The second security risk I often encounter comes from shared accounts. Here’s how this usually works and why organizations engage in this behavior. Many eDiscovery reviews involve the ingestion of client data into the service provider’s environment. The EDRM describes this as “Processing” ESI (electronically stored information). The ingestion process is crucial to a successful review. Unfortunately, these processes usually do not run themselves. They can run into roadblocks that only administrators can solve due to their technical skills and elevated privileges.
Depending on how much data is being ingested, Processing could be a simple and quick task, requiring just a few hours. Or it could take days to complete—especially if terabytes of data are involved. These types of matters are the big dollar engagements that most eDiscovery organizations really want. If it takes days, multiple administrators will need to oversee this process to ensure it goes well. After all, they need to sleep too. This is where shared identities come in.
If Processing lasts for several days, multiple administrators will be involved. But they do not want to log in and log out as individual users because that could interrupt the ingestion process in most mainstream eDiscovery applications today. This is an inherent limitation in how most of these applications work. To overcome this, many administrators “take over” the login credentials of other administrators. This is a problem for three primary reasons:
- The audit log will not reflect the actual behavior (logins, logouts, system changes, etc.) of a real administrator.
- The accountability for “who did what and when” gets completely lost. To the system, it can appear as if one user did everything even though multiple people were involved.
- Access governance is a nightmare because it is almost impossible to discern if users are authorized employees or rogue individuals.
But these problems are compounded by two additional factors. Most administrators have elevated privileges, which they need to do their jobs. This means they sometimes have admin-level access to the entire eDiscovery environment, which makes their credentials particularly powerful and dangerous. If hackers get access to their credentials, it’s game over. But because of the application limitations, administrators have to share credentials with other administrators. Every time they share, they put their login credentials at-risk.
Here’s how I encourage you to think about this. The big-ticket eDiscovery engagements that you probably really want also put you at the greatest risk of compromised access and credential sharing. It’s a real conundrum.
I have two recommendations to address this issue. First, have you heard of credential vaulting? These types of tools, from companies like CyberArk or Thycotic, can fix this problem. Here’s how:
- Organizations deploy a credential vaulting solution and apply it to individual users. This means users are logging directly into the credential vault, not the eDiscovery application.
- The credential vaulting tool provides access to the eDiscovery environment for authorized users. In some instances, the user may not even know the login details for the eDiscovery application.
- At any given time, users on the system can be verified as authorized or identified as potentially rogue. This allows for real-time control of access to eDiscovery resources.
- The credential vault creates an audit log, which reinstitutes true accountability at the individual level.
The second solution I recommend leverages workflow automation like Rampiva. Here’s how they work:
- Organizations deploy the tool and create user accounts for administrators.
- Users login to the tool and access the eDiscovery environment indirectly, by way of a browser.
- This allows administrators to launch Processing jobs and monitor progress.
- In many instances, this is all that is required to complete processing. Only if a job encounters issues does an administrator then need to login to the eDiscovery environment. Even if this occurs, administrators do not need to share credentials.
This approach reinstitutes true accountability at the user level. It also dramatically reduces the need to share valuable credentials.