All posts tagged eDiscovery

By on November 9, 2010

Make Legal & IT play nicely together!

One of my colleagues summed this up perfectly; he said you want to remove the V from “Legal Vs IT.”

There you have it, problem solved. Legal Vs and IT. But it’s not as easy as that is it?

I regularly receive fan mail from CIOs and IT Managers who are going head to head with their Legal departments, and sometimes Lawyers who are trying to get their point across to the IT department.

Those are the days I feel like a tech version of Dr Phil.

Lets take a step back and look at where the Legal and  IT departments interact. On a basic level they both provide services to each other; one becomes the customer of the other, and vice versa. (Apologies for the latin, I feel obliged to use a little for the lawyers who are reading. They, along with Doctors and people who finish The Times crossword keep that language alive.) But as you dig deeper into the line of business applications users require there is one that sticks out as being the sole domain of the Legal user. Litigation support and ediscovery applications.

The analyst firm Gartner tell us that ediscovery is one of the major drivers behind email archiving, it could well be ‘the’ driver for email archiving. For the IT department provisioning a usable and scalable ediscovery solution generally means large amounts of budget and certainly a truck load of disk space and processing power. For the Legal user it means having access to an effective discovery solution that allows them to perform from the Early Case Assessment (or Identification) phase right through to the Presentation phase.

Generally that’s where the problem lies.. Legal users demand access to data whilst the CIO tries to balance the cost effectiveness of storing data against the risk of deleting it. Yes disk is cheap but when you add up all of the paraphernalia required the shopping list becomes quite a challenge, and for the many companies not used to experiencing the  special joy and happiness that an ediscovery request brings, justifying the budget can be hard.

If I were Dr Phil I might say something like;

Learning to support each other isn’t something you can change overnight, this will be a long slow road, sometimes painful and sometime joyous. But learning to see the problem from the others perspective will make it much easier to solve.

Legal and IT departments are like step-children, they have only recently needed to get on and become friends. Historically they both work in their own little universes but today they each rely on the other to perform. So for one day or one week get them to swap toys, put the Legal users in ITs shoes and IT in the Legal team. Get them to really examine where the other is coming from and see how cooperative they become.

If they don’t drop me an email and I’ll see if I can line up Dr Phil.

Add your comment (0)

CISSP, CCSK
Mimecast, North America.

Article Tags

, , ,

By on August 5, 2010

Could there ever be a Forensic Search of the Cloud?

Picture of a Hard Disk head at rest on a platter

I was at a Friends of eDiscovery gathering in the Midwest last week.  This is a group aimed at providing local forums to discuss the eDiscovery conundrum, and to determine local standards of care in the eDiscovery workflow.

At one point, the discussion turned to forensic collection, and whether it is required in all cases.  Of course, no one thought that it is always necessary, but in the ensuing discussion, someone wondered whether we would begin to see forensic collections from Cloud service providers.  As a (and perhaps the only) Cloud service provider in the room, I made the point that we had not seen 3rd party requests for forensic collection and did not see a future where we would permit forensic collection from our servers.  (I should also note that by ‘forensic collection,’ I mean a bit-by-bit copying of a drive, not merely a defensible collection.)

Without even touching on the Stored Communications Act (18 U.S.C. §§ 2701 to 2712) and its applicability to Cloud computing providers, the very nature of the Cloud computing business model argues against there even being ESI that would need a forensic collection to access it.  To a large degree, this is due to the distributed, multi-tenant nature of the model.

In essence, Cloud computing providers build an infrastructure (as actual machines or as an application) and rents out parts of it to people/organizations as they need it and customers’ data is distributed across that infrastructure.  As any information is deleted, the storage space or computing power is automatically and immediately reclaimed so it can be placed in use by someone else.  So there would be nothing for a forensic collection to gather that a routine collection would not gather.

If, by chance, some information remained on abandoned Cloud territory, the distributed nature of storage in the Cloud would render that information horribly expensive to gather.  To be able to reconstitute data into a meaningful format, the collection would have to be done on ALL of the provider’s servers (within a given geography, if the data for the client in question were so limited).  This would take the already-high cost of hard drive restoration and multiply it many times over.

All this is not to say that there will NEVER be a situation where a forensic collection from a Cloud provider could be appropriate, but that’s only because never is such a long time.  But because the of the low likelihood of finding unique information in a forensic collection and the high cost of such a collection, never seems pretty close to the mark.

Add your comment (0)

Cloud Strategist
Mimecast

Article Tags

,

By on July 28, 2010

Now, where’s that email?

An old topic, but one that is going to take many years to go away.

Just this morning I found myself helping a sysadmin who was in a flat spin trying to find old emails.
The messages he needed were all dated 2002-2003 and the only place he could even begin his search was in his predecessors tape archive.

After a trip to the basement to find an old tape drive that would support the tapes where the data was, a lengthy device cleaning session to make sure the drive didn’t just destroy the tape and a lot of holding thumbs he was set to go.

Opening up the tape store he immediately found that the “email backup 2002” tape he was looking at had full backup of the companies old Exchange 2000 server mail store.

“AARRRGGHHHH….”

This is when he started asking around for help and where I came into the picture.

I quickly explained that there really is no easy way to do this considering that he had already progressed long past Exchange 2000 and that we would have to restore the backup of the old mail store into a version of Exchange that supported it, i.e. Exchange 2000.

“OK, I’ll do that, build a Windows 2000 server and then install Exchange 2000 on it.
I’ll then restore from tape to it.
On another note, do you know where I could get a copy of Exchange 2000?
Is it still available on a Microsoft site?”

ROADBLOCK! Continue Reading →

Add your comment (0)

Enterprise Consultant
Mimecast

Article Tags

, ,

By on July 19, 2010

4 Steps to Defensibility: Using an Email Archive

eDiscovery and general litigation readiness were the third major drivers to the Email Archiving industry.  The first two were Exchange/mailbox management and regulatory compliance for SEC/NASD compliance.

The archive held much promise because it proffered a way to minimize the pain that organizations were feeling around the preservation, collection and production of email.  If deployed and configured correctly, it would provide several benefits, most notable the ability to search ONE location for email. Continue Reading →

Add your comment (0)

Cloud Strategist
Mimecast

Article Tags

, , , , ,