This Page

has been moved to new address

The eDiscovery Paradigm Shift

Sorry for inconvenience...

Redirection provided by Blogger to WordPress Migration Service
----------------------------------------------------- Blogger Template Style Name: Snapshot: Madder Designer: Dave Shea URL: mezzoblue.com / brightcreative.com Date: 27 Feb 2004 ------------------------------------------------------ */ /* -- basic html elements -- */ body {padding: 0; margin: 0; font: 75% Helvetica, Arial, sans-serif; color: #474B4E; background: #fff; text-align: center;} a {color: #DD6599; font-weight: bold; text-decoration: none;} a:visited {color: #D6A0B6;} a:hover {text-decoration: underline; color: #FD0570;} h1 {margin: 0; color: #7B8186; font-size: 1.5em; text-transform: lowercase;} h1 a {color: #7B8186;} h2, #comments h4 {font-size: 1em; margin: 2em 0 0 0; color: #7B8186; background: transparent url(http://www.blogblog.com/snapshot/bg-header1.gif) bottom right no-repeat; padding-bottom: 2px;} @media all { h3 { font-size: 1em; margin: 2em 0 0 0; background: transparent url(http://www.blogblog.com/snapshot/bg-header1.gif) bottom right no-repeat; padding-bottom: 2px; } } @media handheld { h3 { background:none; } } h4, h5 {font-size: 0.9em; text-transform: lowercase; letter-spacing: 2px;} h5 {color: #7B8186;} h6 {font-size: 0.8em; text-transform: uppercase; letter-spacing: 2px;} p {margin: 0 0 1em 0;} img, form {border: 0; margin: 0;} /* -- layout -- */ @media all { #content { width: 700px; margin: 0 auto; text-align: left; background: #fff url(http://www.blogblog.com/snapshot/bg-body.gif) 0 0 repeat-y;} } #header { background: #D8DADC url(http://www.blogblog.com/snapshot/bg-headerdiv.gif) 0 0 repeat-y; } #header div { background: transparent url(http://www.blogblog.com/snapshot/header-01.gif) bottom left no-repeat; } #main { line-height: 1.4; float: left; padding: 10px 12px; border-top: solid 1px #fff; width: 428px; /* Tantek hack - http://www.tantek.com/CSS/Examples/boxmodelhack.html */ voice-family: "\"}\""; voice-family: inherit; width: 404px; } } @media handheld { #content { width: 90%; } #header { background: #D8DADC; } #header div { background: none; } #main { float: none; width: 100%; } } /* IE5 hack */ #main {} @media all { #sidebar { margin-left: 428px; border-top: solid 1px #fff; padding: 4px 0 0 7px; background: #fff url(http://www.blogblog.com/snapshot/bg-sidebar.gif) 1px 0 no-repeat; } #footer { clear: both; background: #E9EAEB url(http://www.blogblog.com/snapshot/bg-footer.gif) bottom left no-repeat; border-top: solid 1px #fff; } } @media handheld { #sidebar { margin: 0 0 0 0; background: #fff; } #footer { background: #E9EAEB; } } /* -- header style -- */ #header h1 {padding: 12px 0 92px 4px; width: 557px; line-height: 1;} /* -- content area style -- */ #main {line-height: 1.4;} h3.post-title {font-size: 1.2em; margin-bottom: 0;} h3.post-title a {color: #C4663B;} .post {clear: both; margin-bottom: 4em;} .post-footer em {color: #B4BABE; font-style: normal; float: left;} .post-footer .comment-link {float: right;} #main img {border: solid 1px #E3E4E4; padding: 2px; background: #fff;} .deleted-comment {font-style:italic;color:gray;} /* -- sidebar style -- */ @media all { #sidebar #description { border: solid 1px #F3B89D; padding: 10px 17px; color: #C4663B; background: #FFD1BC url(http://www.blogblog.com/snapshot/bg-profile.gif); font-size: 1.2em; font-weight: bold; line-height: 0.9; margin: 0 0 0 -6px; } } @media handheld { #sidebar #description { background: #FFD1BC; } } #sidebar h2 {font-size: 1.3em; margin: 1.3em 0 0.5em 0;} #sidebar dl {margin: 0 0 10px 0;} #sidebar ul {list-style: none; margin: 0; padding: 0;} #sidebar li {padding-bottom: 5px; line-height: 0.9;} #profile-container {color: #7B8186;} #profile-container img {border: solid 1px #7C78B5; padding: 4px 4px 8px 4px; margin: 0 10px 1em 0; float: left;} .archive-list {margin-bottom: 2em;} #powered-by {margin: 10px auto 20px auto;} /* -- sidebar style -- */ #footer p {margin: 0; padding: 12px 8px; font-size: 0.9em;} #footer hr {display: none;} /* Feeds ----------------------------------------------- */ #blogfeeds { } #postfeeds { }

Sunday, August 12, 2012

The Legal Profession Found the Twenty-First Century: Ignorance is bliss no longer

As a profession, lawyers and bar associations are notoriously slow to change.  Last week, the American Bar Association considered and adopted updates to the Model Rules of Professional Conduct that govern lawyers.    The legal profession has found its way into the Twenty-First Century and clients will benefit.

