By now, you have likely received a slew of messages, penned by various CEOs, explaining what their companies are doing to cope with the current COVID-19 crisis. Almost every business has been impacted, and it’s important to communicate that impact to customers. It’s worth noting though that while some of these messages are truly informative, many are just opportunistic sales pitches.
SaaS offerings inherently enable work-from-home, and some vendors simply rely on their cloud-based offerings to promote business-as-usual to their customers. However, if you apply some basic risk analysis to how a pandemic might affect the infrastructure and operation of a SaaS service, it quickly becomes apparent that such an evaluation is far too simplistic.
Every data center requires some sort of operational and security personnel onsite to function and meet most security standards. The majority of systems administration work can be done remotely if proper abstraction layers have been put in place, but other tasks such as hardware maintenance still require on-site personnel. Ensuring proper staffing and workplace safety (e.g., personnel redundancy, shift work scheduling, and workspace cleaning) requires thoughtful planning and rigorous testing. Moreover, your data center operator must have previously obtained a designation from government authorities as an “essential business;” if not, you may be depending on a service provider that faces fines for simply conducting business as usual.
Assuming your provider has the proper protocols in place for onsite work and credentials to operate, secure remote work must also be enabled from both a cybersecurity perspective and a practical perspective. Like onsite work, proper remote work planning is not something that can be done reactively in the midst of a crisis, but should have been part of a disaster recovery or business continuity plan that was tested regularly and in advance of activation.
Rational Review’s default cloud provider is Google Cloud Platfom, and its extensive disaster recovery and business continuity program is one of the reasons it was chosen. You can see a full overview of the work Google has done since the pandemic began here. It’s important to remember that Google’s business continuity plan is in scope for the certification or third party attestation process required for some of the most stringent security standards and regulations in the world, including CSA, ISO 9001, ISO 27001 ISO 27017, ISO 27018, PCI DSS Level 1, SOC 1, SOC 2, SOC 3, CJIS, DoD SRG, FedRAMP, and more.
The incredible scale of providers such as Google ensures they have the resources to coordinate the multiple layers of protection required to avoid service disruption. For a smaller provider, it’s just not possible to spend the amount of time and money it takes to develop and test an equivalent pandemic response program while staying financially competitive. If your cloud provider or the cloud provider of your eDiscovery vendor does not have transparent and comprehensive protocols and procedures, there may be an unmitigated risk lurking behind their reassuring refrain “we are cloud based, so it’s business as usual.”
People, Processes, and Technology
Beyond the security of the cloud infrastructure for a SaaS service, the people, process, and software of the eDiscovery vendor should all be considered as well. Without an experienced and well-trained client service team, protected by the proper protocols, infrastructure won’t matter.
Rational has made secure remote work a priority, committing to fulfill 24/7/365 support. Our team of client managers has been trained and enabled for remote work from the outset through company-issued hardware, antivirus and phishing protection, and VPN software for encrypted network access and use. The Rational Review platform was built with granularity in its security permissions, leveraging over 60 individual permissions that can be employed through out-of-the-box user personas, or customized for unique user groups. Two factor authentication is also available at no extra cost to help combat impersonation, which arguably poses the largest security risk during COVID-19.
Rational Review is as much for administrators and managers as it is for reviewers, which means dynamic reporting and monitoring of activity, whether it be for productivity monitoring or security and access management. Admins have a central dashboard that reports on key metrics across various stages of eDiscovery through automatically populating visualizations. Each function has a dedicated dashboard with exportable reports, in addition to a dedicated reporting service that can produce PDF or Excel reports for a range of topics. These various tools for macro or micro insight into user activity are important for eDiscovery when business is as usual, but they are essential when trying to manage a physically distributed team.
By default, all of our customers have single-tenant instances, a permanent client management team, and scalable consulting services to enable their projects – all of which enable incredible flexibility. If a change needs to take place on how your specific instance is accessed, we can do it immediately without effecting any other customer; if you need advice on how to ensure remote sessions are secure yet convenient, we can provide it; if you need remote-enabled contract attorneys, we are able to scale up your service package to include them; likewise, if you need to switch to a self-service model and reduce your services temporarily, every aspect of our technology supports it.
We have been prepared for this disruption, all the way from the infrastructure we use to the interface of our software and the people who pick up the phone when you call. Rest assured we will continue to support your toughest eDiscovery challenges, and if you are finding a disruption in your current provider, know that they could have done better; we have experienced 0 down time and 0 quality deterioration in our service in all of 2020. The tools and processes to enable this more remote world have existed for a while, it’s just a matter of whether your provider has embraced them proactively, or if it’s been struggling to keep up. We can say with confidence: it’s business as usual at Rational Enterprise.
We sincerely hope that you and yours are healthy, safe, and happy, so you can continue business as usual too.