Keeping It Secure – Internet in a Bubble

by Joseph Raczynski

Absolutely! Feel free to use YouTube, Twitter, Facebook and Gmail for business purposes at Kelley Drye.  As many firms struggle with internal access to these services for their employees, Kelley Drye has figured out how to satisfy employees and firm management by establishing a secure secondary path to the Internet in a bubble which they call Wild West Internet.

 

This inventive access was discussed at the “Keeping It Secure – Internet in a Bubble” session at the ILTA LegalSEC Summit 2015.  Judi Flournoy, CIO at Kelley Drye described the evolution of how they reached the Wild West Internet.   In part, the genesis was an outgrowth of a 300 part questionnaire request from a financial institution client.  With the significant restrictions the financial institutions placed on access they were forced to change their Web access policy.  The first iterations proved extremely draconian.  No access to personal email or social media was permitted. This met with incredible backlash from the staff.  In fact, there were attorneys in tears of frustration and anger, expressing feelings of disconnect from the outside world.  Peeling back the policy, the revised policy instituted individual access to those cleared by Human Resources on a one off approval basis.  Soon thereafter, throngs were making this request which became problematic.

 

Ultimately the solution and final policy decision involved creating a separate browser experience for users when they accessed YouTube, Twitter, Facebook and Gmail for business purposes.  With the assistance of Lisa Stone and Thomas Moreo from Cornerstone Information Technologies, they built a perimeter network which sat within their larger network but behind an additional firewall.  Thus they were able to safeguard all of their primary systems and establish a walled garden where people could access those services.  There were multiple safeguards put into place including that fact users could not print, download or cut and paste back into the primary network.  Users agree to these in principle and understand the limitations, but both those users and the firm found this to be a perfect halfway point.

 

For more granularity on instituting this please see the following:

  • They used an ASA Next Gen internal firewall creating an outer perimeter - DMZ
  • Citrix ZenApp
  • Read only domain controller with shares for profiles
  • MacAfee with all of the blocks associated for pornography and gaming sites
  • Blocked: printing, downloads and the ability to cut and paste back to the firm environment
  • Loaded MS Office in the environment so people could still read Word/Excel