NetDocuments: Forthcoming data loss prevention tech attaches security to matter or client

NetDocuments has its ndElevate EMEA user conference in London today (12 September) and if ILTA Washington is anything to go by, interest will be high in its new data loss prevention capability, which, available as of Q4, focuses on putting advance security around a matter or client to prevent data loss.

NetDocuments new capability means that users can define at matter creation the actions that can and can’t be taken.

Speaking to Legal IT Insider in Washington, CEO Josh Baxter, who took over the role in July said: “What has happened in the industry is we put up walls and only let in those we trust but once someone is in they can still have a party. There is some monitoring for bad behaviour, so you’re alerted when bad behaviour happens, but by then it has happened.

“DLP takes a matter or client and puts a security level around it and says, for example, ‘based on those settings you can’t print or access this data from North Korea.’ We define the actions that you can or can’t do now.”

Chief technology officer Alvin Tedjamulia told us: “NetDocuments has always been famous for its back-end security but then we started asking the question, ‘where is the weakest point?’ and that is the end user, who can be malicious, careless, or naïve. How do you prevent data from leaking? Of course, the security to prevent it from leaking is DLP.

“NetDocuments is developing DLP, out by end of this year. It’s a technology that is based on data classification and is what banks and the defence industry and government and big corporates use. For every matter, you define what the class of that matter is: is it secret, internal only, public, can you email to Gmail or only to approved people, can you email outside of the country – there is a whole series of questions. Then the DLP is sealed in the metadata and this is action-based security, not just access control. If you try to copy it and the classification says that’s not allowed, you will not be allowed to copy it.”

As with need to know or ethical walls security, we can see this causing huge excitement at 3am in the morning on a deal when a lawyer finds they aren’t allowed to print but Tedjamulia said: “The same tools and processes that change the permissions for ethical walls will apply.

“You can approve a user just one time on this request or workflow, or approve them permanently.”

The forthcoming release came about after a conversation between NetDocuments and a financial institution that, when it creates any matter, classifies it as either secret, classified or public and Tedjamulia said: “We don’t want law firm to have to create rules that say ‘if the email attachment has the following it can’t be sent.’ We want rules in the document itself. Can they be shared with HighQ or in shared spaces? All those are action based DLP.”

In a typically colourful fashion Tedjamulia adds: “Other solutions remind me of a commercial security guy doing nothing in a bank robbery and someone says, “Shouldn’t you be stopping the robbery?” and he says, “I’m only here to monitor what’s going on.”

There is also likely to be some discussion at ndElevate over collaboration. Following NetDocuments acquisition of collaboration platform ThreadKM towards the end of 2017, a release this autumn will mean users can send documents with annotations to facilitate better collaboration.

110 firms already use ndThread while just over 320 use ndMail.

NetDocuments, which is private equity owned, this year again disclosed 40%+ annual growth. According to one investor we spoke to at ILTA, Clearlake Capital, which bought NetDocuments in 2017, is looking for another private equity house to buy out part of its stake, but Baxter said that’s not correct, commenting: “Clearlake are in it for the long term.”