Market Pulse

The State of Digital Investigations: Preparing for Tomorrow

As companies become increasingly digital, they are recognizing the importance of sound digital investigations. Human Resources (HR), IT, legal, and department heads are spending more and more time investigating digital activity for the purposes of regulatory compliance, corporate policy compliance, e-discovery, and more. Meanwhile, CIOs and their teams are responsible for collecting, managing, and protecting data as part of these investigations. Unfortunately, several challenges stand in the way that not only make it difficult for CIOs to do their job, but also for investigative teams to work efficiently and effectively.

With the majority of CIOs expecting digital investigations to become increasingly important over the next two years, it’s critical that organizations tackle these challenges sooner rather than later. Based on a survey conducted by IDG Research, this white paper analyzes the current challenges digital investigative teams face and how a single platform solution can improve an organization’s investigative capabilities while also ensuring effective data management.

Digital Investigations Today

It comes as no surprise that enterprises are dedicat-ing significant effort to digital investigations. As more systems and data go digital, enterprises have more

to investigate—and more reasons for doing so. Respondents to IDG Research’s MarketPulse survey, Digital Investigation Challenges, report that their organizations conduct digital investigations on at least a weekly basis for multiple reasons: regulatory compliance (52%), digital security (52%), responding to incidents (43%), managing internal investigations (32%), and managing e-discovery (27%). The larger the organization, the greater the frequency of digital investigations for each of these purposes.

Enterprises are looking to solve a variety of issues when conducting digital investigations. More than half (52%) are performing post-breach forensic digital analysis, while 50% are finding and stopping high-risk employee behavior, such as acceptable use policy violations and corporate intellectual property theft. Forty-five percent (45%) are monitoring and validating compliance with changing regulatory requirements, and 42% are reducing incident response time.

Attitudes about digital investigations are assuring. Most survey respondents (70%) indicate that their CIO or top IT executive places a high priority on conducting effective and efficient digital investigations. Efficiency and effectiveness are important for a variety of reasons. Most notably, they help reduce risk.

1

Source: IDG Research, July 2016

Increased executive awareness of cybersecurity issues

Increasingly mobile workforce/BYOD programs

Data sprawl (data located in multiple, disconnected locations)

Internet of Things (IoT) projects and initiatives

Strict industry and government regulations

New enterprise security approaches (e.g., biometrics)

Increased frequency of insider breaches/crimes

New ethics and compliance investigative procedures

Introduction of new technology such as artificial intelligence

Movement of data warehouses to the cloud

Evolving NIST cybersecurity framework/guidance

More frequent litigation requests

Changes to the Federal Rules of Civil Procedure (FRCP) requiring

Other

None

38%

37%

34%

33%

32%

32%

31%

29%

28%

25%

25%

23%

17%

1%

1%

Most Likely to Impact Digital Investigation Requirements and Practices (Next 2 Years)

Source: IDG Survey, 2016

Market Pulse

2

Time is often of the essence during a digital investigation. If, for example, a manager is using derogatory language or an employee is downloading data, those activities need to be stopped as soon as possible. The longer it takes to investigate an incident, the greater the risk that the company will be sued for harassment or the employee will take intellectual property to his or her next employer.

For a digital investigation to be effective, the integrity of the data collected must be preserved and investigators must be assured that it hasn’t been tampered with, deleted, altered, or destroyed. The data must be permissible in a court of law, or investigators must have the confidence to stand behind it when providing it to an auditor.

Efficiency and effectiveness also help reduce costs, both in terms of the investigation itself as well as those related to the incident. For example, companies must be able to conduct post-breach forensic investigations to determine how an attacker compromised the environment. This information is vital so that the IT organization can properly strengthen network defenses to avoid another similar breach. Without these incident response capabilities, companies will suffer further breaches, which can result in increased costs (regulatory fines and the need to purchase identity theft insurance for customers and employees) and reputational harm.

The Future of Digital Investigations

The requirements for digital investigations are only going to become more stringent. Case in point: 84% expect digital investigations to further increase in importance over the next two years. This heightened importance is driven by several factors. The primary factor, identified by 38% of survey respondents, is an increased executive awareness of cybersecurity issues due to high profile attacks. Executives recognize the need for information governance because of these attacks and the increasing number of privacy regulations. They want to proactively assure their company does not fall victim to an attack, resulting in both monetary and reputational harm.

Mobile programs and cloud computing are also impacting attitudes about digital investigations. Thirty-seven percent of survey respondents report that an increasingly mobile workforce and bring your own device (BYOD) programs are heightening the importance of digital investigations. Having given users mobile access to corporate data, IT organizations are now concerned with the

acceptable use of that data as well as the devices themselves, device security and the organization’s ability to retrieve data from the mobile devices. Organizations need a tool that’s capable of analyzing multi-device, multi-subscription scenarios to unearth specific details and present them in a more comprehensive context. They must also be able to separate relevant data from the inconsequential, and then easily understand and explain the differences.

