Analysis Of Existing Technology In Legal Process Outsourcing Organizations – Kirkland & Ellis

Kirkland & Ellis, which is based in Chicago, outsources various legal services in line with its clients’ requests (Djordjevich & Vault 2007, pp.182-183). In its LPO (Legal Process Outsourcing) engagements, it often faces confidentiality challenges, or problems, owing to the attempted or successful attempts to hack its servers. Notably, the firm has in-house advisers and in-house technical staff to deal with such problems and the attendant risks, which present considerable legal along with ethical concerns relating to confidentiality according to Nollkamper (2000).

The firm has varied technical resources that are aimed at addressing the confidentiality threats posed by attempts to hack its servers. It has always tried to strengthen the controls it has put in place regarding the access of its entire IS (Information System). The administrator level of the IS presents the firm with considerable capability of concealing confident information not to be accessed by unauthorized parties. Even then, at times, the user passwords and user names that are enforced to control access of the IS are easily guessed by potential hackers as opined by Lewis (2012) and Nollkamper (2000). Its IT staff members at times forget to convert the default wp6-database prefix to random figures that cannot be guessed easily (Pan, Thomas, Yuan & Taylor 2012).

The other principal technical resource geared towards helping Kirkland & Ellis deal with the confidentiality problem posed by web server hackers is the firewall installed to protect its web applications from being hacked or breached. Notably, WAFs (Web Application Firewalls) are based on hardware or based on hardware (Behrens, Riley & Khan 2005; Serrão, Díaz & Cerullo 2010). The firm has a WAF installed between its website server on one hand and data connection on the other hand. The WAF reads all the data going through it. The WAF serves a filtering gateway for every incoming data and blocks attempts by hackers to access or attack the server. As well, the WAF filters out other undesirable traffic, including malicious bots and spammers (Behrens, Riley & Khan 2005). Notably, the server is at times hacking by individuals who breach the WAF successfully. There is a need to add technical resources to build on the server protections offered by the user passwords and user names and the WAF. The following is a graphical expression of the usage of the WAF technology at the firm.

The user passwords and user names and the WAF contribute to the confidentiality problem related to the hacking of the Kirkland & Ellis web server. As noted earlier the user passwords and user names that are enforced to control access of the firm’s IS are easily guessed by potential hackers. Its IT staff members at times forget to convert the default wp6-database prefix to random figures that cannot be guessed easily. That adds to the vulnerability of the server to being attacked (Behrens, Riley & Khan 2005; Serrão, Díaz & Cerullo 2010). The usage of the user passwords and user names can be incorporated in or used to inform one of the proposed solutions to the problem: having the firm ensure that its server is secure via smart password management. The firm ought to make sure that its passwords, chiefly for the users they offer shell access, or admission, are changed regularly and cannot be guessed without difficulty. Besides, if the firm utilizes several servers, it ought to utilize inimitable passwords on each of them.

As noted earlier, the WAF contributes to the confidentiality problem related to the hacking of the Kirkland & Ellis web server as well. The WAF allows for the breaching of the server at times because it is not capable of communicating actively with related security components. The inability to communicate actively with the components makes it unable to provide absolute protection of the server from being served. Notably, the WAF’s inability to provide the absolute protection is not constrained to its relative weakness or strength as a product. Rather, it is just unable to sufficiently protect the server independently. On its own, the WAF is easy to be bypassed by hackers and is not equipped with the means to giving signaling users when it is bypassed or compromised (Behrens, Riley & Khan 2005; Serrão, Díaz & Cerullo 2010).

There have been suggestions that Kirkland & Ellis bolster the protection offered by the WAF by enhancing its security technology. There has been a proposal to have the firm get a new perimeter security model which views the firm’s WAF as a strong enforcement point and allows for its empowering to communicate actively with the whole of the IS. The lack of such a model is often blamed for the WAF’s inability to respond to emerging or new breaches, or attacks, sufficiently (Behrens, Riley & Khan 2005; Serrão, Díaz & Cerullo 2010). As well, the lack of such a model is often blamed for the firm’s inability to modify its WAF security measures appropriately. The WAF is seen as ineffective since it is not a distributed system capable of integrating central monitoring communications to forestall all security breaches relating to the server adequately.

Notably, the creation of a secure network-based LPO environment needs Kirkland & Ellis to not only install a WAF at it internet gateway but also ensure that the WAF is a comprehensively distributed system. It should ensure that the WAF incorporates complementary solutions, including internally deployed firewalls, intrusion protection, malicious code scanning, virus code scanning, vulnerability scanning, and virtual private networking. Presently, the firm’s WAF is devoid of internally deployed firewalls, intrusion protection, malicious code scanning, virus code scanning, vulnerability scanning, and virtual private networking complementary solutions. The firms is presently dependent on an independent, or standalone, WAF at the gateway, exposing the server to marked hacking risks as demonstrated by Conrad, Misenar and Feldman (2012, pp.113-115).

The usage of the Kirkland & Ellis’ WAF can be incorporated in or used to inform one of the proposed solutions to the problem: the firm to secure its server via the usage of secure shells rather than telnet as suggested by Barrett, Byrnes and Silverman (2005). Telnet is typified by sessions that are unencrypted. That means that passwords and the related usernames conveyed through it are unsafe since they are transmitted as plain text or data. As noted earlier, the firm’s WAF reads all the data going through it. The WAF serves a filtering gateway for every incoming data and blocks attempts by hackers to access or attack the server. As well, the WAF filters out other undesirable traffic, including malicious bots and spammers.

Notably, the user password, user name, and the WAF technical resources employed by the Kirkland & Ellis are incapable of presenting it with absolute protection from attempts to hack its web server. The problem of the inadequacy of the password, user name, and the WAF technical resources in providing the protection has not been successfully addressed by the firm’s in-house advisers and in-house technical staff charged with deal with such problems and the attendant risks for a long time. Consequently, the resources have been presenting the firm with considerable legal along with ethical concerns relating to confidentiality in the past. As well, the resources present the firm with considerable legal along with ethical concerns relating to confidentiality currently.

Notably, Kirkland & Ellis has over the years been keen on protecting own IS using the available technological resources. The adoption of emerging technologies to secure its IS can thus be deemed as being a significant component of the firm’s historic behavior. Thus, its extant approach to new, or emerging, technologies does not come off as a new behavior. Rather, it comes off as falling naturally in the firm’s history of consistently and enthusiastically adopting new technologies. The history is attested by the actuality that the firm has varied technical resources that are aimed at addressing the confidentiality threats posed by attempts to hack its servers. It has always tried to strengthen the controls it has put in place regarding the access of its entire IS. The adoption of the proposals to the firm to secure its server via the usage of secure shells rather than telnet and via smart password management will be an affirmation of the firm’s inclination to adopting emerging technologies promptly to secure its IS.

Scroll to Top