwitting and even recruit malicious insiders, businesses are more susceptible to insider threats than ever before.

The most serious and often devastating cybersecurity incidents are usually related to “spear phishing” attacks, which are comprised of targeted and often highly customized electronic communications sent to specific individuals in a business that appear to come from a trusted individual or business. The targeted insider is often tricked into disclosing their passwords, providing highly sensitive information, or installing malware on their computer. These attacks tend to be successful because they are so customized and are designed to evade traditional cybersecurity defenses.

Much of the evidence and other indications of spear phishing and malicious insider incidents are not found in firewall logs and typically cannot be flagged or blocked by intrusion detection or intrusion prevention systems. Instead, much of that information is found in the emails and locally stored documents of end users spread throughout the enterprise. To detect, identify and effectively respond to insider threats, organizations need to be able to search across this data in an effective and scalable manner. Additionally, proactive search efforts can identify potential security violations such as misplaced sensitive IP, or personal customer data or even password “cheat sheets” stored in local documents.

To date, organizations have employed limited technical approaches to try and identify unstructured distributed data stored across the enterprise, enduring many struggles. For instance, forensic software agent-based crawling methods are commonly attempted but cause repeated high user computer resource utilization for each search initiated and network bandwidth limitations are being pushed to the limits rendering this approach ineffective. So being able to search and audit across at least several hundred distributed end points in a repeatable and quick fashion is effectively impossible under this approach.

What has always been needed is gaining immediate visibility into unstructured distributed data across the enterprise, through the ability to search and report across several thousand endpoints and other unstructured data sources, and return results within minutes instead of days or weeks. None of the traditional approaches come close to meeting this requirement. This requirement, however, can be met by the latest innovations in enterprise eDiscovery software.

X1 Distributed Discovery (X1DD) represents a unique approach, by enabling enterprises to quickly and easily search across multiple distributed endpoints from a central location.  Legal, cybersecurity, and compliance teams can easily perform unified complex searches across both unstructured content and metadata, obtaining statistical insight into the data in minutes, instead of days or weeks. With X1DD, organizations can proactively or reactively search for confidential data leakage and also keyword signatures of customized spear phishing attacks. Built on our award-winning and patented X1 Search technology, X1DD is the first product to offer true and massively scalable distributed searching that is executed in its entirety on the end-node computers for data audits across an organization. This game-changing capability vastly reduces costs and quickens response times while greatly mitigating risk and disruption to operations.

X1DD operates on-demand where your data currently resides — on desktops, laptops, servers, or even the Cloud — without disruption to business operations and without requiring extensive or complex hardware configurations.

Beyond providing enterprise eDiscovery and information governance functionality for an organization, employees benefit from having use of the award-winning X1 Search product to improve their productivity, with the added benefit of allowing the business to address the prevalent cybersecurity gap in addressing spear phishing attacks and other insider threats.

 

Leave a comment

Filed under compliance, Cybersecurity, eDiscovery, eDiscovery & Compliance

Tagged as , , ,