e discovery 2-cloud_v5
TRANSCRIPT
e-Discovery 2.0: In the CloudWednesday, November 16, 2011
9:45 AM - 10:45 AM
Steven C. Markey, MSIS, PMP, CISSP, CIPP, CISM, CISA, STS-EV, CCSK
Founder/Principal, nControl, LLC;Adjunct Professor;
President, Cloud Security Alliance – Delaware Valley Chapter (CSA-DelVal)
• Presentation Overview– Technology
• Case Study 1: IN the Cloud • Case Study 2: FROM the Cloud • e-Discovery Cloud Benefits• e-Discovery Cloud Concerns• e-Discovery Cloud Solutions
– Process• Electronic Discovery Reference Model (EDRM)• Information Governance Reference Model (IGRM)
• Technology
• Case Study 1: IN the Cloud– Background– Drivers – Technologies– Limitations– Risks– Lessons Learned
• Case Study 1: IN the Cloud (Continued)– Background
• A Fortune 1000 Financial Services Firm– Investment Management (PA)– Life Insurance (CT)– Annuities (IN)
• Legacy Project: 2005/2006• In-House, Mature IT Team
– Drivers • Efficiency/GUI Availability• Compliance• Cost
• Case Study 1: IN the Cloud (Continued)– Technologies• Email: In-House Exchange/IXOS
– Recently Transitioned from GroupWise in CT
• Discovery: Zantaz (SaaS)
– Limitations• De-Centralized Back Office (IT, Compliance, HR)
– No Formal Records & Info Mgmt (RIM) Function/Role
• Lack of Enterprise Project Mgmt Office (PMO)• Lack of Discovery Specialists
• Case Study 1: IN the Cloud (Continued)– Risks
• Data Loss– Tape Conversion– Large Result-Set Delivery
» CD-ROMs via Snail Mail» Hourly Vendor Processing Fee
• Vendor Management: Contractual/SLA Omissions• Search/Result-Set False Positives/Negatives• BCP/DR: Datacom• Poor Usability• Scope Creep
• Case Study 1: IN the Cloud (Continued)– Lessons Learned
• Schedule/Effort Underestimated– Uploading Email on Tape to Zantaz
» Transitioned Legacy GroupWise Data to Exchange
• Not Enough On-Site Training– Compliance, HR Not Technical
• Discovery Support Resource Limitations– Budget Was Not There
• Testing Plans– Incident Response– BCP/DR
• Case Study 2: FROM the Cloud– Background– Drivers – Technologies– Limitations– Risks– Lessons Learned– Next Steps
• Case Study 2: FROM the Cloud (Continued)– Background
• Financial Services SMB– Capital Management (PA)
• Recent Project: 2010• IT: Managed Service Provider/Operations, Director
– Drivers• Cost • Compliance
– Technologies• Email: Exchange Server ‘07/Online/BPOS/Office 365• Discovery: Symantec Enterprise Vault (EV) v8.0/v9.0
• Case Study 2: FROM the Cloud (Continued)– Limitations
• Budget• Skill-Sets• Resources
– Risks• Software/System Interoperability • Vendor Management: Contractual/SLA Omissions• BCP/DR: Datacom• Legacy Email Availability• Scope Creep
• Case Study 2: FROM the Cloud (Continued)– Lessons Learned• Limited Cost Savings
– On-Site Exchange Box for Journaling– Upgrade to EV v9.0 to Support Exchange 2010
• Exchange Journaling From the Cloud, Complicated• Leverage Interim Solution for BlackBerry Services
– Shutdown BlackBerry Enterprise Server (BES)– Leverage AstraSync (Exchange ActiveSync)
• Case Study 2: FROM the Cloud (Continued)– Next Steps• Upgrade to EV v10.0
– Incorporate Social Media
• Test BCP/DR e-Discovery Functionality• BlackBerry Office 365/BES Express
– Looking at BES Balance (“Data Boxing”)
• Reviewing Cloud e-Discovery SaaS Solutions– Symantec Enterprise Vault.cloud– Microsoft EOA/EHA
• e-Discovery Cloud Benefits– Generic (Across SPI Stack)– SaaS Specific– PaaS Specific– IaaS Specific
• e-Discovery Cloud Benefits (Continued)– Generic (Across SPI Stack)