The American Bar Association’s Commission on Ethics 20/20 filed its first six recommendations with the ABA House of Delegates on May 7, 2012.  These recommendations are the result of a three-year study of how “globalization and technology are transforming the practice of law and how the regulation of lawyers should be updated in light of those developments.”  The Commission’s recommendations have been split into two sets of proposals with the first considered by the ABA House of Delegates at its August 2012 meeting.  The other recommendations will be considered in February 2013.

The ABA stated that “technology and globalization have transformed the practice of law in ways the profession could not anticipate in 2002. Since then, communications and commerce have become increasingly globalized and technology-based.  In August 2009, then-ABA President Carolyn B. Lamm created the Commission on Ethics 20/20 to tackle the ethical and regulatory challenges and opportunities arising from these 21st century realities. She charged the Commission with conducting a plenary assessment of the ABA Model Rules of Professional Conduct and related ABA policies, and directed it to follow these principles: protecting the public; preserving the core professional values of the American legal profession; and maintaining a strong, independent, and self-regulated profession.”


August 2012 Adopted Changes

Rule 1.1 requires that a lawyer provide “competent representation to a client,” which “requires the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation.”  The Comment to Rule 1.1 was amended to state that a lawyer’s competence must now include knowledge of “the benefits and risks associated with relevant technology.”  No longer can a lawyer claim ignorance.  The fundamental principle of competence now requires a lawyer to know and keep apprised of how technology impacts her practice and her representation of the client.

The ABA added the following language to Rule 1.6 which governs a lawyer’s duty to keep information confidential:  “A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”  In Comment 16, the ABA clarified that this new language in the rule means:

“The unauthorized access to, or the inadvertent or unauthorized disclosure of, information relating to the representation of a client does not constitute a violation of paragraph (c) if the lawyer has made reasonable efforts to prevent the access or disclosure. Factors to be considered in determining the reasonableness of the lawyer’s efforts include, but are not limited to, the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients (e.g., by making a device or important piece of software excessively difficult to use). A client may require the lawyer to implement special security measures not required by this Rule or may give informed consent to forgo security measures that would otherwise be required by this Rule. Whether a lawyer may be required to take additional steps to safeguard a client’s information in order to comply with other law, such as state and federal laws that govern data privacy or that impose notification requirements upon the loss of, or unauthorized access to, electronic information, is beyond the scope of these Rules.”

In its amendments to Rule 4.4(b), the ABA concluded that electronically stored information should be treated like other documents.  Now, “[a] lawyer who receives a document or electronically stored information relating to the representation of the lawyer’s client and knows or reasonably should know that the document or electronically stored information was inadvertently sent shall promptly notify the sender.”

In Comment 2 to Rule 4.4, the ABA added that “A document or electronically stored information is inadvertently sent when it is accidentally transmitted, such as when an email or letter is misaddressed or a document or electronically stored information is accidentally included with information that was intentionally transmitted.”  “Metadata” is included in the types of electronically stored information that may be inadvertently disclosed.  However, metadata in electronic documents "creates an obligation under this Rule only if the receiving lawyer knows or reasonably should know that the metadata was inadvertently sent to the receiving lawyer.”


The ABA also tackled issues relating to Outsourcing and Technology and Client Development.  Those issues will be addressed in another article.


Conclusion

While the ABA’s Model Rules are not binding on lawyer until adopted by the states, the influence of changes to the Model Rules cannot be overstated.  Most states usually adopt some variety of changes made to the Model Rules of Professional Conduct.  Thus, look for each state to address these recommendations over the next year.  There will likely be some healthy and interesting debates to come.  Stay tuned.

Labels: , , , , ,

Friday, August 10, 2012

Is it Safe to Store Proprietary Data in DropBox?

Over the last 5 years, the volume of information that is shared and/or stored in the public cloud due to the increased use of social media platforms such as Facebook, Twitter, and LinkedIn has soared.  According to a report called "The Growth of Social Media", compiled by Search Engine Journal:         

Facebook has in excess of 640 million registered users with over 7 billion pieces of content shared weekly. Twitter has in excess of 299 million registered users with over 95 million tweets per day. LinkedIn has in excess of 100 million registered users.

