• Join our Communities!

  • Twitter Updates

    Error: Please make sure the Twitter account is public.

  • Disclaimer:

    The information in this weblog is provided "AS IS" with no warranties, and confers no rights. The opinions and interests expressed on this employee blog are the employees' own and don't necessarily represent EMC's positions, strategies or views. Inappropriate comments will be deleted at the authors discretion.

Archiving To Help Solve BYOD

We have written before about the security, privacy, compliance and legal issues created by the Bring Your Own Device (BYOD) phenomenon.  And if BYOD seems difficult here in the US, it’s far more difficult in the EU with its stronger protection of personal data.  With BYOD, personal information is being mixed with corporate information on an employee-owned device, often with no real corporate oversight, creating all kinds of new problems.

The UK’s Information Commissioner’s office recently published guidance to assist organizations in dealing with BYOD concerns in the EU.  Of course, a main point is that having a clear and effective BYOD policy is a crucial step for any organization.  But one issue, along with its related advice, really caught our attention:

     “If copies of data are stored on many different devices. . . there is an increased risk that personal data will become out-of-date or inaccurate over time … [or] retained for longer than is necessary … [because] it is more difficult to keep track of all copies of the data.  Using devices to connect to a single central repository of data can help mitigate this risk.”   [Emphasis added].

Centralized archives, operating and retaining data according to company policies, serve this purpose.  For example, rather than having email (and attachments) stored on various email servers, in PST files and on devices for every custodian, it should be stored, maintained, accessed (and ultimately deleted) from a single instance email archive.  Each device can serve as a “window” to that centralized content so that it’s accessible as needed, and then deleted.  This avoids creating new instances of each message that are stored and managed for each individual device requiring access to the data.  And this same concept can be applied to documents from file systems, Sharepoint, even records management systems.

Not every organization will have to meet EU (or even EU-style) data requirements.  But centralizing and managing content is a solid best practice that will pay dividends no matter where you are located.

EMC SourceOne 7 Archiving and eDiscovery: A Key Pillar of any Data Protection Strategy

As you may have already read in this morning’s EMC Data Domain and SourceOne blog,  EMC is taking data protection to the next level, and to that point, the version 7 release of EMC SourceOne is now available.  SourceOne 7 represents the next generation archiving platform for email, file systems and Microsoft SharePoint content and includes SourceOne Discovery Manager 7, which together, enhance an organization’s ability to protect and discover their data. In fact, in ESG’s recent  “Data Protection Matters” video featuring Steve Duplessie, ESG’s founder and Senior Analyst, it was stated that  “backup and archive are different but complimentary functions” that both are “key pillars of a data protection strategy”, and that “backup without archive is incomplete”. I find this to be in perfect alignment with EMC’s strategy for data protection, and with this in mind, I’d like to review some of the great features of EMC SourceOne 7.

Let’s take File System data as an example. Have you ever needed to locate file system data in your infrastructure without a purpose built archive to assist? Perhaps searching data for business reuse, an eDiscovery request, an audit or investigation? How did that work for you? Often, it’s a time consuming exercise in futility, or at best, an incomplete exercise with non-defensible results. Well, with the latest release of SourceOne for File Systems, a quick search can produce an accurate result set of all files that meet your search criteria AND you never had to physically archive that content.  That’s because this release offers “Index in Place” which enables organizations to index the terabytes (or petabytes!) of data that exists “in the wild” without having to move that data to the archive. How cool is that? Users and applications continue to transparently access that data as needed, yet sitting on top is a layer of corporate compliance.  Now you can apply retention and disposition policies to this data, discover information when required and place only the data that needs to be put on “legal hold” into the physical archive.

SourceOne 7 uniquely addresses each form of content. Since our next gen archiving family was built from platform level up, all content types are managed cohesively, yet each type of content is archived in such a way that compliments the content itself. For instance, archiving MS SharePoint you can:

  • Externalize active data to:
    • Save on licensing and storage costs
    • Increase  SharePoint’s performance
    • Provide transparent access to the content
  • Archive inactive content to:
    • Further decrease storage and licensing requirements
    • Make data available for eDiscovery and compliance
    • Set consistent retention and disposition policies
    • Provide users with easy search and recall from the MS SharePoint Interface

When it comes to the IT administrator, there are plenty of advantages to SourceOne, as well. Our entire archive is managed from a single console; all email, MS SharePoint, and File System data is captured into one archive that eases administrative management burden and decreases the margin of error when creating and executing policies against all types of content. The IT admin can also monitor and manage the overall health of the archive server using their existing monitoring tools, such as MS SCOM.   Improved ROI of monitoring tools, marginal learning curve, and IT efficiency are all part of SourceOne 7.  And of course, for the IT admin there’s the comfort in knowing that the data is being protected while transparently available to end user.

EMC's Source Once

The shift in IT infrastructure certainly encompasses virtualization, and most organizations take advantage of our ability to virtualize SourceOne. This next gen architecture allows the “snap on” of worker servers (either virtually or physically) with no disruption to the processes running on the existing archive servers, allowing  for expansion and contraction of servers and services as necessary. And, with all the new auditing and reporting capabilities in SourceOne 7, it’s a breeze determining when you may need to consider either adding or subtracting servers/virtual machines to handle the workload, to examine trends, and to ensure compliance.

