Your SlideShare is downloading. ×
  • Like
E discovery 2-cloud_v5
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

E discovery 2-cloud_v5

  • 272 views
Published

 

Published in Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
272
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
5
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • MS Exchange Online Connector (MEOC) Exchange 2007
  • BES 4.0 for 2007 BES 5.0 for 2010
  • BES v5.0.3 for Balancing

Transcript

  • 1. e-Discovery 2.0: In the Cloud Wednesday, November 16, 2011 9:45 AM - 10:45 AMSteven C. Markey, MSIS, PMP, CISSP, CIPP, CISM, CISA, STS-EV, CCSK Founder/Principal, nControl, LLC; Adjunct Professor; President, Cloud Security Alliance – Delaware Valley Chapter (CSA-DelVal)
  • 2. • Presentation Overview – Technology • Case Study 1: IN the Cloud • Case Study 2: FROM the Cloud • e-Discovery Cloud Benefits • e-Discovery Cloud Concerns • e-Discovery Cloud Solutions – Process • Electronic Discovery Reference Model (EDRM) • Information Governance Reference Model (IGRM)
  • 3. • Technology
  • 4. • Case Study 1: IN the Cloud – Background – Drivers – Technologies – Limitations – Risks – Lessons Learned
  • 5. • Case Study 1: IN the Cloud (Continued) – Background • A Fortune 1000 Financial Services Firm – Investment Management (PA) – Life Insurance (CT) – Annuities (IN) • Legacy Project: 2005/2006 • In-House, Mature IT Team – Drivers • Efficiency/GUI Availability • Compliance • Cost
  • 6. • Case Study 1: IN the Cloud (Continued) – Technologies • Email: In-House Exchange/IXOS – Recently Transitioned from GroupWise in CT • Discovery: Zantaz (SaaS) – Limitations • De-Centralized Back Office (IT, Compliance, HR) – No Formal Records & Info Mgmt (RIM) Function/Role • Lack of Enterprise Project Mgmt Office (PMO) • Lack of Discovery Specialists
  • 7. • Case Study 1: IN the Cloud (Continued) – Risks • Data Loss – Tape Conversion – Large Result-Set Delivery » CD-ROMs via Snail Mail » Hourly Vendor Processing Fee • Vendor Management: Contractual/SLA Omissions • Search/Result-Set False Positives/Negatives • BCP/DR: Datacom • Poor Usability • Scope Creep
  • 8. • Case Study 1: IN the Cloud (Continued) – Lessons Learned • Schedule/Effort Underestimated – Uploading Email on Tape to Zantaz » Transitioned Legacy GroupWise Data to Exchange • Not Enough On-Site Training – Compliance, HR Not Technical • Discovery Support Resource Limitations – Budget Was Not There • Testing Plans – Incident Response – BCP/DR
  • 9. • Case Study 2: FROM the Cloud – Background – Drivers – Technologies – Limitations – Risks – Lessons Learned – Next Steps
  • 10. • Case Study 2: FROM the Cloud (Continued) – Background • Financial Services SMB – Capital Management (PA) • Recent Project: 2010 • IT: Managed Service Provider/Operations, Director – Drivers • Cost • Compliance – Technologies • Email: Exchange Server ‘07/Online/BPOS/Office 365 • Discovery: Symantec Enterprise Vault (EV) v8.0/v9.0
  • 11. • Case Study 2: FROM the Cloud (Continued) – Limitations • Budget • Skill-Sets • Resources – Risks • Software/System Interoperability • Vendor Management: Contractual/SLA Omissions • BCP/DR: Datacom • Legacy Email Availability • Scope Creep
  • 12. • Case Study 2: FROM the Cloud (Continued) – Lessons Learned • Limited Cost Savings – On-Site Exchange Box for Journaling – Upgrade to EV v9.0 to Support Exchange 2010 • Exchange Journaling From the Cloud, Complicated • Leverage Interim Solution for BlackBerry Services – Shutdown BlackBerry Enterprise Server (BES) – Leverage AstraSync (Exchange ActiveSync)
  • 13. • Case Study 2: FROM the Cloud (Continued) – Next Steps • Upgrade to EV v10.0 – Incorporate Social Media • Test BCP/DR e-Discovery Functionality • BlackBerry Office 365/BES Express – Looking at BES Balance (“Data Boxing”) • Reviewing Cloud e-Discovery SaaS Solutions – Symantec Enterprise Vault.cloud – Microsoft EOA/EHA
