Your SlideShare is downloading. ×
E discovery 2-cloud_v5
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

E discovery 2-cloud_v5

278
views

Published on

Published in: Technology, Business

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
278
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • MS Exchange Online Connector (MEOC) Exchange 2007
  • BES 4.0 for 2007 BES 5.0 for 2010
  • BES v5.0.3 for Balancing
  • Transcript

    • 1. e-Discovery 2.0: In the Cloud Wednesday, November 16, 2011 9:45 AM - 10:45 AMSteven C. Markey, MSIS, PMP, CISSP, CIPP, CISM, CISA, STS-EV, CCSK Founder/Principal, nControl, LLC; Adjunct Professor; President, Cloud Security Alliance – Delaware Valley Chapter (CSA-DelVal)
    • 2. • Presentation Overview – Technology • Case Study 1: IN the Cloud • Case Study 2: FROM the Cloud • e-Discovery Cloud Benefits • e-Discovery Cloud Concerns • e-Discovery Cloud Solutions – Process • Electronic Discovery Reference Model (EDRM) • Information Governance Reference Model (IGRM)
    • 3. • Technology
    • 4. • Case Study 1: IN the Cloud – Background – Drivers – Technologies – Limitations – Risks – Lessons Learned
    • 5. • Case Study 1: IN the Cloud (Continued) – Background • A Fortune 1000 Financial Services Firm – Investment Management (PA) – Life Insurance (CT) – Annuities (IN) • Legacy Project: 2005/2006 • In-House, Mature IT Team – Drivers • Efficiency/GUI Availability • Compliance • Cost
    • 6. • Case Study 1: IN the Cloud (Continued) – Technologies • Email: In-House Exchange/IXOS – Recently Transitioned from GroupWise in CT • Discovery: Zantaz (SaaS) – Limitations • De-Centralized Back Office (IT, Compliance, HR) – No Formal Records & Info Mgmt (RIM) Function/Role • Lack of Enterprise Project Mgmt Office (PMO) • Lack of Discovery Specialists
    • 7. • Case Study 1: IN the Cloud (Continued) – Risks • Data Loss – Tape Conversion – Large Result-Set Delivery » CD-ROMs via Snail Mail » Hourly Vendor Processing Fee • Vendor Management: Contractual/SLA Omissions • Search/Result-Set False Positives/Negatives • BCP/DR: Datacom • Poor Usability • Scope Creep
    • 8. • Case Study 1: IN the Cloud (Continued) – Lessons Learned • Schedule/Effort Underestimated – Uploading Email on Tape to Zantaz » Transitioned Legacy GroupWise Data to Exchange • Not Enough On-Site Training – Compliance, HR Not Technical • Discovery Support Resource Limitations – Budget Was Not There • Testing Plans – Incident Response – BCP/DR
    • 9. • Case Study 2: FROM the Cloud – Background – Drivers – Technologies – Limitations – Risks – Lessons Learned – Next Steps
    • 10. • Case Study 2: FROM the Cloud (Continued) – Background • Financial Services SMB – Capital Management (PA) • Recent Project: 2010 • IT: Managed Service Provider/Operations, Director – Drivers • Cost • Compliance – Technologies • Email: Exchange Server ‘07/Online/BPOS/Office 365 • Discovery: Symantec Enterprise Vault (EV) v8.0/v9.0
    • 11. • Case Study 2: FROM the Cloud (Continued) – Limitations • Budget • Skill-Sets • Resources – Risks • Software/System Interoperability • Vendor Management: Contractual/SLA Omissions • BCP/DR: Datacom • Legacy Email Availability • Scope Creep
    • 12. • Case Study 2: FROM the Cloud (Continued) – Lessons Learned • Limited Cost Savings – On-Site Exchange Box for Journaling – Upgrade to EV v9.0 to Support Exchange 2010 • Exchange Journaling From the Cloud, Complicated • Leverage Interim Solution for BlackBerry Services – Shutdown BlackBerry Enterprise Server (BES) – Leverage AstraSync (Exchange ActiveSync)
    • 13. • Case Study 2: FROM the Cloud (Continued) – Next Steps • Upgrade to EV v10.0 – Incorporate Social Media • Test BCP/DR e-Discovery Functionality • BlackBerry Office 365/BES Express – Looking at BES Balance (“Data Boxing”) • Reviewing Cloud e-Discovery SaaS Solutions – Symantec Enterprise Vault.cloud – Microsoft EOA/EHA
