Heartbleed Won’t Bring Cardiac Arrest for Ediscovery

Wednesday, April 16, 2014 by Thought Leadership Team


How do you stop a security professional’s heart from beating?

Two words: security breach. In today’s “Internet of Everything” environment, the impact of a security breach can be felt around the world and back again...in a matter of seconds.  For that reason, it’s not surprising that on April 7th when news of the Heartbleed bug became public, IT and security professionals issued a global code red.

What is the heartbleed bug?

Heartbleed is a name given to a vulnerability found within the OpenSSL library – a tool used in many software and hardware components to securely transmit information over the Internet.  According to the High Technology Crime Investigation Association:

“The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.”

When Google, YouTube, Facebook, Yahoo and Dropbox are on the short-list of providers working to protect their systems, you can imagine the impact is colossal.  Luckily, there are sites where you can keep abreast of the impact of Heartbleed on the most popular social, email, banking and commerce websites.

Why should ediscovery professionals care about Heartbleed?

It does not take an open heart surgeon to understand that legal teams should be assessing the impact of Heartbleed on their systems – stat.  From accessing judicial opinions to filing a claim and fact-finding in discovery, web-based legal software tools are more than a mainstay in today’s digital practice of law.  Most legal technology providers understand the critical nature of security to their offerings, and as such, have robust security programs, complete with on-going monitoring for vulnerabilities.

At Kroll Ontrack, security of our systems is paramount.  As part of our standard operating procedures, our engineering and quality assurance groups use various methods to inventory, and then test technology components to ensure that they are not vulnerable to such attacks.  Further, our IT team and Chief Information Security Officer continuously monitor for security alerts to ensure our technology platforms around the world remain unaffected.  We are glad to report that Heartbleed has not caused the pulse of ediscovery.com to flat-line, or even skip a beat.  If you have questions specific to Heartbleed or any of Kroll Ontrack’s ongoing security protocols, contact your Kroll Ontrack case manager.