e discovery 2-cloud_v5

e-Discovery 2.0: In the CloudWednesday, November 16, 2011

9:45 AM - 10:45 AM

Steven C. Markey, MSIS, PMP, CISSP, CIPP, CISM, CISA, STS-EV, CCSK

Founder/Principal, nControl, LLC;Adjunct Professor;

President, Cloud Security Alliance – Delaware Valley Chapter (CSA-DelVal)

• Presentation Overview– Technology

• Case Study 1: IN the Cloud • Case Study 2: FROM the Cloud • e-Discovery Cloud Benefits• e-Discovery Cloud Concerns• e-Discovery Cloud Solutions

– Process• Electronic Discovery Reference Model (EDRM)• Information Governance Reference Model (IGRM)

• Technology

• Case Study 1: IN the Cloud– Background– Drivers – Technologies– Limitations– Risks– Lessons Learned

• Case Study 1: IN the Cloud (Continued)– Background

• A Fortune 1000 Financial Services Firm– Investment Management (PA)– Life Insurance (CT)– Annuities (IN)

• Legacy Project: 2005/2006• In-House, Mature IT Team

– Drivers • Efficiency/GUI Availability• Compliance• Cost

• Case Study 1: IN the Cloud (Continued)– Technologies• Email: In-House Exchange/IXOS

– Recently Transitioned from GroupWise in CT

• Discovery: Zantaz (SaaS)

– Limitations• De-Centralized Back Office (IT, Compliance, HR)

– No Formal Records & Info Mgmt (RIM) Function/Role

• Lack of Enterprise Project Mgmt Office (PMO)• Lack of Discovery Specialists

• Case Study 1: IN the Cloud (Continued)– Risks

• Data Loss– Tape Conversion– Large Result-Set Delivery

» CD-ROMs via Snail Mail» Hourly Vendor Processing Fee

• Vendor Management: Contractual/SLA Omissions• Search/Result-Set False Positives/Negatives• BCP/DR: Datacom• Poor Usability• Scope Creep

• Case Study 1: IN the Cloud (Continued)– Lessons Learned

• Schedule/Effort Underestimated– Uploading Email on Tape to Zantaz

» Transitioned Legacy GroupWise Data to Exchange

• Not Enough On-Site Training– Compliance, HR Not Technical

• Discovery Support Resource Limitations– Budget Was Not There

• Testing Plans– Incident Response– BCP/DR

• Case Study 2: FROM the Cloud– Background– Drivers – Technologies– Limitations– Risks– Lessons Learned– Next Steps

• Case Study 2: FROM the Cloud (Continued)– Background

• Financial Services SMB– Capital Management (PA)

• Recent Project: 2010• IT: Managed Service Provider/Operations, Director

– Drivers• Cost • Compliance

– Technologies• Email: Exchange Server ‘07/Online/BPOS/Office 365• Discovery: Symantec Enterprise Vault (EV) v8.0/v9.0

• Case Study 2: FROM the Cloud (Continued)– Limitations

• Budget• Skill-Sets• Resources

– Risks• Software/System Interoperability • Vendor Management: Contractual/SLA Omissions• BCP/DR: Datacom• Legacy Email Availability• Scope Creep

• Case Study 2: FROM the Cloud (Continued)– Lessons Learned• Limited Cost Savings

– On-Site Exchange Box for Journaling– Upgrade to EV v9.0 to Support Exchange 2010

• Exchange Journaling From the Cloud, Complicated• Leverage Interim Solution for BlackBerry Services

– Shutdown BlackBerry Enterprise Server (BES)– Leverage AstraSync (Exchange ActiveSync)

• Case Study 2: FROM the Cloud (Continued)– Next Steps• Upgrade to EV v10.0

– Incorporate Social Media

• Test BCP/DR e-Discovery Functionality• BlackBerry Office 365/BES Express

– Looking at BES Balance (“Data Boxing”)

• Reviewing Cloud e-Discovery SaaS Solutions– Symantec Enterprise Vault.cloud– Microsoft EOA/EHA

• e-Discovery Cloud Benefits– Generic (Across SPI Stack)– SaaS Specific– PaaS Specific– IaaS Specific

• e-Discovery Cloud Benefits (Continued)– Generic (Across SPI Stack)

