nobeastsofierce - Fotolia
E-discovery in the cloud introduces security, compliance issues
E-discovery is still reliable for organizing and preserving data for legal compliance, but e-discovery in the cloud and container-based storage complicate governance processes.
During the last decade, two enormous shifts in the architecture of corporate computing have dominated IT spending. Installing and operating corporate e-discovery platforms and migrating substantial computing services to cloud-based offerings are becoming de facto requirements for any business that hopes to sustain a cost-effective and competitive IT position.
Rarely are the operating and design requirements of either service considered when selecting or launching the larger framework of IT services. E-discovery embraces the business processes with which companies -- or their legal counsel -- search for, recover and preserve electronic information as potential evidence.
Evolving technologies have made the e-discovery industry extraordinarily expensive -- driving companies to invest millions in installing and operating in-house solutions to conduct e-discovery effectively while lowering their legal fees. Companies and their e-discovery vendors are now searching to extend their corporate e-discovery platforms to improve efficiency in other business activities, lower costs and improve the ROI on those platforms.
E-discovery in the cloud introduces new security, compliance issues
Every byte of digital information is recorded -- even the most mundane event logs -- and companies must constantly search across their accumulated digital information in order to discover, re-create or test the accuracy of stories. E-discovery platforms are utilized during corporate and legal battlegrounds: Since the 1990s, U.S. courts -- and most other nations -- have admitted electronic information as evidence and require specific procedural requirements to assure that relevant evidence can be found and made available. In the courtroom, companies must recover and present evidence of the truth. In the boardroom, internal investigations, negotiations with unions and work councils, licensing applications, required regulatory reports and information security breach forensics also impose an obligation on companies to execute e-discovery to organize and preserve relevant data.
Beyond concrete requests, nearly every business transaction rests upon a series of promises about a company's capabilities, resources or histories. These representations are essential to building the trust between companies -- and before signing the deals -- can drive substantial investigation, due diligence and auditing. These tasks all require companies to build, document and present their stories using recorded digital information.
Though incredibly in demand today, corporate e-discovery platforms are potentially tomorrow's legacy systems -- difficult to adapt and integrate with the new innovations, notably container-based storage of massive archives corporate data.
Cloud computing, containers and orchestration
As part of the migration toward cloud computing capability, containers greatly reduce the hardware and software resources required to run applications and data services. Complex applications are divided among containers and distributed across third-party cloud servers, inside a corporate firewall or on an IoT device.
When the integrated operation of a defined process is required, software can automatically assemble the containers into an integrated sequencing and then disassemble them on completion. This orchestration enables a company's hardware, software and data resources only to be used as required and be immediately available for use by other processes. Containers and orchestration have greatly improved the efficiencies of virtual machines by eliminating the need for multiple copies of the core OS to support multiple applications.
Massive databases are divided and stored in containers, enabling orchestrations to select and use only specific sets of data within specific containers, improving the efficiency of execution. Storage containers can also be distributed and assembled and orchestrated from any networked location or device.
E-discovery in the cloud and for containerized data substantially creates several security and compliance issues to contend with:
- Historically integrated and secured databases are now divided and distributed -- the design documentation and execution logs must demonstrate the data has continued integrity and authenticity.
- Containers create new attack vectors for malicious actors. As e-discovery lawsuits demonstrate, this creates the burden to prove the recovered data has not been corrupted or compromised by hacking or unauthorized internal manipulation.
- Existing information governance programs -- which are still struggling to catch up with older innovations such as mobile devices and third-party digital storage -- must further adapt. New indexing schemes, data dictionaries and retention practices must be constructed across the containerized data assets.
Read more in part two, where strategies to overcome complications stemming from e-discovery in the cloud are discussed.