    • 14. • e-Discovery Cloud Benefits – Generic (Across SPI Stack) – SaaS Specific – PaaS Specific – IaaS Specific
    • 15. • e-Discovery Cloud Benefits (Continued) – Generic (Across SPI Stack) • Cost – More Quantifiable Return on Investment (ROI)….? – Total Cost of Ownership (TCO) Savings » Operating Expense versus Capital Expense » Variable Expense versus Fixed Expense • Core Competency Focus – Vendor Has Skill-Set » Configuration Management » Tie-In 3rd Party Products – Legal/Litigation Support – Cross-Platform Support
    • 16. • e-Discovery Cloud Benefits (Continued) – Generic (Across SPI Stack) • Core Competency Focus – Processing » Retention » Disposition – Compliance Best Practices – System Criticality » Vendor/Provider Configuration Management » BCP/DR • Supports Distributed Enterprises – Distributed Parties (Internal/External Counsel, Plaintiffs) – Satisfy Different Jurisdictional Requirements » e.g. AWS Zones
    • 17. • e-Discovery Cloud Benefits (Continued) – SaaS Specific • “Turn-Key” – PaaS/IaaS Specific • Flexibility – Tie-In Best Practices » EDRM » IGRM » Generally Accepted Privacy Principles, GAPP » Generally Accepted Recordkeeping Principles, GARP • Control – Configuration Management
    • 18. • e-Discovery Cloud Concerns – Generic (Across SPI Stack) – SaaS Specific – PaaS/IaaS Specific
    • 19. • e-Discovery Cloud Concerns (Continued) – Generic (Across SPI Stack) • Cost – Data Transfer – Storage – Third Party Connectors/Extra License for Journaling • Loss of Additional Functionality/Scalability/Features – PST Collectors – Additional Archival Artifacts/System Integration » File Share(s) » Content Management System (CMS: SharePoint, Quickr) » Mobile/PC Social Media » Mobile/PC Instant Messaging (IM) » Mobile/VoIP PBX: Phone Calls, Voicemail (VM), SMS/Texts
    • 20. • e-Discovery Cloud Concerns (Continued) – Generic (Across SPI Stack) • Vendor Management – Viability/Long Term Market Prospects – Portability/Interoperability (“Lock-In”) – Vendor’s Vendors • BCP/DR • IAM – Federated Identities for Services/Users? » SAML » OAuth » OpenID » WS-Trust
    • 21. • e-Discovery Cloud Concerns (Continued) – Generic (Across SPI Stack) • Privacy/Compliance Jurisdiction • Usability (GUI) • RIM – Conversion Effort/Project/Task » Platforms: GroupWise/Lotus/Squirrel Mail/Exchange » Hard-Copy Files: Optical Character Recognition (OCR) • Compatibility – May Force Upgrade • Incident Response – Vendor’s CompSec Incident Response Team (CSIRT) » Criminal Investigations
    • 22. • e-Discovery Cloud Concerns (Continued)
    • 23. • e-Discovery Cloud Concerns (Continued) – SaaS Specific • AppSec • RIM – Classification – Retention – PaaS/IaaS Specific • Skill-Set • Control – Multi-Tenancy • Cost Effectiveness – Volume/Block-Level Storage
    • 24. • e-Discovery Cloud Concerns (Continued) – PaaS/IaaS Specific • Justification – Deal With Software Vendor & Cloud Service Provider • Third-Party Products – Long-Term Strategy/Viability
    • 25. • e-Discovery Cloud Solutions – SaaS – PaaS – IaaS
    • 26. • e-Discovery Cloud Solutions – SaaS • Social Media-Centric – Arkovi – Archive-It – LiveOffice SocialArchive • Comprehensive – Zantaz – Proofpoint Enterprise Archive – Microsoft EOA – Symantec Enterprise Vault.cloud – EMC SourceOne – VARs/Resellers – Google Message Discovery (GMD)
    • 27. • e-Discovery Cloud Solutions – SaaS (Continued) • Comprehensive – Sonian – Smarsh
    • 28. • e-Discovery Cloud Solutions – PaaS • Various Platform Vendors – Build e-Discovery Modules Leveraging Existing Platform » Not Much of a Market/Business Model » Re-Create the Wheel – IaaS • Various Cloud Vendors – Build e-Discovery Solution on IaaS Instance » Leverage Existing Licensing » Analogous to Hosting
    • 29. • Processes – EDRM – IGRM
    • 30. • Questions?• Contact – Email: smarkey@ncontrol-llc.com – Twitter: markes1 – LI: http://www.linkedin.com/in/smarkey – CSA-DelVal: http://www.csadelval.org/