Every good archive deserves its own discovery tool, and with SourceOne Discovery Manager 7, you’ll find just that, an easy to use, intuitive interface that allows for discovery of all email, SharePoint and File System content within the archive.

Source One User Interface

With Discovery Manager you can:

  • Collect archived data (even that “indexed in place” data) to be managed as part of a matter
  • Place into hold folders
  • Perform further review, culling, and tagging
  • Export to industry standard formant such as EDRM XML 1.0/1.2   and others

Data protection based on growth and recovery requirements are changing and “one size recovery fits all” is no longer a viable option – to address all the data protection challenges takes a holistic approach to managing this business critical information.  EMC solutions which include SourceOne 7 for archiving and eDiscovery, in conjunction with our best of breed backup and hardware platforms, make this happen. On that note, please make sure to read about the new Data Domain 5.3 capabilities for backup and archive, in their supporting blog, here.   To find more information on EMC SourceOne, please visit our EMC.COM SourceOne Family and Archiving websites.

Archiving: The Secret Sauce to IT Transformation (Part 2)

Lady Backup asserts that there is a key enabler in IT transformation that EMC hasn’t paid enough attention to: archiving.
To understand why, let’s look at the 3 key benefits of archiving:
Benefit 1: Archiving increases operational efficiency.
How old are the emails stored in your email system? How frequently are files older than a year accessed in your file servers? How many sites are sat untouched in SharePoint?
Archiving allows you to be smart in how you retain content by storing aged content outside of your production environment. First, this reduces the storage capacity required. But also a lean production environment improves backup and recovery, increases application performance, and eases application maintenance/upgrades.
Benefit 2: Archiving improves end user productivity.
Data growth is not just a challenge for the infrastructure – it is also a challenge for end users to find content.
Take this scenario: you are trying to find a Word document created a year ago. Was it sent to by email? Did you save it to your PC hard drive? Or did you store on a network drive? Or maybe it was uploaded into a SharePoint site? Where do you look first??
Your archive can be the first stop for users to do granular searches for content, saving time hunting around for the file or worse, recreating it because it can’t be found.
Benefit 3: Archiving consistently manages retention policies.
Retention management not only keeps your data volumes under control, but from a corporate governance perspective you can consistently enforce retention policies.
Archiving allows you to consistently and automatically execute policies that meet your company’s policies and/or your regulatory requirements.
Let’s face it – data volumes are challenging a “keep everything forever” mentality.
Next week, we’ll look at considerations for an archiving solution. LB

Archiving: The Secret Sauce to IT Transformation (Part 1)

Lady Backup is making her debut to EMC SourceOne Insider.  But don’t let my name fool you.

I have many years of archiving experience dating back to EmailXtender. Fortunately EMC had the wherewithal to invest in a next generation architecture that resulted in EMC SourceOne, whereas the rest of the competitors are still stuck on first generation.

And if my own experiences weren’t enough, I also married Mr. Archive last year. This union in fact sets the foundation for future discussions we’ll have about the intersection of backup and archiving.

Notice I said “intersection.”

I continue to champion that a backup is NOT an archive. But the underlying architecture that EMC is developing allows for the consolidation of both backup and archive, positioning us uniquely in the market.

But that’s a point for a future conversation.

Let’s talk about archiving.

Given my history, I think EMC so far has missed the opportunity to include archiving as a key enabler to the IT transformation discussion.

Don’t get me wrong – we need to transform our IT Infrastructure from a static, physical model to one that is dynamic, agile and infinitely scalable. But the question in my mind is whether you are transforming your infrastructure to store content that is outdated, no longer of value, or potentially damaging to your organization.

The way I see it, we need to transform information management as part of IT transformation. Archiving is an enabler to manage the volume of data that is collecting in your production environments – allowing you to systematically manage what you are storing, where and for how long.

You will find that my blogs are short and sweet. Next week I’ll give you my views on the three benefits of archiving. LB

Viva La Resolution!

Although I strictly avoid New Year’s Resolutions, January is often a good time to think about the year ahead.  Last year at this time I created a wish list hoping that we would all learn more about archiving, machine classification, social media and “the cloud”. 

While those topics remain very important this year, let’s start 2013 by focusing on an umbrella issue — “Information Governance”.  To me, very simply, Information Governance encompasses all of the things that we’ve focused on individually during the last several years in the information world — eDiscovery, archiving, retention policies, defensible deletion, security, records management, privacy, etc.  (Deb Logan of Gartner has a far more thoughtful definition). 

How do you “do” Information Governance?  That’s a very good question and I don’t know that anyone yet has a great answer.  The best thing that we can do, today, is to be better educated on the issues outside of our main focus area so that we can better understand the impact of our own initiatives.  For example, the legal department’s goal of making information more accessible and searchable for eDiscovery may impact privacy and even security concerns.  An IT goal to move email to the public cloud to save money may create compliance and eDiscovery nightmares.  And an initiative to delete “legacy” data could wreak havoc with records management policies.

