• Join our Communities!

  • Twitter Updates

    Error: Please make sure the Twitter account is public.

  • Disclaimer:

    The information in this weblog is provided "AS IS" with no warranties, and confers no rights. The opinions and interests expressed on this employee blog are the employees' own and don't necessarily represent EMC's positions, strategies or views. Inappropriate comments will be deleted at the authors discretion.

eDiscovery and Sharepoint

I am consistently surprised that the eDiscovery of Microsoft Sharepoint repositories does not strike more fear into organizations.  Sharepoint is complex, contains different types of documents/objects, can have rich metadata and is a key repository for business content.  Yet most organizations that we talk with state that they are not concerned with their ability to handle eDiscovery work on Sharepoint sites.

There are several potential reasons for this hands-off attitude:

– There are no significant reported cases where a party was sanctioned for failing to properly preserve or collect content from Sharepoint.  I did some of my own research in a few eDiscovery caselaw databases, and none of my searches located the word “sharepoint” in connection with a sanctions motion;

– Few litigants seem to be asking for Sharepoint content during discovery.  (Of course this is not a valid reason for organizations to ignore it.  The duty to preserve and produce ESI is not tied to whether the other party asks for the content.  But in reality, if both sides bury their heads in the Sharepoint sand, then no one knows whether relevant content is being ignored).

– Most organizations lack the tools and capabilities to discover from Sharepoint, at least beyond basic Office documents that might be stored in a site.  Whether Legal is aware that IT is not undertaking discovery of Sharepoint sites is a good question to ask.

What makes Sharepoint more complex than a fileshare, at least in eDiscovery?  Many different types of content can be stored in a site:  documents, email messages, OneNote files, webpages, community posts, microblogs, Lync IMs, and more.  Not all of this content is readily accessible, so eDiscovery teams may have difficulty in locating relevant content.  Even when found, the preservation and collection of that content can be difficult.

Metadata in eDiscovery is often a misunderstood issue, and Sharepoint has a lot of metadata.  For example, each user can define a set of metadata tags for use with documents.  This information is arguably not relevant in many cases, but it may be useful or important in locating relevant documents.  And since one cannot rule out relevancy before a case even begins, organizations need a plan to capture this information when necessary.

A more advanced but still important concern is with authentication and admissibility of the Sharepoint content.  The creator of a document can often be difficult to determine, even on a fileshare where the “owner” of that document may be clear (based on the directory structure).  In Sharepoint, the situation can be far murkier due to its collaboration capabilities.  For example, multiple parties may have contributed to a document but the identified owner and creator may not be part of that group.  (For some great background on these issues, download The Sedona Conference Commentary On ESI Evidence & Admissibility).

What can you do?

– Legal and IT should get together to discuss the organization’s Sharepoint deployment and determine whether it is (or should be) on the Data Map; and if so, how content can best be located, preserved and collected when necessary.  Microsoft has added some eDiscovery capabilities to Sharepoint 2013 but whether those features are sufficient, and how to handle prior versions of Sharepoint, remain a concern;

– The organization should consider (now!) policies relating to the retention of Sharepoint content.  This is a great step to take before the situation becomes too difficult to handle because Sharepoint adoption tends to grow very rapidly.

Archiving: The Secret Sauce to IT Transformation (Part 1)

Lady Backup is making her debut to EMC SourceOne Insider.  But don’t let my name fool you.

I have many years of archiving experience dating back to EmailXtender. Fortunately EMC had the wherewithal to invest in a next generation architecture that resulted in EMC SourceOne, whereas the rest of the competitors are still stuck on first generation.

And if my own experiences weren’t enough, I also married Mr. Archive last year. This union in fact sets the foundation for future discussions we’ll have about the intersection of backup and archiving.

Notice I said “intersection.”

I continue to champion that a backup is NOT an archive. But the underlying architecture that EMC is developing allows for the consolidation of both backup and archive, positioning us uniquely in the market.

But that’s a point for a future conversation.

Let’s talk about archiving.

Given my history, I think EMC so far has missed the opportunity to include archiving as a key enabler to the IT transformation discussion.

Don’t get me wrong – we need to transform our IT Infrastructure from a static, physical model to one that is dynamic, agile and infinitely scalable. But the question in my mind is whether you are transforming your infrastructure to store content that is outdated, no longer of value, or potentially damaging to your organization.

The way I see it, we need to transform information management as part of IT transformation. Archiving is an enabler to manage the volume of data that is collecting in your production environments – allowing you to systematically manage what you are storing, where and for how long.

You will find that my blogs are short and sweet. Next week I’ll give you my views on the three benefits of archiving. LB

Viva La Resolution!

Although I strictly avoid New Year’s Resolutions, January is often a good time to think about the year ahead.  Last year at this time I created a wish list hoping that we would all learn more about archiving, machine classification, social media and “the cloud”. 

While those topics remain very important this year, let’s start 2013 by focusing on an umbrella issue — “Information Governance”.  To me, very simply, Information Governance encompasses all of the things that we’ve focused on individually during the last several years in the information world — eDiscovery, archiving, retention policies, defensible deletion, security, records management, privacy, etc.  (Deb Logan of Gartner has a far more thoughtful definition). 