  • 14. • e-Discovery Cloud Benefits – Generic (Across SPI Stack) – SaaS Specific – PaaS Specific – IaaS Specific
  • 15. • e-Discovery Cloud Benefits (Continued) – Generic (Across SPI Stack) • Cost – More Quantifiable Return on Investment (ROI)….? – Total Cost of Ownership (TCO) Savings » Operating Expense versus Capital Expense » Variable Expense versus Fixed Expense • Core Competency Focus – Vendor Has Skill-Set » Configuration Management » Tie-In 3rd Party Products – Legal/Litigation Support – Cross-Platform Support
  • 16. • e-Discovery Cloud Benefits (Continued) – Generic (Across SPI Stack) • Core Competency Focus – Processing » Retention » Disposition – Compliance Best Practices – System Criticality » Vendor/Provider Configuration Management » BCP/DR • Supports Distributed Enterprises – Distributed Parties (Internal/External Counsel, Plaintiffs) – Satisfy Different Jurisdictional Requirements » e.g. AWS Zones
  • 17. • e-Discovery Cloud Benefits (Continued) – SaaS Specific • “Turn-Key” – PaaS/IaaS Specific • Flexibility – Tie-In Best Practices » EDRM » IGRM » Generally Accepted Privacy Principles, GAPP » Generally Accepted Recordkeeping Principles, GARP • Control – Configuration Management
  • 18. • e-Discovery Cloud Concerns – Generic (Across SPI Stack) – SaaS Specific – PaaS/IaaS Specific
  • 19. • e-Discovery Cloud Concerns (Continued) – Generic (Across SPI Stack) • Cost – Data Transfer – Storage – Third Party Connectors/Extra License for Journaling • Loss of Additional Functionality/Scalability/Features – PST Collectors – Additional Archival Artifacts/System Integration » File Share(s) » Content Management System (CMS: SharePoint, Quickr) » Mobile/PC Social Media » Mobile/PC Instant Messaging (IM) » Mobile/VoIP PBX: Phone Calls, Voicemail (VM), SMS/Texts
  • 20. • e-Discovery Cloud Concerns (Continued) – Generic (Across SPI Stack) • Vendor Management – Viability/Long Term Market Prospects – Portability/Interoperability (“Lock-In”) – Vendor’s Vendors • BCP/DR • IAM – Federated Identities for Services/Users? » SAML » OAuth » OpenID » WS-Trust
  • 21. • e-Discovery Cloud Concerns (Continued) – Generic (Across SPI Stack) • Privacy/Compliance Jurisdiction • Usability (GUI) • RIM – Conversion Effort/Project/Task » Platforms: GroupWise/Lotus/Squirrel Mail/Exchange » Hard-Copy Files: Optical Character Recognition (OCR) • Compatibility – May Force Upgrade • Incident Response – Vendor’s CompSec Incident Response Team (CSIRT) » Criminal Investigations
  • 22. • e-Discovery Cloud Concerns (Continued)
  • 23. • e-Discovery Cloud Concerns (Continued) – SaaS Specific • AppSec • RIM – Classification – Retention – PaaS/IaaS Specific • Skill-Set • Control – Multi-Tenancy • Cost Effectiveness – Volume/Block-Level Storage
  • 24. • e-Discovery Cloud Concerns (Continued) – PaaS/IaaS Specific • Justification – Deal With Software Vendor & Cloud Service Provider • Third-Party Products – Long-Term Strategy/Viability
  • 25. • e-Discovery Cloud Solutions – SaaS – PaaS – IaaS
  • 26. • e-Discovery Cloud Solutions – SaaS • Social Media-Centric – Arkovi – Archive-It – LiveOffice SocialArchive • Comprehensive – Zantaz – Proofpoint Enterprise Archive – Microsoft EOA – Symantec Enterprise Vault.cloud – EMC SourceOne – VARs/Resellers – Google Message Discovery (GMD)
  • 27. • e-Discovery Cloud Solutions – SaaS (Continued) • Comprehensive – Sonian – Smarsh
  • 28. • e-Discovery Cloud Solutions – PaaS • Various Platform Vendors – Build e-Discovery Modules Leveraging Existing Platform » Not Much of a Market/Business Model » Re-Create the Wheel – IaaS • Various Cloud Vendors – Build e-Discovery Solution on IaaS Instance » Leverage Existing Licensing » Analogous to Hosting
  • 29. • Processes – EDRM – IGRM
  • 30. • Questions?• Contact – Email: smarkey@ncontrol-llc.com – Twitter: markes1 – LI: http://www.linkedin.com/in/smarkey – CSA-DelVal: http://www.csadelval.org/