Tuesday, July 04, 2006

Legal Extranet Security Issues

When designing a legal extranet (also known as a law firm extranet), keep the following items in mind.
  1. The sites must be encrypted.
  2. Set up standard roles (administration, client, law firm attorney, law firm paralegal).
  3. Assign features and functions to roles (not individuals).
  4. Develop a strategy to control access to data (by user, by role, by workspace).
  5. Develop a strategy to control access to manipulate data (rights to add records, modify records, delete records).
  6. Be sure the physical servers and storage devices are properly secured within appropriate data center like environment (locked/keyed room, controlled environment, locked servers, etc, etc, etc). Note: There are several good sources of information available on the proper operation of data centers that this posting does not attempt to define.

There are other considerations one sometimes needs to take into account regarding law firm extranet security, but these are the key issues.