With regulation and compliance being an increasingly important consideration for law firms, many enterprises have implemented ethical wall solutions in the past few years. These solutions can integrate with SharePoint sites, CRM systems, as well as the traditional DMS environments. But ethical wall solutions have been around for many years now, and a lot has changed with regard to vendors and versions over that time.
Enterprises that were ahead of the curve years ago are now starting to face the fact that they need to either upgrade or migrate to a new Ethical Wall version or solution.
There are many steps and factors to consider in this process, including a thorough review of every single ethical wall in place. But if I can highlight one specific item to be wary of, it is ensuring that any legacy wall that was disabled either remains disabled, or, better yet, not even migrated to the new version or platform. Let me explain why.
Imagine you had a certain internal firm administration matter that had a wall in affect years ago, but subsequently disabled. Fast forward to the conversion, and all of a sudden, nobody can access any DMS content for this matter. Turns out an antiquated wall was applied, providing access to only three former employees who left the firm in 1994. What do you do? If you disable the wall, it will simply revert security back to a default (usually Public). This now means that anybody can see ALL documents that fall under this matter. Unless your new wall solution kept a backlog of what the previous security was, you are in trouble. Your best option may be to set all documents to be Private, but programmatically provide security to just the author and perhaps any user that appears in the history/audit trail of the document.
My point is that even with lots of testing and validation, it can be very easy to faciliate a massive security breach when it comes to ethical walls. If something falls through the cracks, be prepared with ways of re-securing data quickly.