How do you “do” Information Governance?  That’s a very good question and I don’t know that anyone yet has a great answer.  The best thing that we can do, today, is to be better educated on the issues outside of our main focus area so that we can better understand the impact of our own initiatives.  For example, the legal department’s goal of making information more accessible and searchable for eDiscovery may impact privacy and even security concerns.  An IT goal to move email to the public cloud to save money may create compliance and eDiscovery nightmares.  And an initiative to delete “legacy” data could wreak havoc with records management policies.

For now, spend some time learning about what your colleagues are doing in their areas of expertise, across IT, legal, records, compliance, security, etc.  You may find that the big picture quickly becomes much clearer.  

P.S.  Hope to see you at the EMC booth at Legal Tech.  

 

Be Clear Before You Cloud!

Interest in cloud services remains extremely high, with IDC predicting a compound annual growth rate of almost 28%.   Yet “cloud” is a broad term, and when purchasing cloud services it is more important than ever to understand the details of an offering, particularly when considering email archiving.

Cloud archiving offers the opportunity for cost savings and a potential reduction in operational complexity.  But as with any offering, there are risks and downsides that are often ignored during the decision-making process:

–          If the system fails or is down, what are my rights?  In most cases, you will have an Service Level Agreement but the remedy if that SLA is not met is usually minimal.

–          If a regulator needs access to data or if I have an unexpected e-discovery requirement, how can I get the data that I need?  Some clouds will have tools but few companies determine in advance whether those tools are sufficient to meet their needs.

–          If the system is hacked or there is a security breach, what happens?  In most cases, any penalty for stolen or lost data remains with the company that owns the data, and the recourse against the provider is contractually limited.

–          If I find a better solution (or just don’t like this one next year), how can I move to another system?  Migrating your data from a cloud system is generally not an easy or inexpensive task.

For many, a managed service or private cloud may be the right answer.  In this model, the equipment and data center can still be owned by the customer, enabling it to maintain control and access whenever desired.  But with the day-to-day operation of the system managed by a skilled third party, at a set rate, operational costs and even complexity can be sharply reduced.

One size still cannot fit everyone.  So when looking at cloud solutions, make sure to understand all of your company’s requirements (have you talked with legal and compliance?) and get the answers before you decide.  It may save you a rainy day.

Information Governance Meets Info360 – The Report from Washington DC

The Information Governance team is just returning from Washington DC where we were in attendance at Info360.  We met with a lot of people and had some really good conversations and we thought we’d share some of our findings with you.

1.       Information management is driving many governance and compliance projects. Whether we spoke to IT managers, Records managers, or Legal experts, information management is a big concern.  Customers are really trying to scope out what tools are available to augment their existing information infrastructure as well as new ways to use the existing tools they have.  At any rate, they’re trying to cope with the information deluge in smart, efficient ways.

2.       eDiscovery is still a hot topic – but companies are moving beyond the basics.  Now they want to expand the use of eDiscovery tools beyond legal inquiries to a broader range of investigative matters including internal investigations, audits, and even basic discovery on what’s actually in the organization for IT and Compliance purposes.

3.       Records Managers are continuing to stretch the boundaries of their jobs and Continue reading

Guest Blog: Information Governance is in IT’s Best Interest

Guest Blogger: Brian Babineau Brian Babineau - Senior Consulting Analyst, ESG

We are excited to introduce this week’s Guest Blogger, Brian Babineau, Senior Consulting Analyst at Enterprise Strategy Group.

I recently authored an ESG Research Brief “E-mail Archiving Supports IT’s Role in Electronic Discovery” where I highlighted the need for IT to invest in information management solutions that do more than just solve a “system administration” problem.  My thesis is straightforward – IT staff’s responsibilities now extend well beyond running systems.  They are now mired in business process, compliance, and litigation support procedures.  Consider that 67% of respondents in a recent ESG study said that IT was primary party responsible for collecting e-mails in response to an electronic discovery inquiry even though such an activity is part of a legal workflow.

The expansion of IT responsibilities into things like electronic discovery dictates the need for IT to change their strategies when looking for and evaluating information management solutions.  As I point out in the Research Brief, IT frequently takes a shortsighted tactical approach to information management without considering the long term consequences even if the repercussions make their jobs worse.  The most obvious example is using e-mail quotas – a tactic deployed to control storage costs.  While quotas do reduce the amount of storage a company needs to support an e-mail application, they decrease employee productivity (employees can spend hours every week deleting / moving / archiving messages to avoid triggering a quota) and make electronic discovery a nightmare as personal archive folders have to be tracked down across PCs, file shares and backup tapes.

According to 80% of organizations still use quotas, but many have figured out how to govern this process via purpose-built e-mail archive solutions.  When a quota is reached, messages are automatically moved into the purpose-built archive solution repository where they are still accessible to employees as well as compliance officers, records managers, and other authorized constituents.  This way when a discovery request arrives, IT only has to collect e-mails from the primary message application and the archive.  A purpose-built e-mail archive solution simplifies electronic discovery processes while reducing storage costs and automating other e-mail management tasks.

A purpose-built archive offering is just one example of an information management solution that delivers more than tradition system administration benefits.  There are many more out there – it just takes an IT department to more strategically think about governing information over the long term to find them.