Trace Id is missing
May 09, 2022

DGS Law raises the security bar and levels the playing field with Microsoft Defender Experts

DGS Law proves that dispensing stellar legal services isn’t tied to having a large employee count, even though its medium-sized law firm is held to the same cybersecurity standards as goliath law firms. Happily, DGS Law found Microsoft Defender Experts for XDR, a managed detection and response service incorporating Microsoft’s security expertise and tools to help a four-person security team punch above its weight. DGS Law can now operate as effectively as its large competitors while focusing its resources on what matters most—its clients.

DGS Law

“The Microsoft Defender Experts service could work for many kinds of organizations needing a turnkey solution they can get up and running in days without a full security team.”

Chad Ergun, Chief Information Officer, DGS Law

The law firm of Davis Graham & Stubbs LLP—known simply as DGS Law—offers its clients the same highly skilled expertise they could get from a much larger legal practice. Headquartered in Denver, Colorado, with about 200 attorneys, the well-established firm serves clients all over the United States in a wide range of disciplines and verticals. DGS Law understands the stringent security and compliance demands that affect its clients. Can a smaller law firm compete with larger entities that can afford a full data security team headed by a CISO? With Microsoft Defender Experts for XDR (XDR Experts), a managed service that gives companies of all sizes a leg up on security, DGS Law answers with a resounding “Yes.”

Adapting to the growing security resource gap

A number of shifts have driven an ever-widening wedge between large enterprises and smaller companies over recent years. For one thing, compliance requirements and other IT security costs continue to expand. That isn’t surprising, as people increasingly live in the digital world and privacy issue awareness grows. More critically, a constantly evolving threat landscape has increased the pressure on companies of all sizes to pay close attention to cybersecurity. That demand ripples out to every supporting organization—especially law firms.

Clients trust their most valuable data to the law firms that represent them. A wide range of standards govern clients, depending on the industry, necessitating that law firms maintain compliance certifications in several fields. “Law firms are the canary in the coalmine when it comes to the growing importance of security and compliance,” says Chad Ergun, Chief Information Officer at DGS Law. “We receive audit requests to fill out extensive compliance and security questionnaires on a monthly, sometimes weekly, basis from our clients.”

A medium-sized firm like DGS Law finds itself caught between a rapidly escalating client demand for security and the unsustainable costs of maintaining a significant security team. “Security and compliance are becoming an existential crisis for law firms our size,” adds Ergun. “When a client considers us for an engagement, they put us on the same scale as competing firms who may have 2,000 attorneys compared to our 200. We’re competing against the goliaths of the world with only a very small budget. Without the required certifications, we can’t survive.”

To avoid expanding its small security response team of four, the firm needed a cost-effective solution. ”We tried technology-based solutions—various machine learning or AI-driven solutions that applied something of a blunt instrument to the complex task of separating credible threats from the sea of harmless ones,” says Ergun. “We just couldn’t sustain the middle-of-the-night alerts for false positives.”

Fortunately, with the firm’s extensive Microsoft environment and the new XDR Experts managed service, Ergun had access to a supportive partnership—and peace of mind. The firm’s impact analysis showed that the costs of running security entirely from within the firm would exceed the costs of the Microsoft solution by three times. “The reassurance that someone else is watching our most valuable assets definitely increases our comfort level,” says Ergun. “I can’t put a dollar figure on that.”

Creating a cost-effective landscape with Microsoft solutions

In 2017, DGS Law used about 36 third-party solutions. Ergun is pleased to have reduced that number to about 10 today. Why was this so important? More vendors create solution silos, increase vendor exposure, and extend downtime through updates. “Law firms don’t sell widgets,” reflects Ergun. “We sell our knowledge, so time is money. We absolutely require minimal downtime to keep our attorneys productive.”

Reducing the number of vendors was key to reducing the user exposure that keeps many CIOs up at night. “End user exposure is vendor exposure,” declares Ergun. Vendor reduction helps with exposure on the system back end because every time a major vendor releases an update, the others connecting to that application must release their own updates in response. That causes a chain reaction between vendors, which means the firm has to wait to install major patches while everyone catches up. “We’re much nimbler and more responsive now,” says Ergun. “When Microsoft announces an upcoming update, we are ready to push that update within 48 hours.”

The firm took the opportunity provided by an expiring datacenter contract in 2017 to migrate to the cloud. It implemented Microsoft 365 E5, immediately rolling out Exchange Online. It replaced its telephony system with Microsoft Teams and migrated data to Azure, upgrading security with Microsoft 365 Defender and the full range of Microsoft Security solutions. That proactiveness paid off when COVID-19 shutdowns caused worldwide office closures. “When our executive team asked how long it would take to get everyone working from home, I was able to tell them ’24 hours’,” recalls Ergun. “We achieved that lightning transition because we’d already committed to a flexible Microsoft 365 E5 workspace. It’s been an incredible return on our investment.”

Small wonder then that Ergun turned to Microsoft to help protect the most valuable assets a law firm can have—client trust, and time. But Ergun is clear that information security is the cornerstone of the legal profession and his top priority. “Protecting client data is the most important ethical obligation for attorneys,” he says. “It’s much more than a simple financial decision.”

In late 2021, DGS Law began collaborating with Microsoft to help identify targeted attacks.

Accelerating agility, deepening knowledge

In addition to fewer vendors, the increased information visibility the DGS Law security team gains through Microsoft Defender Experts for XDR not only improves its effectiveness in handling a certain threat—it builds expertise and trains the team to adjust its approach for long-term benefits. For example, the team now uses one container for client information and high-value data, isolating and prioritizing alerts and security incidents for that data. The team holds weekly reviews with its Microsoft counterpart to address and follow up on those and other threats. Because Microsoft can identify any individual who has been targeted by a specific threat, Ergun’s team can preemptively research the usage context for that person—information like sites visited to understand why the person was targeted and how to prevent a security breach. The team also gains invaluable insights about current exposures in other industries and how to reduce risk. “Our interactions with our Microsoft Defender Experts team helped us to reshape policies for a more proactive security stance,” says Ergun. “After three months of fine-tuning, we’re seeing threat levels come down.” He appreciates the collaboration with the Microsoft team and the insights it can share based on experience with a broad range of customers. “Our Microsoft team can alert us to new issues common to other customers or industries, and that goes a long way to increasing proactive defense,” explains Ergun.

The DGS Law security team shares its appreciation for the service. “Our engineers and security team are very pleased with the results and learning they get from Microsoft Defender Experts for XDR,” says Ergun. “Our clients are happy that we have a well-known brand name as our security vendor in place, and our management team is happy with Microsoft Defender Experts for XDR high return on investment and our increased security posture.” He believes that other firms could benefit as well. “The Microsoft Defender Experts service could work for many kinds of organizations needing a turnkey solution they can get up and running in days without a full security team,” concludes Ergun. “I always think of Microsoft as an SMB hero that saves the day with an effective, easily justified solution.”

Find out more about DGS Law on Twitter and LinkedIn.

“I always think of Microsoft as an SMB hero that saves the day with an effective, easily justified solution.”

Chad Ergun, Chief Information Officer, DGS Law

Take the next step

Fuel innovation with Microsoft

Talk to an expert about custom solutions

Let us help you create customized solutions and achieve your unique business goals.

Drive results with proven solutions

Achieve more with the products and solutions that helped our customers reach their goals.

Follow Microsoft