• Cost– More Quantifiable Return on Investment (ROI)….?– Total Cost of Ownership (TCO) Savings

» Operating Expense versus Capital Expense» Variable Expense versus Fixed Expense

• Core Competency Focus– Vendor Has Skill-Set

» Configuration Management» Tie-In 3rd Party Products

– Legal/Litigation Support– Cross-Platform Support

• e-Discovery Cloud Benefits (Continued)– Generic (Across SPI Stack)

• Core Competency Focus– Processing

» Retention» Disposition

– Compliance Best Practices– System Criticality

» Vendor/Provider Configuration Management» BCP/DR

• Supports Distributed Enterprises– Distributed Parties (Internal/External Counsel, Plaintiffs)– Satisfy Different Jurisdictional Requirements

» e.g. AWS Zones

• e-Discovery Cloud Benefits (Continued)– SaaS Specific

• “Turn-Key”

– PaaS/IaaS Specific• Flexibility

– Tie-In Best Practices» EDRM» IGRM» Generally Accepted Privacy Principles, GAPP» Generally Accepted Recordkeeping Principles, GARP

• Control– Configuration Management

• e-Discovery Cloud Concerns– Generic (Across SPI Stack)– SaaS Specific– PaaS/IaaS Specific

• e-Discovery Cloud Concerns (Continued)– Generic (Across SPI Stack)

• Cost– Data Transfer– Storage– Third Party Connectors/Extra License for Journaling

• Loss of Additional Functionality/Scalability/Features– PST Collectors– Additional Archival Artifacts/System Integration

» File Share(s)» Content Management System (CMS: SharePoint, Quickr)» Mobile/PC Social Media» Mobile/PC Instant Messaging (IM)» Mobile/VoIP PBX: Phone Calls, Voicemail (VM), SMS/Texts

• e-Discovery Cloud Concerns (Continued)– Generic (Across SPI Stack)• Vendor Management

– Viability/Long Term Market Prospects– Portability/Interoperability (“Lock-In”)– Vendor’s Vendors

• BCP/DR• IAM

– Federated Identities for Services/Users?» SAML» OAuth» OpenID» WS-Trust

• e-Discovery Cloud Concerns (Continued)– Generic (Across SPI Stack)

• Privacy/Compliance Jurisdiction• Usability (GUI)• RIM

– Conversion Effort/Project/Task» Platforms: GroupWise/Lotus/Squirrel Mail/Exchange» Hard-Copy Files: Optical Character Recognition (OCR)

• Compatibility– May Force Upgrade

• Incident Response– Vendor’s CompSec Incident Response Team (CSIRT)

» Criminal Investigations

• e-Discovery Cloud Concerns (Continued)

• e-Discovery Cloud Concerns (Continued)– SaaS Specific

• AppSec• RIM

– Classification– Retention

– PaaS/IaaS Specific• Skill-Set• Control

– Multi-Tenancy

• Cost Effectiveness– Volume/Block-Level Storage

• e-Discovery Cloud Concerns (Continued)– PaaS/IaaS Specific• Justification

– Deal With Software Vendor & Cloud Service Provider

• Third-Party Products– Long-Term Strategy/Viability

• e-Discovery Cloud Solutions– SaaS– PaaS– IaaS

• e-Discovery Cloud Solutions– SaaS

• Social Media-Centric– Arkovi– Archive-It– LiveOffice SocialArchive

• Comprehensive– Zantaz– Proofpoint Enterprise Archive– Microsoft EOA– Symantec Enterprise Vault.cloud– EMC SourceOne – VARs/Resellers– Google Message Discovery (GMD)

• e-Discovery Cloud Solutions– SaaS (Continued)• Comprehensive

– Sonian– Smarsh

• e-Discovery Cloud Solutions– PaaS

• Various Platform Vendors – Build e-Discovery Modules Leveraging Existing Platform

» Not Much of a Market/Business Model » Re-Create the Wheel

– IaaS• Various Cloud Vendors

– Build e-Discovery Solution on IaaS Instance » Leverage Existing Licensing» Analogous to Hosting

• Processes– EDRM– IGRM

• Questions?• Contact– Email: smarkey@ncontrol-llc.com– Twitter: markes1– LI: http://www.linkedin.com/in/smarkey– CSA-DelVal: http://www.csadelval.org/