67%+
Increased
75%
Overview
Hoge Fenton Jones & Appel is a multi-service law firm headquartered in Silicon Valley. As a member of Mackrell International, a premier network of independent law firms in 60 countries, the firm’s reach extends around the world. Mackrell International has been named a Top Ranked Chambers Global Leading Law Firm Network.
Seth Silapasvang, Director of Information Technology at Hoge Fenton, leads the internal IT team supporting multiple offices and is responsible for compliance and risk management. “It’s critical that we are fully compliant with regulations, such as Gramm-Leach-Bliley Act (GLBA), while being minimally disruptive to our business and attorneys. On top of that, non-compliance fines can range from one thousand to hundreds of thousands of dollars. Rubrik Sonar is an essential part of meeting regulatory compliance while providing operational efficiencies via automated searches and reporting,” said Silapasvang.
Rubrik Sonar is an essential part of meeting regulatory compliance while providing operational efficiencies via automated searches and reporting.
Challenges
-
Complex, time-consuming manual management via Excel spreadsheets and teams
-
Inefficient processes for sensitive data discovery and access control
-
Limited visibility into what sensitive data resides where across multiple locations
Results
-
67%+ operational savings to perform search requests for audits (1 hr vs. 3 hrs to days)
-
75% reduction in FTE required for the same tasks (1 FTE vs. 3-4 FTE)
-
Increased ability to prove compliance
Business Transformation
-
Increased efficiency for e-discovery and compliance
-
Improved retention policies for more granular control
Challenges
Time savings for audits via automation vs. a manual approach
Prior to Rubrik Sonar, Silapasvang and team relied on a time-consuming manual approach to search for sensitive or PII information for audits. “We adhere to regulatory compliance as well as annual and client-led audits. The process before consisted of Excel spreadsheets. To create a data repository meant entering information line by line. On top of that, it was extremely difficult to control user access,” stated Silapasvang. “For one high profile case, we had to assign one person as the sole owner, who then brought a flash drive everywhere to make changes on only his computer.”
In addition, Sonar helps Silapasvang’s team reduce time spent on completing such requests. “When a search request comes, finding the information is extremely difficult because it can be in multiple places. A search for something simple can take a few hours and complex multi-location searches can take longer to pinpoint exact data. Rubrik and Sonar immediately save us at least half our current search times and that differential expands exponentially for larger requests. We save even more resources because we can now automate it with Sonar and just one person instead of having to dedicate a search team for fast deadlines,” said Silapasvang.
The process before consisted of Excel spreadsheets. To create a data repository meant entering information line by line. On top of that, it was extremely difficult to control user access.
Solutions
Granular search to increase efficiency for e-discovery and compliance
Hoge Fenton uses Sonar to perform on-demand search requests for client cases. Silapasvang added, “The advantage of Sonar is it allows us to be more efficient on how we do e-Discovery. We can use Sonar to run global searches across massive amounts of data. These searches would include looking for specific names or email addresses in order to understand where files are located and if they are in the right locations. With Sonar, we can identify hotspots without impacting our production environment and then comb through the results more finely, making our current e-Discovery processes and tools more effective.”
Furthermore, Hoge Fenton leveraged Sonar’s predefined policies to assist with compliance for GLBA, US PII, and US Financials. Today, they are continuously monitoring patterns for bank account information, credit card numbers, social security numbers, taxpayer information, and more.
With Sonar, we can identify hotspots without impacting our production environment and then comb through the results more finely, making our current e-Discovery processes and tools more effective.
Improving retention policies to address the right to be forgotten
New data privacy laws have increasingly strict requirements regarding access and deletion of individuals’ data. “With California Consumer Privacy Act (CCPA) and General Data Protection Regulation (GDPR), certain sensitive data is subject to access requests, such as the right to be forgotten, and is required to be aged out over a shorter period of time, such as 30 days. However, we may need to keep certain legacy backups to meet other compliance requirements. With Sonar, we can identify and segregate at a granular level which files or folders need to be removed and adjust our retention policies accordingly to meet the 30-day requirement while keeping the rest of the backup for a longer period of time,” said Silapasvang.
With Sonar, we can identify and segregate at a granular level which files or folders need to be removed and adjust our retention policies accordingly to meet the 30-day requirement while keeping the rest of the backup for a longer period of time.
The Results