Extranets and Intranets Are Definitely Very Popular -- But are They Really Safe?
Law firms have numerous options to safeguard their intellectual property.
By Tom O'Connor
ONE OF THE hottest topics for litigators these days is virtual depositories. Most of these new systems use a standard Extranet business model.
The appeal to litigators is obvious. Trial lawyers are attracted to the potential to connect with clients quickly and inexpensively to access documents, work with data and collaborate on cases anytime, anywhere. The migration from banker's boxes to private network (PN) technology -- using the Internet to share data in electronic form similar to existing local area networks or wide area networks -- a natural evolution..
In fact, by the first quarter of this year, according to the 2000 AmLaw Tech survey, 95 percent of large firms are using Intranets for information sharing (up from 88 percent a year ago). And 78 percent of large firms report using Extranets with clients, up from 55 percent a year ago.
But is this new communication platform safe to use?
Attorneys obviously are concerned about attorney-client privilege and confidential communications, and worried that -- just like the public telephone system upon which it depends -- the Internet is susceptible to tampering or eavesdropping. Furthermore, the Internet brings its own unique security concern: transmission of viruses that can corrupt or destroy information at the receiving end of a transmission.
The standard Extranet security architecture emphasizes network security thru encryption, firewalls, packet filtering and specific policies such as passwords. Physical security can involve redundant power systems, UPS (uninterrupted power supply) capabilities, and even high security building guards-- such as card key access doors or biometric authentication systems.
Application security can include server security software such as user token sessions, expiring session IDs, URL verification or regular password changes. Some companies even advocate activity logging and tracking to review system utilization, software smart cards for user authentication and even digital certificates.
The next step is the Virtual Private Network, which is essentially an encryption code for a specific law firm or litigation group. Data is encrypted as it is being sent on the Internet's public lines to isolate it from adjacent traffic. But this type of network is indeed "virtual" because it is still using the same public telephone lines as all other Internet users.
This is not a separate physical network at all. Still, many litigators feel that a Virtual Private Network affords complete security and trust the complexity and sophistication of the encryption makes them secure when using the Web for the transfer of confidential data. But, like Olivier in the Marathon Man, I ask once again: "Is it safe?" I think not.
First, a VPN can use any number of encryption techniques but anyone who can crack the code of these encryption programs can access the underlying data.
Second, the danger of interception is still present. Finally, and most important, all data on the Internet is susceptible to viruses. A virus need not be a specific attack but be a general threat from a member of the active electronic subculture which is always at work trying to undermine the Web. How large is this threat? I have two words for you: "Love Bug."
A recent Wall Street Journal article entitled, "Web's Design Hinders Goals of User Privacy" posed the rhetorical question, "Want to protect your privacy on the World Wide Web? Good luck. Much of the Web's underlying architecture is rigged against you." But absolute data protection can only be provided by another type of Internet based transmission system, the Secure Private Network.
The primary difference between a Secure Private Network and the Internet is that the SPN operates on private, dedicated lines that only subscribers can access.
An SPN thus provides law firms and corporate legal departments true security by using physically separate telephone lines for communication thereby giving each subscriber its own discrete physical circuit.
Not only does this enhance security and create an absolutely safe on-line office environment but it also guarantees that the SPN can outperform the Internet. The SPN provides faster and more robust communication while ensuring data security.
There is absolutely no way a computer virus can penetrate an SPN unless it is generated from within the group using the VPN and if that's the case, well you have problems bigger than document security on one case.
In terms of connectivity, an SPN can outperform the Web's speed and ability to transmit large amounts of data instantaneously. How? Because a good SPN provider can partner with a communications provider and offer wide-band fiber optic lines that are completely isolated and allows the provider to protect and manage the bandwidth from end-to-end.
This also allows the SPN provider to allow true convergence technology and simultaneously transmit voice, video and data. The VPN version of convergence is typically not as fluid as a dedicated SPN and can stall or breakup during periods of peak traffic. Since the traffic on the VPN comes only from the litigation group, it will not be jammed with traffic at certain "high peak" times like the Internet, and thus won't have slowdowns. This is particularly important in litigation discovery when the speed and privacy of document transmission is critical.
For even stronger security, a VPN provider can build a system for each of its subscribers on top of the already private SPN. A subscribing law firm or corporation will have its own passwords and encryption on the SPN, creating a fail-safe system. This truly remote collaborative environment eliminates fear of a security breach, a major concern for law firms concerned with protecting insider information.
So if you absolutely positively want to keep it safe, use an SPN. For the "virtual" law firm or litigation group, the SPN is the ideal support platform.
It provides an additional layer of security beyond the VPN and can offer huge savings, and peace of mind, for firms involved in sharing large amounts of data.
Consultant Tom O'Connor is a member of the LTN Editorial Advisory Board, and lives in Newcastle, Wash.