According to IBM’s latest report on data breaches, the global average cost of a data breach in 2024 is $4.88 million—a 10 percent increase over last year and the highest total ever. The business risk of having poor security protocols has never been higher, and the need for a functionally verifiable security program that actively addresses and scales with the growing risk and severity of data breaches has never been more pressing.
One of the best ways to immediately minimize this business risk is through enabling 100 percent compliance with two-factor authentication (2FA) on all company devices and instances. 2FA allows companies to break a common chain of attack tied to exfiltrating data via compromised user and company login credentials by ensuring that an active user is who they say they are. This is done by verifying their identity multiple times before granting access to critical business systems and data.
Alongside enabling standard two-factor authentication within your enterprise, we also recommend you adhere to these two best practices:
- Standardize your two-factor authentication process across platforms and tools by working with an outside vendor that uses OpenID Connect or SAML 2.0.
- Employ hardware tokens, push notifications for real-time responses, or biometric methods (like fingerprint or facial recognition) instead of SMS-based methods.
If you use RelativityOne, you can streamline this practice by mass-enabling 2FA for all users via Security Center.
A Culture of Security in the Relativity Partner Community
Two-factor authentication is a critical first step for improving the security posture of any Relativity customer, but it’s also a key benchmark for Relativity partners looking to achieve Gold status in the Relativity Partner Program. This feature provides a critical foundation for partners providing RelativityOne services to end users, but it’s not the only thing we recommend for those organizations looking to differentiate themselves by highlighting their commitment to the data security of their end users.
At Relativity, security is deeply ingrained in everything we build and everything we do. We take a lot of pride in the trust our users have in us, and we are relentless about keeping their data as secure as humanly possible. But we’d be remiss not to mention the many ways our partners take that responsibility to the next level by keeping cybersecurity at the forefront of their own processes and operations.
I’m excited to share that we’re formalizing that recognition in a new way: starting this month, February 2025, we’re rolling out a new Security Best Practices competency for RelativityOne partners.
Our competencies program allows partners to certify their expertise in particular practice areas or project types and make it easier for enterprise teams to find partners who can support their unique needs.
The new Security Best Practices competency will help end users identify providers who excel in their security posture, and give those partners space to stand out in the marketplace. Prioritizing security in our partner community is good for business, for Relativity, and for the Legal Data Intelligence industry at large; as the famous saying goes, “a rising tide lifts all boats.”
Verification of a partner’s Security Best Practices competency will be assessed in three key areas, which Relativity’s security team, Calder7, believes are critical for delivering best-in-class security outcomes.
3 Tenants of Relativity’s Partner Security Best Practices Competency
#1: Adherence to Recommended RelativityOne Security Configurations
SentinelOne reports that almost 23 percent of cloud security incidents are a result of cloud misconfiguration, and 27 percent of businesses have encountered security breaches in their public cloud infrastructure. To help remediate this risk for our customers, Calder7 recently rolled out its recommended RelativityOne Security Configurations in Security Center.
The eight security best practices in this guide give RelativityOne system administrators more transparency and control into what “good” security means in their instance, enabling them to properly configure their instances, minimize their risk, and elevate their security posture. Complete adherence to these recommended settings, in every instance, is critical for achieving the Security competency.
#2: RelativityOne Lockbox Hardening and controls enabled across all instances and users.
According to Verizon’s annual data breach report, about 20 percent of data breaches involved internal actors—primarily due to misuse of access privileges. Ensuring proper access controls across instances is critical to a partner’s underlying risk and security posture.
To give RelativityOne system administrators more control over this potential threat, Calder7 has enabled Lockbox Hardening by default for all RelativityOne instances. This provides partners with greater control of their workspace data and access, so they can better monitor and prescribe who can access data, at what level, and where. Partners will need to have Lockbox enabled to achieve the new Security competency.
#3: Security Advocacy & Enablement
The final pillar of achieving the Security competency for Relativity partners focuses on advocating for better security within your company and in our industry at large. Your influence can have sizable downstream impacts on the Legal Data Intelligence community, helping us all be more secure. To achieve competence in this section, partners must:
- Provide a clear escalation path and designated all-geographies internal contact for a cybersecurity-related event or investigation . This helps accelerate action in the event of a relevant investigation and incident, speeding up everyone’s response and reaction times.
- Take part in at least one Security Advisory Board session with Calder7 (we’ll begin offering these later in 2025—partners who apply for the competency will be invited!). These forums will help inform and tailor our security roadmap to ensure we’re building and improving our security posture to best suit the current and future needs of our partners and their end users.
If you’re a Relativity partner looking to highlight your commitment to the security of your enterprise and your customers, please apply for the Security competency via the Relativity Partner Portal. Our Calder7 team will verify all submissions.
The submission form is available now, so it’s a great time to jump into the Portal, search for the form, and get started completing it. Thanks, as always, for your tireless work in keeping our community secure.