The risks associated with these popular social media platforms are well documented.  Fortunately, businesses worldwide are quickly evolving their understanding of the risks of what information should and should not be communicated or shared by employees via the various social media platforms. However, these same businesses may be at an even greater risk of exposing proprietary and confidential information by their employees through the use of public cloud storage platforms such as Dropbox.

At the Carmel Valley eDiscovery Retreat (CVeDR) held July 22-25, 2012 in Monterey, California, I had the pleasure of moderating several panel discussions on cloud computing featuring industry experts in eDiscovery, Internet security and the legal risks associated with storing data in a public cloud.  The consensus from the panels was that storing any data in the public cloud poised both a security and a legal risk.  

The recommendations from these experts regarding what data businesses should put in the public cloud varied from "don't put any data in the public cloud" to "don't put any proprietary or confidential data in the public cloud."  However, regardless of what the experts say, the operational efficiencies and financial incentives of cloud computing are just too great for businesses to ignore.  But, that doesn't mean that business owners should ignore the facts.

The Experts are Cautious

The consensus among the CVeDR cloud panel experts was that there was probably more data stored in Dropbox than most businesses realized and that it was a potential source of risk. Several of the lawyers on the CVeDR panels indicated that a business could potentially lose its claims to properly protecting trade secrets and other proprietary information by merely storing data in storage technologies like Dropbox.  The security experts on the CVeDR panel contended that there were still some very worrisome security issues with storage technologies like Dropbox.

What DropBox Says

According to its website, Dropbox contends that they use modern encryption methods to both transfer and store your data such as Secure Sockets Layer (SSL) and AES-256 bit encryption.  In addition Dropbox contends that the Dropbox website and client software have been hardened against attacks from hackers, that public folders are not browsable or searchable and public files are only viewable by people who have a link to the file(s).

What Can Happen

However, Dropbox actually uses Amazon's Simple Storage Service (S3) for storage and therefore they really don't even have direct control over the security of the files that you store.   The potential problems with Cloud Service Providers (CSPs) such as Aamazon S3 was very evident this summer as a severe storm that rumbled across the Eastern U.S, leaving nine people dead and millions without power, also disrupted an Amazon Web Services data center, affecting service for social media sites like Pinterest, Instagram and Netflix, which host their services at Amazon's data centers.
In another alarming security development for AWS, on Monday August 6, 2012,  Amazon changed its customer privacy policies closing security gaps that were exploited in the identity hacking of Wired reporter Mat Honan on Friday. As posted on the Wired.com website in an article by Nathan Olivarez-Giles titled, "Amazon Quietly Closes Security Hole After Journalist’s Devastating Hack", previously, Amazon allowed people to call in and change the email address associated with an Amazon account or add a credit card number to an Amazon account as long as the caller could identify him or herself by name, email address and mailing address — three bits of personal information that are easily found online.

Nathan Olivarez-Giles reports in this article that on Tuesday August 7, 2012,  that
 Amazon handed down to its customer service department a policy change that no longer allows people to call in and change account settings, such as credit cards or email addresses associated with its user accounts.

Amazon officials weren’t available for comment on the security changes, but during phone calls to Amazon customer service on Tuesday, representatives told us that the changes were sent out this morning and put in place for “your security.”

The security gap was used by hackers, one of whom identified himself as a 19-year-old going by the name “Phobia,” to gain access to Honan’s Amazon account on Friday. Once Phobia and another hacker gained access to Honan’s Amazon account, they were able to view the last four digits of a credit card linked to the account.

The hackers then used those four digits to trick Apple customer service into thinking it was dealing with Honan. Apple customer service then gave the hackers a temporary password into Honan’s Apple ID, which the hackers used to wipe his iPhone, iPad and MacBook, and gain access to a number of email accounts as well as his Twitter account.

We discovered Amazon’s policy change on Tuesday after we failed to replicate the exploits used on Honan this weekend. Amazon declined comment on the security hole on Monday, and has since failed to return repeated phone calls from Wired about the vulnerability.

In regards to these cloud storage vendors being able to keep data secure. Dropbox confirmed Tuesday, July 31, 2012 that its users had been experiencing a spam onslaught, and reported that the issue was tracked to employee. "Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts. We've contacted these users and have helped them protect their accounts," said Aditya Agarwal, VP of engineering at Dropbox, Tuesday in a blog post.

