How iManage incorporates and uses generative AI in its platform to enhance user productivity was a big topic at iManage ConnectLive 2024. Not all discussions centered around AI, but new integrations with Microsoft Copilot and how it simplifies finding the right information were definitely on attendees’ minds.
There were also major discussions about security, compliance, and data governance since these are core to how iManage protects customer data and ensures meeting privacy and compliance rules. With so many of iManage’s customers moving to the cloud, one session talked about the enhancements and resiliency of iManage Cloud as it strives to bring knowledge management to geographically diverse companies while maintaining security and governance of data.
At the Fasoo booth, many people were excited to see how we protect sensitive client and corporate data when users download documents from iManage. Fasoo provides on-premises and cloud customers with additional security and compliance options through robust encryption when documents are beyond the iManage secure and governed platform. One IT manager said his firm is concerned that when attorneys download and work on documents he has no visibility into where the documents go and who is accessing them. He liked the idea of encrypting documents and assigning access controls based on permissions inside iManage.
Responsibility to Protect Client Data
Whenever users or systems create, access, or transfer sensitive information, organizations have a responsibility to protect it using effective data security strategies. Lawyers and law firms are subject to some additional data security regulations. Attorneys have a professional duty to protect the sensitive information of their clients. It is a professional rule of conduct cited by the American Bar Association (ABA) (rule 1.6 Confidentiality of Information) and state bar associations.
As stated clearly by the ABA’s Rule 1.6(2), “a fundamental principle in the client-lawyer relationship is that, in the absence of the client’s informed consent, the lawyer must not reveal information relating to the representation.”
A data security breach, inadvertent or deliberate, could constitute a violation of this ever-important professional rule of conduct for legal professionals. An attorney in a law firm, legal department, public agency, or other legal organization that fails to take data security seriously could run afoul of her or his state’s bar association.
Maintaining control of shared sensitive information so that leaks do not occur and cost the firm a lot of money is challenging as files can and do move anywhere. While many companies encourage their users to edit documents inside iManage, the reality is users download them and work on them locally. It’s common to check out a file, edit it, and share it with a colleague through email. The colleague adds to the file and emails it back. Eventually, someone checks it into iManage, but while it’s out of the system, it can go anywhere.
While out of the system, unauthorized internal users can access files and steal sensitive client information. An authorized user may inadvertently share a document with an unauthorized external party and leak sensitive corporate and client information. Since no access and permission controls exist on downloaded files to limit who has access, what they can do, and for how long, sensitive data can get into the hands of competitors, the press, and even other clients. If one client gets access to another client’s M&A documents, for example, there may be major financial and legal consequences for the client and the firm.
Elevate Your iManage Data Protection Strategy
Fasoo encrypts and protects files as users download and share them with internal and external users. Strong encryption ensures that only authorized users can access the content inside the document. IT managers and iManage administrators assign file permissions inside iManage to control who has access and what they can do (View, Edit, Print, Screen Capture, Copy/Paste) with the documents once downloaded. This ensures unauthorized users can’t access downloaded files unless explicitly granted permission inside iManage.
The other key element that customers like is that Fasoo applies security policies automatically to file derivatives so that any copy or format retains the security of the original file. Since it’s very common to generate a PDF from an original file, maintaining security simplifies governance and ensures that users don’t need to be security experts.
Given the nature of attorneys’ professional responsibilities to their client’s data, tracking and auditing file activities is important to maintain a chain of custody and to protect the firm in the event of a data breach. If a document is encrypted, most regulations do not consider an incident where the document was accessible to an unauthorized user as a data breach. Tracking who successfully and unsuccessfully accessed the document is important to establish a timeline to understand potential liability.
Preventing data breaches and protecting sensitive client data is not complicated when you think about protecting the data, rather than the perimeter. Protecting servers, networks, and storage locations is important, but focusing on the data is the most important thing. The best way to protect information that is critical to a firm is to encrypt documents with a persistent, dynamic security policy. This protects the security and privacy of files while on any computer, in the cloud, on a mobile device, and in use.
By dynamically validating user access and permissions with iManage each time someone opens a document ensures that attorneys do not violate ABA rules and minimizes the possibility of a data breach. If an unauthorized person gets a document, it’s useless to them, since they can’t read the information inside without express permission from iManage.
This lets attorneys, staff, and other departments, securely share files without concern of violating a client’s confidentiality. By integrating with iManage security, IT and iManage administrators can focus on managing iManage rather than worrying about another security solution. Customers of iManage will now be able to comprehensively protect and manage client and matter information per corporate governance and regulatory requirements as they download and share documents. Since users must authenticate each time they access a document, Fasoo meets zero trust and data security posture management (DSPM) requirements.
Several visitors to the Fasoo booth commented that Fasoo technology looked pretty seamless to the user, but made it easy to control document access. One executive liked that it balances security with usability, and integrates with her organization’s existing infrastructure. She has an Ethical Walls solution in place to control access to documents so only users assigned to a case can access its documents. With all the security department needs to worry about protecting her firm’s data, she was relieved to know that Fasoo works with that solution to control access dynamically so the firm doesn’t need to change its processes.