Data sprawl, cited by 34% of respondents, is also impacting the importance of digital investigations. Data is no longer confined behind a corporate firewall, but flows freely between the private and public networks. Data sprawl is continually growing as users download applications on their mobile devices, text message fellow employees and prospects from multiple devices, and adopt cloud-based applications. As data moves to these myriad of disconnected locations, IT executives are becoming concerned about the level of control they will maintain over their data.

Road Blocks to Effective Digital Investigations

Unfortunately, investigative teams face a number of challenges today that will only become exacerbated in the future as digital investigations take on increasing importance. Most notably, the cost of staff time spent on investigations is an issue for 57% of organizations. For the people involved in digital investigations, this is just one of many job responsibilities. While necessary, digital investigations do not bring business value to the organization in terms of revenue growth or innovation. Reducing the cost of staff time spent on digital investigations consequently increases the amount of time staff can spend on revenue driving activities. It also frees them up for additional investigations that, if ignored due to lack of resources, could have a devastating impact on the business.

Problems related to visibility and access to data comprise the next three challenges organizations face regarding digital investigations. More than 50% of respondents report that their teams struggle with a poor ability to search across multiple, siloed data repositories. Forty-seven percent (47%) report that the use of piecemeal solutions pose a challenge because they don’t integrate well, and 44% say that the loss of visibility into where data is located serves as a roadblock. All three of these challenges add time to an investigation and require additional work from IT to get the right data to the right person.

Market Pulse

3

An inability to collaborate also stands in the way of effective digital investigations, with 38% of respondents reporting that their HR, IT, and investigative teams are only “somewhat collaborative” during digital investigations, and 20% reporting that their teams are not very or not at all collaborative. This is cause for concern considering the number of stakeholders or departments that can be involved in an investigation. An even greater cause for concern is the fact that 80% of respondents acknowledge that collaboration is critical or very important to the success of digital investigations. While they recognize the importance of collaboration to a successful investigation, there is a clear gap between this awareness and the existing reality. It is no wonder that organizations are concerned about the cost of staff time.

What, then, is keeping internal teams from collaborat-ing more effectively during digital investigations? The biggest inhibitor (as identified by 49% of respondents) to effective collaboration is the use of separate tools and methods. The majority of organizations (76%) are using multiple solutions to collect, search, and manage data during digital investigations. What’s more, these tools can be from different vendors so the products are not integrated, which further increases the time and cost required to perform digital investigations.

Consequently, the use of separate tools and methods also poses a challenge in terms of risk management and data protection. Proving the integrity and security of data, and demonstrating a chain of custody is difficult, if not impossible, when data resides in multiple, siloed repositories and the CIO lacks

complete visibility into where data is located. In addition, moving the data from platform to platform can result in data leakage or loss.

Plan for Tomorrow Today

Fortunately, organizations are considering investments to help their digital investigative teams overcome these challenges, and become more efficient and effective in their efforts. Eighty percent (80%) of respondents report that they are at least somewhat likely over the next 12 months to evaluate new solutions to manage digital investigations; of those, 47% are extremely or very likely.

That begs the question: What are they investing in? Eighty-two percent (82%) of respondents say that a single-database solution — one that integrates forensic investigative tools, incident response, and e-discovery technologies and offers a single, secure backend database giving the ability to address any type of digital investigation — would be extremely or very valuable.

Survey respondents identify a number of benefits associated with a single database solution. The top perceived benefits are increased efficiency/time savings (49%) and cost savings (47%). Respondents also cite the ease of enterprise-wide search capabilities (43%), improved collaboration across internal departments/parties involved (36%), and simplified workflows (36%) as key benefits of a single-database solution.

Market Pulse

4

Conclusion With the volume of investigations expected to increase and the growing importance placed on data security in an ever-evolving digital world, CIOs are wisely looking to get ahead of the challenges associated with digital investigations. When planning future investments in an enterprise-wide digital investigation solution, CIOs should look for a solution that can help simplify the investigation workflow, improve staff efficiency, and reduce data movement between platforms and teams.

Because investigations extend beyond IT to involve key stakeholders from HR to legal, it is important that CIOs also consider how the solution facilitates improved collaboration across the organization. Integrated tools that share a common back-end database are shown to significantly improve efficiency, cutting down on the time it takes to complete investigations and therefore reducing overall cost while also giving CIOs and their IT teams complete visibility across the network to ensure data integrity and security.

Introduction toAccessData

Whether it’s for investigation, litigation, or compliance, AccessData offers industry-leading solutions that put the power of forensics in your hands. For 30 years, AccessData has worked with more than 130,000 clients in law enforcement, government agencies, corporations and law firms around the world to understand and focus on their unique collection-to-analysis needs. The result? Products that empower faster results, better insights, and more connectivity.

AccessData’s AD Enterprise and AD eDiscovery empower digital investigative teams to seamlessly collect, audit, and analyze data across the enterprise. The solutions give CIOs and their teams visibility into where data resides across the network when conducting investigations. The solutions’ ease of use and extensive integration enable teams to collaborate and investigate efficiently and effectively, while giving CIOs the complete visibility they need to prove data integrity and chain of custody.

For more information, visit www.accessdata.com