However, many of the spam attacks were ultimately traced to a password-reuse problem that existed within Dropbox itself. "A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses," said Agarwal. "We believe this improper access is what led to the spam. We're sorry about this, and have put additional controls in place to help make sure it doesn't happen again." Those controls will include a page that lets users review the login history related to their account, mechanisms for identifying suspicious activity, as well as two-factor authentication.

There is no doubt that weather related issues have knocked out corporate data centers and passwords have been compromised behind the firewalls of even the largest corporations in the world.   However, when this happens, the corporate stakeholders at least have someone to hold accountable.  When these types of things happen with a cloud storage provider such as DropBox, the DropBox Service Level Agreement (SLA) protects DropBox from any direct responsibility or damages.

Recommendation

Moving data to the public cloud is already happening at an accelerating rate.  And, the operational efficiencies and financial benefits are just too great for this trend to slow down.  Therefore, even though it is a fair question to ask if it is safe to move your data to a public cloud, a more realistic question might be, "What do I need to know and what do I need to do to ensure that my data will be safe once I move it to the public cloud?"

With input and guidance from the CVeDR cloud panel experts, my recommendations are as follows:

1.     Don't move any business data to the public cloud that is confidential, proprietary or is the essence of valuable corporate Intellectual Property (IP).
2.     Have your legal department read the providers Service Level Agreement (SLA).
3.     Develop and/or follow corporate data retention policies in regards to the data you store in the public cloud.
4.     Develop and/or follow corporate password and other security policies in regards to the data you store in the public cloud.
5.     Talk to the cloud storage provider about eDiscovery and develop a joint plan for how it is going to be accomplished and how much it is going to cost.

Storing data in the public cloud is inexpensive and very efficient.  Just be aware that there are risks that need to be mitigated and addressed.

Labels: , ,

Thursday, August 2, 2012

StoredIQ Reinvents Itself in a Big Data Way


Over the past five (5) years StoredIQ has had more than its fair share of ups and downs.  Founded in 2001, venture backed StoredIQ began to establish itself as a "next generation" player in the eDiscovery software market around 2005.  However, after being overlooked for a large consolidation move in 2009, StoredIQ seemed to loose its way and couldn't figure out if they were in the Information Governance market competing with Autonomy, IBM and Symantec or in the eDiscovery Early Case Assessment (ECA) market competing with Clearwell Systems.

2010 became a pivotal year as they brought on Phil Myers as the new CEO.  With 29 years of experience in the technology industry and having managed three successful start-up companies, Phil made adjustments in personal, mission and strategy and got StoredIQ back in the game.

In 2011, Phil hired Tom Bishop as The new Chief Technology Officer (CTO).  Bishop was the former chief technology officer of IBM Tivoli. After Tivoli, Bishop served as CTO of VIEO, Inc., where he was named “Chief Technology Officer of the Year” by InfoWorld magazine vice president and CTO at BMC Software where he was responsible for product vision and direction, including advancing Atrium, the company’s innovative open-architected foundation for Business Service Management solutions.  Tom was the right technology leader at the right time to figure out what the market wanted StoredIQ to be and how to get them there technically.

Throughout 2011, StoredIQ executives met with customers, prospects and other industry thought leaders to try and establish their corporate identity.  More importantly, they tried to figure out if they were going to build product to compete in the Information Governance or eDiscovery markets.  Where they ended up may surprise some of you.

Named by Gartner as a 2012 "Cool Vendor" in Risk Management, Privacy and Compliance, StoredIQ ended up in the middle of "Big Data" with its new mission to enable organizations to actively manage their vast and ever-increasing amounts of unstructured data.  So, with a slight twist on the approach and who they are now selling to, StoredIQ actually ended up in both Information Governance and eDiscovery.  You see, at the root of any Information Governance or eDiscovery project or process is the ability to identify, collect, index and analyze Big Data.  And, that's what StoredIQ is now doing.
I had the pleasure of spending an hour today with Phil Myers, StoredIQ's CEO and Amir Jaibaji, Vice President of Product Management for StoredIQ.  They walked me through their "new strategy" and gave me a quick demo of DataIQ, their recently announced data analytics module that provides users with an exceptionally unique visual overview and approach to analyze unstructured data.  It’s very visual, fast and provides an abundance of information that you probably didn’t even know that you had about your data.  Whether you are an analyst in the Information Technology (IT) department managing storage utilization, a risk manager looking for “open shares” in SharePoint or a General Counsel trying to forecast the cost of pending litigation, DataIQ is just what you have been hoping for. It was impressive to say the least and  if it is any indication of where Myers and Bishop have taken StoredIQ, they have not only reinvented themselves, they had established themselves as a formidable player in the Big Data analytics market.

Over the next couple of weeks, I plan  to spend more time with StoredIQ and will report on what I find.  My expectations are very high.

