Defense in Depth: How Troutman Pepper eMerge Established Themselves as a Leader in Security

e-Discovery is a highly specialized, technical field. Often, it’s a challenge for law firms to balance the practice of law with the technical knowledge they need to manage the software that helps them manage their cases.

Some firms have responded by nesting technology-focused groups as wholly owned subsidiaries. These groups help create space for the amalgamation of technology and law, often resulting in innovative solutions and additional value to the firm’s clients. The firms who’ve launched them are able to improve the way case teams approach each matter by leveraging powerful software and to-the-minute tech strategies, incubating innovation, and raising the bar on efficiency and effectiveness.

Troutman Pepper is one of those firms. Troutman’s Alison Grounds launched eMerge in 2012 to “combine legal strategy with advanced technology for the management of ESI in litigation and internal and governmental investigations.” As partner and managing director of Troutman Pepper eMerge, Alison knows clients need to trust counsel’s technology with their most sensitive data. To make that trust easier to come by, eMerge has invested heavily to protect their clients’ data against an ever-evolving threat landscape.

What Kind of Cloud?

Organizations of all types—including law firms, but also corporations, government agencies, and academic institutions—are making the move to the cloud. Leveraging SaaS platforms to manage data is a boon for simplifying (or eliminating) infrastructure management, consolidating document storage, leveraging artificial intelligence to make the most of that data, seamless collaboration, and more. But options abound, and choosing the right solution takes finesse.

In 2017, eMerge was evaluating their tech stack and explored moving their Relativity hosting environment to the cloud. Given its recent release, RelativityOne was an option, but the firm also opted to work with cloud consultants to investigate what it would take to build and manage their own Relativity instance in Azure instead. Might an independently operated cloud offer advantages in expenses or control?

During their analysis, eMerge discovered numerous indirect costs that would be associated with a DIY Azure instance. These included managing the constant changes in cloud infrastructure, increasing headcount to add cloud expertise, and significant initial and ongoing investment in securing cloud systems.

Weighing those costs against their never-ending effort to reduce risk for clients, eMerge determined that the rapid pace of innovation and change would be best managed via partnerships with established technology vendors and security teams. As Chris Haley, eMerge’s director of legal technology, recently explained: “we quickly realized that while the direct costs of doing it on our own may be slightly lower, the true cost would be much higher. The benefits of having an extended security team—Relativity’s Calder7—and continual reinvestment in security improvements by their team made RelativityOne a much clearer choice.”

Brannon Millard, eMerge’s director of security and infrastructure added, “Calder7 comes baked in with RelativityOne—a product that’s already engineered, by its developers, to be secure in its place and managed by their own in-house experts—on top of an already super impressive cloud platform from Microsoft, with thousands more of their staff dedicated to security.”

Put simply, an abundance of dedicated, heavily resourced security professionals was already there, doing the work. So, eMerge asked themselves, why not take advantage?

ISO 27001 & the Value of Partnerships

eMerge recently earned a new distinction by achieving ISO 27001 specifically for their e-discovery, litigation support and legal technology functions. A significant number of Am Law 200 firms tout ISO 27001 certifications with varying levels of scope within their IT stack—but not all can claim this level of achievement specifically for their e-discovery arm.

Leading the quest to earn ISO 27001 was Brannon Millard. Brannon’s role is not only crucial to  eMerge’s work, but unique within the industry. He focuses specifically on e-discovery security and ensuring client data remains protected. Not many firms can say they have a director-level security professional dedicated to e-discovery and litigation support.

“Having RelativityOne and Calder7 in place significantly reduced the burden of achieving this objective. Leveraging RelativityOne, and recognizing the importance of security in our industry, eMerge accelerated its ISO 27001 certification to the benefit of our clients,” Brannon said. “Because the firm and the providers that support eMerge are also ISO 27001 certified, this is really a defense-in-depth approach, meaning our clients’ data is protected by multiple layers of security controls spanning multiple organizations. We are proactively protecting our clients’ data at every level.”

Brannon also said that transparent, thoughtful communications help bolster the team’s partnership with Relativity. In a recent security best practices review between Relativity and eMerge stakeholders, Sarmad Qutub, our product manager for platform security products, gathered feedback around Relativity’s in-app security features: “An active dialogue with customers like Troutman eMerge help make our security roadmap better. We thrive when our customers share real world feedback on how we can evolve our offering.”  

And, as with every responsible organization in today’s landscape, a strong security posture doesn’t end with the tech stack. Curating a culture of security is key at Troutman eMerge and Relativity alike.

You can read more about Troutman Pepper eMerge’s ISO 27001 certification here.

David Disch is a customer success manager at Relativity, where he helps users make the most of their investment in the platform with optimized workflows and greater feature adoption.

Brannon Millard is director of security and infrastructure at Troutman Pepper eMerge. Brannon advises the technology team members, oversees eMerge infrastructure, manages vendors, and consults with eMerge’s attorneys and clients regarding security initiatives, as well as issues related to technology, and data privacy.

Discover RelativityOne