how to use office 365 and x1 discovery to achieve your
TRANSCRIPT
AGENDA • Office 365 eDiscovery and Compliance features and functions
• X1 Distributed Discovery features and demo
• Q&A/Open Discussion with Audience
2 WWW.D4DISCOVERY.COM
PANELISTS
3 WWW.D4DISCOVERY.COM
John Patzakis Executive Chairman of the Board
Rafe Stanley [Moderator] Discovery Engineer
Rachi Messing Senior Program Manager
Digital trends are changing the way people work
Employees work on nearly 2x the number of teams than they did five years ago* 41% employees say mobile business apps are changing the way they work* Information overload wastes 25% of employee time, costing U.S. business $997B each year* 160M customer records leaked* 229 days to detect security infiltration*
* Multiple industry sources.
Office 365 Service offerings by category
Authoring
Word
Excel
PowerPoint
OneNote
Mail & Social
Outlook
Yammer
Sites & Content
OneDrive
SharePoint
Delve
Chat, Meetings & Voice
Microsoft Teams
Skype for Business
Analytics
Power BI
MyAnalytics
Office 365 Groups Graph Security & Compliance
73% orgs indicated security as a top challenge holding back SaaS adoption
89% of orgs required to govern content for compliance or business continuity purposes
63% of orgs state transparency challenges restrict them from growing their cloud usage
Top 3 Cloud Concerns
Best-in-class security with over a decade of experience building Enterprise software and online services
Privacy by design with a commitment to use customers’ information only to deliver services
Office 365 Built-in capabilities and customer controls
Commitment to meeting industry standards and delivering a rich set of applications which enable organizational compliance
Transparency in our operations so you can monitor the state of your service, track issues, and have historical view of availability
Office 365 Compliance Solutions
What solutions does Microsoft provide to bring data overload under control and support my ability to achieve organizational compliance?
Who is in control of the data in O365?
Office 365 In-Place Compliance Solutions
Preserve vital data
Organization needs
Find relevant data Monitor activity
Data Governance Import, store, preserve and expire data
eDiscovery Quickly identify the most relevant data
Auditing Monitor and investigate actions taken on data
Security & Compliance Center Manage compliance for all your data across Office 365
Security and Compliance Center
Bringing together different compliance tools with roles based permission controls
Scenario oriented workflows with cross-cutting policies spanning features
Powerful content discovery across Office 365 workloads
Proactive suggestions leveraging Microsoft Security Intelligence Graph
Office 365 In-Place Compliance Solutions
Preserve vital data
Organization needs
Find relevant data Monitor activity
Data Governance Import, store, preserve and expire data
eDiscovery Quickly identify the most relevant data
Auditing Monitor and investigate actions taken on data
Security & Compliance Center Manage compliance for all your data across Office 365
9
Traditional Data Governance
Challenges
Point in time data Captures data at a point in time which miss any edits in place or from transport agents in flight
Increased risks Content may be compromised moving from one environment to another
Increased time Waiting for indexing increases time required to find relevant data
Increased costs Having a separate copy of the data being stored significantly increases costs
No service wide insights Unable to leverage service wide machine learning to draw correlations between the data
Exchange Data Outsourced Data Journaling
Third party outsourced journaling
Many organizations transfer data to a third party hosted archiving service which has challenges
10
In-Place Office 365 Data Governance
Office 365 In-Place Data Governance
Benefits of In-Place Office over Journaling
Location, query or policy based Apply preservation to mailbox or SharePoint site, apply a query to hold less content, or use preservation policies
Higher fidelity and lower costs Content stays in Exchange and SharePoint, which results in lower storage costs, and higher fidelity data
No impact to users Seamlessly create, edit, and delete without knowing data is being preserved
Reduce risk Data is not duplicated to another provider or compliance boundary. Record all actions taken on the data
Insights Insights to enable you to keep what’s important, delete what’s not, and to share according to policy
Data stays in-place and does not need to be continually transferred out of Office 365 providing benefits
11
Ingestion of data outside Office 365 In-Place data creation, retention and archiving In-Place eDiscovery
Auditing
Export
Office 365 Compliance Data Lifecycle
Retention policies Unified Retention and Disposition Policy for workloads in Office 365
Records management End user classification in Outlook, SharePoint, OneDrive and Groups. Manual review and disposition, reporting and permissions
SEC 17A-4 compliant SEC 17A-4 whitepaper covering SharePoint, OneDrive, Groups, Skype, Preservation Lock, immutability, Supervisory Review
Import Drive Shipping, Network Upload and 3rd Party Data Ingestion (Facebook, Twitter, Bloomberg) through partners to provide cross platform compliance and governance
Security and Compliance Center Office 365 experience to bring together all compliance and security experiences