Labels: , ,

Tuesday, July 31, 2012

Professionalism and eDiscovery: Going beyond ethical considerations

During the last few years, there has been much discussion, and even some interesting debates, about ethical eDiscovery issues.  Much focus has been on the topics of duties to preserve records, duties to disclose records, and the state Rules of Professional Conduct.  But, I believe it is not sufficient to consider only the ethical issues involved.  We must also focus on the professionalism of eDiscovery.  Some of these professionalism issues are raised in discovery generally, but others are unique to eDiscovery.

I believe it nearly universally true that the most professional and ethical lawyers are usually the best lawyers.  They have either long ago abandoned, or never acquired a taste for, unprofessional conduct.  They have mastered their craft and find no use for unprofessional behavior.  The same could be said for business leaders; if they are not professional, others would rather do a business deal with someone else.

Attorney Civility Rules

Some states have developed civility rules that are guidelines only.  These rules are not intended to be enforced against lawyer conduct the way that the Rules of Professional Conduct are enforced.  However, these are excellent guidelines for ensuring that lawyers maintain professionalism in eDiscovery.

Included in New York’s Standards of Civility rules are standards are obligations to be “courteous and civil in all professional dealings with other persons.”  This includes a requirement that lawyers “should act in a civil manner regardless of the ill feelings that their clients may have toward others” and “[l]awyers can disagree without being disagreeable.”
The New York Standards of Civility also state that “[a] lawyer should not use any aspect of the litigation process, including discovery and motion practice, as a means of harassment or for the purpose of unnecessarily prolonging or increasing litigation expenses.”  ESI requests are particularly prone to abuse in this area as it can be used to harass and increase litigation expenses.

Everything I Really Need to Know I Learned In Kindergarten
.
In Robert Fulghum’s popular essay about what he learned in kindergarten, he discussed a few basic principles that both lawyers and businesses should abide by.  Included among those are basic professional principles like “share everything,” “play fair,” “don’t hit people,” “clean up your own mess,” “don’t take things that aren’t yours,” “say you’re sorry when you hurt somebody,” and “live a balanced life.”  A healthy dose of these basic ideas would serve the lawyer well in eDiscovery practice.  Although the pressing matter may seem most important at the time, conduct will create a reputation, and an unprofessional reputation is difficult to lose once it is gained. You can play fair while vigorously representing your client.


What Professionalism Should Govern eDiscovery Practice?

In eDiscovery circles, there is much discussion taking place about “proportionality.”  Essentially, this is an issue of reasonableness.  I believe reasonableness is also an issue of professionalism.  Recall that the scope of discovery is what is “reasonably calculated to lead to the discovery of admissible evidence.” Fed. R. Civ. Proc. 26(b)(1).  By narrowly tailoring requests to what is reasonable will enhance eDiscovery professionalism. eDiscovery costs should never be used as a way to bludgeon the opposing party into submission.   If ESI the scope of a request can be narrowed without harming a client’s case, then it should be narrowed.  The New York Rules of Civility state that “[a] lawyer should avoid discovery that is not necessary to obtain facts or perpetuate testimony or that is designed to place an undue burden or expense on a party.”


While many crack jokes about the professionalism and ethics of lawyers, most lawyers I know take both ethics and professionalism very seriously.  I believe that the best lawyers are not only ethical but highly professional as well.  Some clients act professionally as well, while others may will push for unprofessional practices.  It is the lawyer’s job to reign in his or her client.  While a lawyer must zealously advocate for a client, no case or client is ever worth squandering one’s reputation.  Never allow a client to cause you to do something unethical or unprofessional.


Lawyers involved in eDiscovery should strive for not only meeting the basic Rules of Professional Conduct but also the Rules of Civility.  By doing so, we serve the judicial system, our colleagues and our clients with integrity.

Labels: , , , , , , ,

X1 Discovery and the National White Collar Crime Center Partner to Fight Cybercrime with Cutting Edge Support and Training for Internet and Social Media Investigations

Potential evidence of white collar crimes is becoming more prevalent in social media platforms such as Facebook, Twitter and LinkedIn.  In fact, industry analysts indicate that electronic evidence generated from social networks is relevant to just about every criminal and civil legal matter and therefore must be routinely addressed by law enforcement, regulatory agencies, law firms, and corporate risk professionals.

In a recent LexisNexis survey of 1200 law enforcement professionals focusing on the rising prominence of social media evidence, 67 percent of respondents believed social media evidence helps solve crimes more quickly. However, the respondents also pointed to lack of training and technical familiarity as preventing their more widespread access to social media evidence.