• Cost– More Quantifiable Return on Investment (ROI)….?– Total Cost of Ownership (TCO) Savings
» Operating Expense versus Capital Expense» Variable Expense versus Fixed Expense
• Core Competency Focus– Vendor Has Skill-Set
» Configuration Management» Tie-In 3rd Party Products
– Legal/Litigation Support– Cross-Platform Support
• e-Discovery Cloud Benefits (Continued)– Generic (Across SPI Stack)
• Core Competency Focus– Processing
» Retention» Disposition
– Compliance Best Practices– System Criticality
» Vendor/Provider Configuration Management» BCP/DR
• Supports Distributed Enterprises– Distributed Parties (Internal/External Counsel, Plaintiffs)– Satisfy Different Jurisdictional Requirements
» e.g. AWS Zones
• e-Discovery Cloud Benefits (Continued)– SaaS Specific
• “Turn-Key”
– PaaS/IaaS Specific• Flexibility
– Tie-In Best Practices» EDRM» IGRM» Generally Accepted Privacy Principles, GAPP» Generally Accepted Recordkeeping Principles, GARP
• Control– Configuration Management
• e-Discovery Cloud Concerns– Generic (Across SPI Stack)– SaaS Specific– PaaS/IaaS Specific
• e-Discovery Cloud Concerns (Continued)– Generic (Across SPI Stack)
• Cost– Data Transfer– Storage– Third Party Connectors/Extra License for Journaling
• Loss of Additional Functionality/Scalability/Features– PST Collectors– Additional Archival Artifacts/System Integration
» File Share(s)» Content Management System (CMS: SharePoint, Quickr)» Mobile/PC Social Media» Mobile/PC Instant Messaging (IM)» Mobile/VoIP PBX: Phone Calls, Voicemail (VM), SMS/Texts
• e-Discovery Cloud Concerns (Continued)– Generic (Across SPI Stack)• Vendor Management
– Viability/Long Term Market Prospects– Portability/Interoperability (“Lock-In”)– Vendor’s Vendors
• BCP/DR• IAM
– Federated Identities for Services/Users?» SAML» OAuth» OpenID» WS-Trust
• e-Discovery Cloud Concerns (Continued)– Generic (Across SPI Stack)
• Privacy/Compliance Jurisdiction• Usability (GUI)• RIM
– Conversion Effort/Project/Task» Platforms: GroupWise/Lotus/Squirrel Mail/Exchange» Hard-Copy Files: Optical Character Recognition (OCR)
• Compatibility– May Force Upgrade
• Incident Response– Vendor’s CompSec Incident Response Team (CSIRT)
» Criminal Investigations
• e-Discovery Cloud Concerns (Continued)
• e-Discovery Cloud Concerns (Continued)– SaaS Specific
• AppSec• RIM
– Classification– Retention
– PaaS/IaaS Specific• Skill-Set• Control
– Multi-Tenancy
• Cost Effectiveness– Volume/Block-Level Storage
• e-Discovery Cloud Concerns (Continued)– PaaS/IaaS Specific• Justification
– Deal With Software Vendor & Cloud Service Provider
• Third-Party Products– Long-Term Strategy/Viability
• e-Discovery Cloud Solutions– SaaS– PaaS– IaaS
• e-Discovery Cloud Solutions– SaaS
• Social Media-Centric– Arkovi– Archive-It– LiveOffice SocialArchive
• Comprehensive– Zantaz– Proofpoint Enterprise Archive– Microsoft EOA– Symantec Enterprise Vault.cloud– EMC SourceOne – VARs/Resellers– Google Message Discovery (GMD)
• e-Discovery Cloud Solutions– SaaS (Continued)• Comprehensive
– Sonian– Smarsh
• e-Discovery Cloud Solutions– PaaS
• Various Platform Vendors – Build e-Discovery Modules Leveraging Existing Platform
» Not Much of a Market/Business Model » Re-Create the Wheel
– IaaS• Various Cloud Vendors
– Build e-Discovery Solution on IaaS Instance » Leverage Existing Licensing» Analogous to Hosting
• Processes– EDRM– IGRM
• Questions?• Contact– Email: [email protected]– Twitter: markes1– LI: http://www.linkedin.com/in/smarkey– CSA-DelVal: http://www.csadelval.org/