Welcome to our Data Security Innovators series where we talk to CISOs who are navigating the frontiers of security with novel processes and technologies. In this episode, we speak to Mike Santos who is the Head of Security at Cooley, one of the world’s largest technology and biotech law firms, based out of Palo Alto, California.  In this episode we speak to Mike about:

• The unique challenges of protecting the data of a law firm servicing the world’s largest companies with highly valuable intellectual property.
• How he approaches building a culture of security for the lawyers and attorneys without hampering productivity.
• Why Cooley doesn’t rely on data classification and instead leverages data detection and response (DDR) alongside data lineage to protect what matters.

The threats faced by today's law firms

Mike explains the types of data exposure risks that exist within law firms. While he’s worried about external threats, given the incentives to steal proprietary information from law firms, he’s also concerned about incidental exposure that can happen when lawyers accidentally overshare sensitive information in the course of their work.

What’s the role of security in Big Law?

Mike says that the high stress environment of Big Law can lead to mistakes that lead to sensitive data exposure. He highlights the role security plays in helping nudge employees to better practices, rather than outright stoping or impeding employees’ tasks.

Why data classification doesn’t work in modern security

Data classification doesn’t work in environments like Big Law, Mike says, where the context, not content, informs whether information or a file is business critical. This makes it much harder to rely on traditional classification tools, which use simple heuristics, like looking for information like SSNs to trigger alerts. As a result, Mike needed to build Cooley’s program around a tool that could evaluate sensitive information based on its context, which requires building novel policies and leveraging newer tools.

“Every piece of data we have, depending even on timing, can be sensitive… If all data is sensitive, it becomes much more important to understand how data moves, who touches the data, and what they’re doing with the data.”

– Mike Santos, Head of Security, Cooley LLP

Deploying data detection and response (DDR) to modernize security in Big Law

Mike highlights how data detection and response is preferable to rigid security controls focused solely on blocking activities. Using a DDR approach, Mike identifies real patterns that allow him to make informed decisions about how to address user behavior without disrupting anyone’s workflow.

“Security controls get circumvented. That’s why you need data detection and response.”

– Mike Santos, Head of Security, Cooley LLP

Unleashing the power of data lineage for high accuracy and meaningful analysis

Mike shares how he’s built his security program around a concept known as data lineage. Leveraging data lineage means understanding the ways in which users are leveraging specific websites and applications in order to have a thorough understanding of the source of data entering being shared and modified. With this context, security rules can be modified on the fly as needed.

“When you have a traditional system and you’re just looking at all the blocked actions, there’s just a lot of noise. [Data lineage] helps us identify things that you don’t usually get to see with traditional DLP.”

– Mike Santos, Head of Security, Cooley LLP

Learn from the industry’s top-notch security innovators

If you enjoyed this recap, make sure you join us for our next installment of the Data Security Innovator series by subscribing to our blog.