X1 Discovery, the leader in software solutions for social media and website evidence search and collection, along with the National White Collar Crime Center (NW3C), an internationally recognized leader in education and support in the prevention and prosecution of high tech crime, have announced a strategic partnership to provide training curriculum and support to local, state and federal law enforcement agencies worldwide, as well as to legal, corporate discovery and risk professionals. The partnership will focus on promoting best practices and advanced techniques for website and social media evidence collection and analysis, based upon the X1 Social Discovery software.

This curriculum will provide best practices and new methods to collect, search, preserve and manage social media evidence from social media networking sites and other websites in a scalable, instantaneous and forensically sound manner. Participants will learn about specific cases involving critical social media data; find out how to collect and index thousands of social media items in minutes; understand and identify key metadata unique to social media; learn how to better authenticate social media evidence in a safe and defensible manner; and more. The X1 Social Discovery software is designed to effectively address social media content from the leading social media networking sites such as Facebook, Twitter and LinkedIn. In addition, it can crawl, capture and instantly search content from any website. Unlike archiving and image capture solutions, X1 Social Discovery provides for a “matter-centric” workflow and defensible chain of custody from search and collection through production in searchable native format, while preserving critical metadata not possible through image capture, printouts, or raw data archival of RSS feeds.

The use of social media as the preferred form of communications for all business both legal and illegal is going to grow at an accelerating rate. Therefore, local, state and federal law enforcement agencies worldwide, as well as to legal and corporate HR and  risk professionals are going to have to be prepared to collect and analyze this electronic information. The partnership between the National White Collar Crime Center and X1 Discovery is definitely a ray of hope for those organization that are in desperate need of assistance to deal with this growing problem.


You may view the press release on Reuters announcing this partnership at:  http://www.reuters.com/article/2012/07/31/idUS154421+31-Jul-2012+BW20120731

For more information about X1 Discovery, you can visit their website at: www.x1discovery.com.  For more information about the National White Collar Crime Center, you can visit: http://www.nw3c.org/

Labels: , , , , , ,

Tuesday, July 24, 2012

2012 Early Case Assessment Buyer's Guide

This past week DCIG published the 2012 Early Case Assessment Buyer's Guide.  As the lead analyst on this guide, I will be posting my thoughts and comments about the development of the guide and the results over the next couple of weeks.

Please note that you can register for an August 9, 2012 Webinar where I will talk about how we developed the guide and will also demonstrate the online interactive version of the guide.  Click Here to register.

First of all, I wanted to thank Joshua Konkle from DCIG for inviting me to participate in the development of this guide.  Joshua and I spent hundreds of hours talking with Early Case Assessment (ECA) users to gather input to develop the survey questions and ranking criteria.  We then spend on told hours with the product managers from the vendors covered in the guide, processing the results and writing the report.  It was a very educational yet rewarding  exercise that I look forward to repeating it every12 months for years to come.

Beyond the ECA platform rankings, there is a lot of very valuable information in this guide in regards to the state of the eDiscovery market.  However, I can't comment on all of it at one time,.  Therefore, in this initial post, I will talk about some of the thought that went into developing the survey, the ranking criteria and release the list of the ECA tools in order of ranking.

Historically, technology industry reports have taken into consideration vendor size based on revenue and installed based and  other criteria that Joshua and I considered very subjective such as feedback from customers.   DCIG has historically attempted to be very objective in the development of its other buyers guides.  I like to call this the Dragnet approach as they have been steadfast to collect "just the facts".  As such, Joshua and I followed a similar philosophy  with the 2012 ECA Buyer's Guide.  We only wanted to collect verify and report on the facts of what these ECA tools could do and didn't take into consideration what customers thought or how much revenue the vendor generated.

In addition, DCIG has also historically taken a very bold approach of actually ranking the platforms in their guides as opposed to lumping them into conceptual categories that provide little to no value to perspective buyers. Joshua and I followed the same strategy with the 2012 ECA Buyer's Guide.  And, although we did place ECA platforms into categories such as Recommended, Excellent, Good and Basic, we did in fact rank the platforms from 1-29.  As a side not, the fact that we actually ranked the ECA tools provided for some interesting and frank discussions with many of the vendors that participated.  I plan to comment on some of these rankings in later posts.  However, as a teaser, potential buyers need to note that just because a particular ECA tool was ranked very low doesn't mean that it wouldn't be a perfect for your specific ECA requirements.  That's the beauty of the guide and more specifically the value of the Interactive Buyer's Guide (IBG) as it enables users to analyze all 29 ECA tools based on any of the 300 data point and choose those ECA tools that meet their specific criteria.  Please note that I will be talking about the IBG at length in future Blog posts and will also be demonstrating the IBG in multiple webinars over the next month.