Data Governance: Core Capabilities
Office 365 In-Place Compliance Solutions
Preserve vital data
Organization needs
Find relevant data Monitor activity
Data Governance Import, store, preserve and expire data
eDiscovery Quickly identify the most relevant data
Auditing Monitor and investigate actions taken on data
Security & Compliance Center Manage compliance for all your data across Office 365
eDiscovery in O365
Self-service case management tools Investigators can create & manage cases, put data on hold, perform searches and export
Wide range of scenarios Regulatory compliance, employment law, HR, financial, internal business requirements
Enable collaboration Between investigators & attorneys overseeing the case
Identify subjects, witnesses, custodians Search for relevant subjects or witnesses or custodians
Identify relevant data Search for data relevant to the investigation across Office 365 and imported data
Secure access Provide access based on role, delegated access and enable security filters to scope access
Search and Export Capabilities
Real-time in-place searching No waiting for indexing, always live and up-to-date across Office 365
Quickly find relevant data Proximity search, rich query syntax
Make decisions Query and source statistics help you to analyze results
Export with analysis Export into review tool
Light weight tagging Single-investigator cases Simple investigations
Full review tools Ready to load data package Larger investigations
Technology Partners Epiq Rational Enterprises Everlaw Recommind Kcura Servient iConect Zapproved iPro Zylab Mindseye
Download to PST or Native Folder Manual data review Move data between locations
Native export
Advanced eDiscovery Intelligently explore and analyze unstructured data to quickly identify what’s relevant
Predictive coding enables you to train the system to automatically distinguish between likely relevant and non-relevant documents
Identify relevant documents
Use clustering technology to look at documents in context and identify relationships between them
Identify data relationships
Use near duplicate detection to organize the data and reconstruct email threads from unstructured data to reduce what’s sent to review
Organize and reduce data prior to review
Office 365 In-Place Compliance Solutions
Preserve vital data
Organization needs
Find relevant data Monitor activity
Data Governance Import, store, preserve and expire data
eDiscovery Quickly identify the most relevant data
Auditing Monitor and investigate actions taken on data
Security & Compliance Center Manage compliance for all your data across Office 365
Azure Active
Directory
Security & Compliance
Center
SharePoint Online
Power BI
Opt-in for all O365
tenants
1 billion events
collected daily
Office 365 Auditing
Exchange Online Admin activity, end-user (mailbox) activity Security and Compliance Center Admin activity Azure Active Directory Office 365 logins, directory activity Power BI Admin activity SharePoint Online and OneDrive for Business File activity, sharing activity
What Data Is Audited?
Visibility Rolling 90-day public roadmap of what’s coming
Control First release program and deferred service branch
Cadence Regular releases of new innovations
Cloud updates on a regular basis
Innovation & Release Management
Numerous Challenges • Custodian self-collection not defensible:
• Nat’l Day Laborer Org. Network v. US Immigration & Customs
Enforcement Agency, (S.D.N.Y. Jul. 13, 2012)
• GN Netcom, Inc. v. Plantronics, Inc., No. 12-1318-LPS, 2016 U.S.
Dist. (D. Del. July 12, 2016).
• Lack of Uniformity and Transparency
• Disruption
• But full-disk imaging is disruptive, expensive and not
required by the courts
Central Index Approach • Substantial scalability challenges
• Requires huge network bandwidth and computational resources • Team of FTEs to deal with index corruption, database crashes, etc. • Any real enterprise-wide success stories?
Crawling Solutions Are Slow & Cumbersome • Must collect all data and transmit over the network to be
searched by the solution. Requires several hours per end-point
• Must start search over if even a tiny change to keyword or metadata search criteria
Enterprise architecture considerations • Most eDiscovery software must collect and migrate all
custodian data BEFORE searching and culling begins• Counter-productive to the very purpose of a cloud-based O365
investment.
• Standard network infrastructures do not support timelymigrations of terabytes of data.
• Next generation eDiscovery solutions must search andprocess cloud data in place and consolidate non-cloudsources with cloud sources
S O L U T I O N
• Revolutionizes how organizations search, identify and collect
documents at the desktop level across up to thousands of endpoints and network sources with industry-leading speed
• Empowers legal and IT teams to generate and actually adjust key terms in real-time, before collection
• Maps to O365 workflow and many information governance use cases
Distributed Discovery
Q&A/OPEN DISCUSSION Please send your questions through the chat window. We will answer as many as we can. The rest will be answered in an email to you next week.
6 WWW.D4DISCOVERY.COM
THANK YOU!
WWW.D4DISCOVERY.COM 7
All attendees will receive the presentation recording and slides tomorrow, Friday, August 4.
If you have any questions or need assistance from a forensics expert, please contact: [email protected].