There is little argument that cloud computing and software-as-a-service (SaaS) platforms have created a paradigm shift in enterprise technology and IT as a whole. Companies of all sizes – both public and private – seeking to reduce storage costs, improve overall efficiency and integration with partners, are increasingly turning to the cloud to house information and run essential business functions remotely.
The Business Software Alliance Global Cloud Computing Scorecard ranked Australia second only to Japan as a global destination for the software-enabled resources and services delivered on an “as needed” basis. The Scorecard was based on seven key criteria: industry-led standards and international harmonisation; data privacy; security; cybercrime; intellectual property; free trade; and information technology readiness and broadband deployment.
Australia was rated among the leaders in each category, contributing to its overall second place ranking in what is one of the fastest growing information technology sectors globally. Indeed, a September 2011 IDC survey of enterprises in Australia found that 20.6 per cent of the respondents are using Cloud computing, while 32.4 per cent are planning to deploy cloud services in the next six to 12 months. A further 41.2 per cent of companies are planning to implement Cloud services by 2013.
Gauging the impact of SaaS platforms
Accordingly for legal professionals, these questions loom: How have SaaS-based platforms historically impacted the legal market and specifically e-discovery practices? How will cloud-based applications impact corporate legal departments and their outside counsel in the future?
Historically speaking, SaaS-based solutions have driven innovation in the e-discovery market. Since the introduction of SaaS-based document review tools in the 1990s, software and service providers have been challenged to expand the capabilities of solutions they provide to users with even more control along all phases of the electronic discovery reference model (EDRM).
Today, software and service providers are introducing tools to help users manage, preserve, collect, process, review, analyse and produce documents on a single, do-it-yourself platform harnessing the power of SaaS-based technology dominated by the cloud.
With the movement of e-mail, user files and workgroup data to cloud computing, new challenges for e-discovery have emerged. The sheer volume of data and the expense of storing this data are the primary drivers behind the move to cloud computing. These drivers are also the primary reason preserving and collecting data from the cloud remains a challenge for organisations. Organisations have been stressed with preserving and collecting data behind their own firewalls, so it is understandable that moving this data outside the organisation creates additional e-discovery challenges.
Data is gradually added to the cloud over time, file by file, resulting in gigabytes, terabytes and even petabytes of information being stored on remote servers which are partially under the control the organisations storing their data in the cloud. Unfortunately, the e-discovery preservation/collection process doesn’t get this same benefit of unlimited time.
Collecting data from the cloud
Outsourcing to SaaS-based technology in the cloud typically begins with a directive in the IT department to cut software license fees storage costs and management overhead, but rarely includes the input of legal or consideration of legal e-discovery. This is when the volume of data being stored in the cloud becomes an extreme burden. Downloading hundreds upon hundreds of gigabytes of data from remote servers can be very time consuming. Depending on the litigation, you may have to perform multiple collections to ensure a complete collection due to timing issues.
The ideal solution would be to place select data on hold and only collect the data being held. The next best solution would be to conservatively hold broader categories of data and only collect data imminently needed for e-discovery. However, placing a legal hold on data stored in the cloud is challenging as there are no turnkey solutions to implement and manage this process. Some providers are working on integrating these features into their hosted solutions for e-mail, but the execution and management is extremely cumbersome and an all or nothing solution implemented on an entire mailbox.
Additionally, collecting data from the cloud can present new technology challenges. The IT department that used to be able to run scripts or other backend processes to collect data may find no such options are available with data stored in the cloud. Many times this process is developed during the heat of litigation, which increases the likelihood of mistakes and potential sanctions or adverse inference instructions.
Asking the right questions
To address many of the issues discussed above, the legal department should open a line of communication with the IT department and ensure the following questions are addressed:
- What level of control or access to the organisation’s data is allowed by the cloud services provider?
- Does the Service Level Agreement with the cloud services provider include language regarding extraction of data for e-discovery?
- Does the cloud services provider have documentation on their data preservation and collection processes?
- Has testing been performed on the collection process to validate the integrity of the data and timing?
- Does the cloud services provider keep and track appropriate chain-of-custody?
- Is there a defensible process for preserving and collecting data from the cloud services provider?
- What is the process for collecting data when the volume is too great to download from the cloud?
- For international organisations, can data be hosted in select global locations to ensure compliance with local, national and international data privacy laws?
A successful cloud strategy is one that takes into account the potential obstacles for preserving and collecting information for the purposes of e-discovery. Knowing where the service provider’s provisions end and where your organisation’s start is vital to ensuring a comprehensive, efficient and effective electronically stored information (ESI) request response.
Adrian Briscoe is the general manager APAC of data recovery and information management provider Kroll Ontrack .