Based on our personal experiences with ECA tools and view of where the ECA is going along with discussions with ECA users and a cross section of the ECA tool vendors, Joshua and I placed a heightened focus on ECA tools with the following features delivered as an integrated holistic platform:
  • Data Mapping
  • Analysis of enterprise ESI before collections
  • Real-time collection of enterprise ESI
  • Integration with enterprise archiving systems
  • Ability to process social media ESI
  • Legal Hold
  • Workflow management
  • Project management
  • Next generation search
  • First Pass Review
  • Next generation user interface
  • Information dashboard
  • SaaS delivery option

Based on how the participating ECA vendors answered the survey and taking into consideration these criteria, Joshua and I ranked the ECA tools for the 2012 ECA Buyer's Guide as follows:
  1. Guidance Software EnCase eDiscovery
  2. Exterro Fusion eDiscovery
  3. ZyLAB eDiscovery Bundle
  4. Orcatec Document Decisioning Suite
  5. GGO DigitalWarRoom
  6. Symantec Clearwell
  7. Autonomy Investigator and Early Case Assessment (ECA)
  8. StoredIQ DiscoveryIQ
  9. NextPoint Discovery Cloud
  10. NUIX Nuix Enterprise Discovery
  11. Kroll Ontrack Ontrack Inview
  12. EMC SourceOne
  13. Kroll Ontrack Verve Review
  14. AccessData Group AD eDiscovery
  15. Rational Retention Central Retention Server (CRS)
  16. Kroll Ontrack Ontrack Advanceview
  17. Digital Reef Advanced ECA 4.0
  18. Equivalent Data NeddleFinder
  19. AccessData Group ECA product (AD ECA)
  20. Orange Legal Technologies OneO
  21. Kroll Ontrack Verve EDA
  22. Recommind Axcelerate ECA and Collection
  23. X1 Discovery X1 Rapid Discovery; X1 Social Discovery
  24. InterLegis, Inc. Discovery360
  25. AccessData Group Summation
  26. kCura Relativity
  27. Venio Systems Venio FPR
  28. Orange Legal Technologies Purple Box
  29. Equivio Equivio Zoom

Please note that users can download a full copy of the 2012 ECA Buyers Guide at: http://www.dcig.com/buyersguides.

A couple of things to keep in mind in regards to this ranking:
  • These rankings are based upon our view of  features that are important in the ECA market which may or may not match your view of what's important.
  • In many cases the difference in the overall points that separate our rankings over 5 to 10 spots may be as few as 5 to 10 points.  And, these points could represent connections to data types or support for specific kinds of search technology (e.g. conceptual search vs. keyword) that may not be important to your organization.
  • It is also possible that the ECA tools represented in this guide have released major updates that were not reflected in the final rankings. Joshua and I had to set a cut-off date and unfortunately some of these updates occurred after the cut-off.  As an example, Kroll Ontrack has made some major enhancements to its ECA product line in the just the last 60 days.
  • There are some very  impressive ECA tools such as Equivio Zoom, Venio FPR, X1 Rapid Discovery  and OneO that are ranked lower in the guide (because they are more focused in their approach to ECA) but in fact may be the perfect solution to your specific requirements.  As an example, I just recently ranked Equivio Zoom as one of the Top Five eDiscovery Technologies to watch in the second half of 2012.

Our mission with the inaugural Early Case Assessment Buyers’ Guide was to provide users with a valuable and ongoing source of objective and unbiased knowledge to compare the features and functionality of ECA software.  We included vendors regardless of size or installed base and we went to great lengths to be as objective as possible in the scoring and ranking of the ECA software reviewed in this Guide.  If anyone has any questions and or comments about this guide I would encourage you to contact me or Joshua as we would be more than happy to discuss our approach and the results.

In my next post, I will go into  more detail regarding the thoughts behind our criteria and rankings.

Labels: , , , ,

Friday, July 13, 2012

Five Initial Steps to Meet the Governance, Risk and Compliance Obligations Brought on by Today's Big Data File Stores

The accelerating increase in the amount of unstructured Electronically Stored Information (ESI) is leaving IT organizations struggling with how to store and manage all of this new information. Aside from just providing the underlying storage infrastructure to host this amount of data, companies are also faced with the task of properly managing their Big Data file stores to meet existing governance, risk and compliance obligations. To do so, there are five steps they can take now to position their organization to meet them.


According to a 2010
report by IDC, the amount of information created, captured or replicated has exceeded available storage for the first time since 2007. The size of the digital universe this year will be tenfold what it was just five years earlier. According to this same IDC report, the volume of unstructured ESI is expected to grow at over 60% CAGR (Compounded Annual Growth Rate).

