Thank you for sharing!

Your article was successfully shared with the contacts you provided.
No matter how fast remote access connections evolve and how small notebooks shrink, traveling attorneys need to carry a notebook computer to access their firm’s network. And while notebooks are no longer bricks, the lightest still weigh in at about four pounds and manage to defy the laws of physics by gaining weight as you run for an airplane. Fortunately, a happy convergence of three critical technologies now supports a convenient, light and secure way to access a firm network. This can allow users to leave their notebooks behind, yet still check in to the office via Internet cafes, borrowed computers, or at satellite offices. Morrison & Foerster (MoFo) attorneys spend as much time on the road as they do in one of our offices. And we have a lot of offices! HISTORY LESSON Before we look at MoFo’s remote access system, let’s review a brief bit of history. The first piece of critical technology for remote access is the Internet. In the early 1970s, the Department of Defense Advanced Research Projects Agency launched ARPANET, the parent of today’s ubiquitous Internet. Today, unless you’re in a rowboat in the middle of the ocean, you can find an Internet access point within shouting distance. Even my local spa offers a high speed DSL link for patrons to enjoy while waiting for their next moment of Zen. The second piece of our puzzle is the omnipresent Web browser. The Internet browser’s ease of use and unbelievably rapid market adoption inspired everyone from garage hackers to Microsoft Corp. to develop applications to run in a graphical Web-based window. A universal network and an easy-to-use, common application interface are a good start, but if you want to do something more than chat online about whether Elvis is really dead, you need security, our third component. No one is going to risk their credit card number or client’s data without the confidence that they can control who sees that information. Secure connections over the Internet became generally available in the mid-’90s, when Netscape introduced SSL (secure sockets layer) protocol to manage message transmission. Now we have all the pieces we need: the Internet, the browser, and security. All that’s left is to invoke that security on demand. Enter RSA Security Inc.’s RSA SecurID. It’s Morrison & Foerster’s traveling authentication tool of choice. Imagine a tiny tamper-resistant device, that is — in size and appearance — not unlike the keyless entry system available for most upscale cars. RSA calls it a “key fob” and it looks like the watch fob your grandfather hung off his pocket watch. The similarity ends at size — unless your grandfather’s fob sported a small LCD screen that displayed a different six-digit code every 60 seconds. The RSA SecurID key fob is one part of a two-factor “strong authentication” scheme. Factor one is what you have: the key fob. Factor two is what you know: a PIN. ANALOGOUS TO ATM This is completely analogous to ATM access: You have a card and know your PIN. One without the other just won’t work. With that picture in mind, let’s follow an attorney walking up to a PC or kiosk with Internet access. She enters a Web address, such as https://private.myfirm.com. Up pops a dialog box asking for three pieces of data: 1. Her normal network log-on name 2. Her key fob PIN 3. The ever-changing fob six digit number She enters that information, and shazam! She’s up and running, inside her firm network, enjoying the menu of SSL compatible applications. Imagine the flexibility: Want to access your network at a client’s site? No problem. At an airport kiosk? Piece of cake. In your pajamas at the hotel? Cool. Visiting mom and dad? No brainer. Yawn, can’t you find a tough one? TECHIE DETAILS Intrigued? Let’s see what goes into a SecurID installation with a few lessons learned from MoFo’s implementation, courtesy of Mark Potloff, our remote network analyst: � Did you notice that there is an “s” in https://private.myfirm.com? That’s critical for reaching a Web site secured by SSL. Next time you’re buying something on the Internet, take a look at the URLs. You’ll see quite a few “s”-enabled SSL secured sites. For more information on the details of SSL and digital certificate security, visit RSA Security at www.rsasecurity.com. � Not all applications are SSL-friendly. Microsoft’s Outlook Web Access is, and it’s a fine place to start. � If users forget their PINs, they must coordinate new ones with their administrator. For a successful reset, you need both halves of the puzzle, the fob number and the PIN. � Administration of SecurID accounts can be done from work or home. This supports responsive administration during evenings and weekends. � Even though this technology is well suited for network access when on the road, it can be an incredible timesaving tool when traveling within your own firm. Network log-ons can be time consuming when not in your home office. When I travel, I use a local Internet-only account to access the Internet in seconds. Once on the Internet, my key fob and I are checking e-mail in a fraction of the time that it would take if I had used a traditional log-on. � The SecurID system can authenticate via a radius server, which may allow you to eliminate many of your remote access passwords. SecurID may become your sole authentication for RAS, virtual private networks, or whatever services you use for remote access. If traveling attorneys lose their fobs, they are not out of luck. A temporary “fixed” password can be assigned to their account to take the place of their SecurID’s six-digit number. This password can be set to expire the day the user returns from his or her trip. RISK MANAGEMENT Getting the technology to work is half the battle, but risk management and security policies are tricky too. Here are some of the policies and procedures in place at MoF � Fob orders are placed through an Intranet page with reminders of MoFo’s secure access policies. � Users are allowed to pick a PIN they can remember rather than being assigned one that they will most likely write down. � If attorneys walk away from a MoFo RSA SecurID enabled session; they are automatically logged off in five minutes. If they are reading a long e-mail or go to another Web site from their e-mail, they have five minutes to return before they have to log in again. � Lost fobs are immediately disabled. But the lost fob is still listed under the user’s account and can be enabled again if they find it. � Fobs aren’t expensive, especially when compared to notebooks, but they aren’t free either. We haven’t decided on the right response to lost fobs, but then, we haven’t lost any yet either! � Users are required to sign an agreement when receiving the fob, which creates a line of responsibility between the firm and the user. SecurID is a little thing (literally!) but the reception at MoFo has been nothing short of huge. SecurID is not the only answer to your remote access needs, but it does fill a niche for anywhere, anytime access without requiring a bulky computer. And that’s a big thing! Jo Haraf is chief technology officer at Morrison & Foerster and a member of the Law Technology News Editorial Advisory Board. She is based in San Francisco

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]

Reprints & Licensing
Mentioned in a Law.com story?

License our industry-leading legal content to extend your thought leadership and build your brand.


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.