For now, spend some time learning about what your colleagues are doing in their areas of expertise, across IT, legal, records, compliance, security, etc.  You may find that the big picture quickly becomes much clearer.  

P.S.  Hope to see you at the EMC booth at Legal Tech.  

 

Be Clear Before You Cloud!

Interest in cloud services remains extremely high, with IDC predicting a compound annual growth rate of almost 28%.   Yet “cloud” is a broad term, and when purchasing cloud services it is more important than ever to understand the details of an offering, particularly when considering email archiving.

Cloud archiving offers the opportunity for cost savings and a potential reduction in operational complexity.  But as with any offering, there are risks and downsides that are often ignored during the decision-making process:

–          If the system fails or is down, what are my rights?  In most cases, you will have an Service Level Agreement but the remedy if that SLA is not met is usually minimal.

–          If a regulator needs access to data or if I have an unexpected e-discovery requirement, how can I get the data that I need?  Some clouds will have tools but few companies determine in advance whether those tools are sufficient to meet their needs.

–          If the system is hacked or there is a security breach, what happens?  In most cases, any penalty for stolen or lost data remains with the company that owns the data, and the recourse against the provider is contractually limited.

–          If I find a better solution (or just don’t like this one next year), how can I move to another system?  Migrating your data from a cloud system is generally not an easy or inexpensive task.

For many, a managed service or private cloud may be the right answer.  In this model, the equipment and data center can still be owned by the customer, enabling it to maintain control and access whenever desired.  But with the day-to-day operation of the system managed by a skilled third party, at a set rate, operational costs and even complexity can be sharply reduced.

One size still cannot fit everyone.  So when looking at cloud solutions, make sure to understand all of your company’s requirements (have you talked with legal and compliance?) and get the answers before you decide.  It may save you a rainy day.

Activating Your Information Management Shield

We talk with companies every day about how they can be better at managing their enterprise information.  Good policies, with technology to enable and enforce them, can help insure that records and compliance information are retained for the right amount of time, while also enabling the deletion of stale and useless information which has outlived its retention period.  Good information management processes insure that protected information is stored in the right place, operational efficiencies are enhanced by focusing on useful information and the e-Discovery process is easier and more efficient.

Many organizations know that they should implement information management initiatives, but often have difficulty in providing concrete reasons to the business.  If your organization is looking for more reasons why good information management is valuable, two recent cases provide some great reasons:

  • If you have an information governance policy, it may help you to defeat a claim for sanctions even if data has been deleted; and
  • If you don’t have an information governance policy, and you delete data that was subject to compliance requirements, the lack of a policy can help to establish the bad faith necessary to award sanctions.

Diligence As A Shield

In Danny Lynn Electrical & Plumbing, LLC v. Veolia Es Solid Waste Southeast, Inc., 2012 U.S. Dist. LEXIS 62510 (M.D. Ala. May 4, 2012), the plaintiff requested sanctions for the defendants’ alleged failure to properly implement a litigation hold.  Specifically, the plaintiff claimed that defendants had deleted nine email accounts and kept in place an auto-delete function which removed email from the trash after 10 days.  They also alleged that the defendants improperly sent notifications to employees on legal hold that they should continue to delete email messages to comply with email account size limitations.

The court found it significant that the defendants had deployed an email archive to capture all of its email messages.  (Interestingly, the court did not discuss or make any findings about how the archive had been setup, configured or managed).  In addition, in finding that there was no bad faith (a requirement in the 11th Circuit), the court found it important that defendants “began using a software system that archives all emails”:

The court’s impression is that the defendants have expended great effort to insure that the plaintiffs receive information from both their live and archived email system by providing document review technology and allowing access to its database.  All of these factors added up to the court finding that no sanctions were warranted.

Lack of Diligence Can Be A Final Straw

The flip side to the protection offered by information management can be found in FDIC v. Malik, 2012 U.S. Dist. LEXIS 41178 (E.D.N.Y. Mar. 26, 2012) where the court also considered a spoliation motion for the deletion of emails.  The email messages related to a law firm’s prior representation of a mortgage company.

In determining whether bad faith was present to enable sanctions, the court noted that the subject email messages were required to have been preserved not initially for litigation hold, but under compliance requirements — professional responsibility and ethical rules.  The court found that retention under the compliance requirement was especially important to this case:

A regulation requiring retention of certain documents can establish the preservation obligation necessary for an adverse inference instruction where the party seeking the instruction is ‘a member of the general class of persons that the regulatory agency sought to protect in promulgating the rule.  The court held off on a final decision pending an evidentiary hearing.

Being Proactive With Information Management

We all know that litigation holds are difficult to implement and are almost never perfect.  Sometimes something bad actually does occur– a custodian is inadvertently omitted, a handful of emails are lost.  But more often, nothing bad happens at all.  Still, even in those cases it can be difficult (and time-consuming and expensive) to fight off the other side’s claim that something “must have been lost.”  A good information management policy, with tools and education to enable it, can go a long way towards showing good faith and protecting your organization from harm.