According to Forrester Research and as
reported in an article that appeared on Forbes website last week:
  • The average organization will grow their data by 50 percent in the coming year
  • Overall corporate data will grow by a staggering 94 percent
  • Database systems will grow by 97 percent
  • Server backups for disaster recovery and continuity will expand by 89 percent
Overseeing the expansion of storage space and ensuring that the data is protected has become a minor part of the overall task of Big Data file storage and management. Business stakeholders and the Information Technology (IT) organizations from enterprises of all sizes and across all industries must now face a list of Governance, Risk and Compliance (GRC) regulations to which they have to legally comply or face potentially fatal financial penalties to the enterprise. 

The most obvious laws to which they are subject include:
  • Sarbanes-Oxley (SOX)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Gramm-Leach-Bliley (GLBA)
  • Federal Information Security Management Act (FISMA)
  • Consumer Information Protection Laws
  • Federal Rules of Civil Procedure (FRCP)

Further, the list of new regulations is growing. The passage of The Patient Protection and Affordable Care Act (PPACA) will result in the US Government adding 159 new agencies, programs, and bureaucracies to assist with the compliance of over 12,000 pages of new regulations. Over the past ten years, in response to the threat of international terrorism, the US Department of Homeland Security (DHS) has added hundreds of new regulations. Finally, cyber terrorism, including acts of deliberate, large-scale disruption of enterprise computer networks, is now a reality that all businesses must face.

In the face of this, Big Data file storage and management vendors, along with the associated industry consultants, have developed a list of hardware and software requirements and associated value propositions to help enterprise buyers decide which Big Data file storage and management platforms to purchase.

But before they buy, there are five steps that buyers should take first to ensure they are prepared to meet the governance, risk and compliance obligations brought on by today's Big Data file stores:
  • Internal Collaboration: File management and Governance, Risk and Compliance (GRC) requirements affect business stakeholders from the boardroom to IT to the manufacturing floor and loading dock to the accounting office. The development of cross functional workgroups and the promotion of internal collaboration between functional experts is the key to successfully identifying, understanding and addressing all of the requirements and issues involved in Big Data file management across the entire enterprise.
  • Network Architecture Planning:  Over the past 25 years, enterprise architectures grew with little or no planning resulting in wasteful redundancy and little or no access to all the enterprise data as may be required to comply with today’s GRC requirements. The advent of the Internet and now cloud computing has brought this decades of poorly planned networks to light resulting in them become more of an enterprise liability than an asset. The time is now for IT to hit the restart button and explore new options such as virtualization, hybrid cloud architectures and the use of cloud service providers (CSPs) that enable them to better leverage, manage and optimize their existing infrastructure..
  • Security:  The introduction and proliferation of portable storage devices, Wireless Internet, mobile computing devices, enterprise Software-as-as-Service (SaaS) applications, cloud storage, blogs and social media such as Facebook, LinkedIn and Twitter, data theft and cyber attacks are a real issue for which many (and arguably most) companies do not have a good answer. Now is the time for IT to take a serious look at their internal file access policies and move as quickly as possible to address any existing shortcomings.
  • Data Retention Policy Development and Implementation: Sarbanes-Oxley (SOX), the Health Insurance Portability and Accountability Act (HIPAA) and the Federal Rules of Civil Procedure (FRCP) all have very specific data retention guidelines for what types of ESI data an enterprise has to keep and how long to keep it.  Enterprises must investigate and document these requirements, development data retention policies and acquire the appropriate software to ensure compliance.
  • Technology Vendors and Consulting Partners: Business stakeholders and IT management may be overwhelmed with the task of addressing the issues of successfully meeting the GRC obligations of big file storage and management. If this is the case, reach out to the hardware and software vendor community and askhow their solutions support these issues. If required, engage the services of vendor independent consulting partners to act as trusted advisors to assist in the successful navigation of the required cultural transitions and the acquisition of the best technology platforms.

The accelerating increase in the amount of unstructured Electronically Stored Information (ESI) is putting IT organizations on the defensive as they struggle to figure out how to store and manage all of this new information. However, overseeing the expansion of storage space and ensuring that appropriate backups are completed has become a minor part of the overall task of big file storage and management.

Rather business stakeholders and IT staff need to act now to first bring their infrastructure under control so they can get in front of the growing list of GRC regulations to which they are subject. By following the five steps outlined above, enterprises will be in a position so that when they purchase a product, they will have a good grasp of what their true enterprise challenges are and have a high probability of bringing in a product that addresses them.

Labels: , , , , , , , , , , , ,