e-Discovery 2.0: In the Cloud      Wednesday, November 16, 2011          9:45 AM - 10:45 AMSteven C. Markey, MSIS, PMP, CI...
• Presentation Overview  – Technology     •   Case Study 1: IN the Cloud     •   Case Study 2: FROM the Cloud     •   e-Di...
• Technology
• Case Study 1: IN the Cloud  – Background  – Drivers  – Technologies  – Limitations  – Risks  – Lessons Learned
• Case Study 1: IN the Cloud (Continued)  – Background     • A Fortune 1000 Financial Services Firm        – Investment Ma...
• Case Study 1: IN the Cloud (Continued)  – Technologies     • Email: In-House Exchange/IXOS        – Recently Transitione...
• Case Study 1: IN the Cloud (Continued)  – Risks     • Data Loss          – Tape Conversion          – Large Result-Set D...
• Case Study 1: IN the Cloud (Continued)  – Lessons Learned     • Schedule/Effort Underestimated        – Uploading Email ...
• Case Study 2: FROM the Cloud  – Background  – Drivers  – Technologies  – Limitations  – Risks  – Lessons Learned  – Next...
• Case Study 2: FROM the Cloud (Continued)  – Background     • Financial Services SMB        – Capital Management (PA)    ...
• Case Study 2: FROM the Cloud (Continued)  – Limitations     • Budget     • Skill-Sets     • Resources  – Risks     •   S...
• Case Study 2: FROM the Cloud (Continued)  – Lessons Learned     • Limited Cost Savings        – On-Site Exchange Box for...
• Case Study 2: FROM the Cloud (Continued)  – Next Steps     • Upgrade to EV v10.0        – Incorporate Social Media     •...
• e-Discovery Cloud Benefits  – Generic (Across SPI Stack)  – SaaS Specific  – PaaS Specific  – IaaS Specific
• e-Discovery Cloud Benefits (Continued)  – Generic (Across SPI Stack)     • Cost        – More Quantifiable Return on Inv...
• e-Discovery Cloud Benefits (Continued)  – Generic (Across SPI Stack)     • Core Competency Focus        – Processing    ...
• e-Discovery Cloud Benefits (Continued)  – SaaS Specific     • “Turn-Key”  – PaaS/IaaS Specific     • Flexibility        ...
• e-Discovery Cloud Concerns  – Generic (Across SPI Stack)  – SaaS Specific  – PaaS/IaaS Specific
• e-Discovery Cloud Concerns (Continued)  – Generic (Across SPI Stack)     • Cost        – Data Transfer        – Storage ...
• e-Discovery Cloud Concerns (Continued)  – Generic (Across SPI Stack)     • Vendor Management        – Viability/Long Ter...
• e-Discovery Cloud Concerns (Continued)  – Generic (Across SPI Stack)     • Privacy/Compliance Jurisdiction     • Usabili...
• e-Discovery Cloud Concerns (Continued)
• e-Discovery Cloud Concerns (Continued)  – SaaS Specific     • AppSec     • RIM         – Classification         – Retent...
• e-Discovery Cloud Concerns (Continued)  – PaaS/IaaS Specific     • Justification         – Deal With Software Vendor & C...
• e-Discovery Cloud Solutions  – SaaS  – PaaS  – IaaS
• e-Discovery Cloud Solutions  – SaaS     • Social Media-Centric        – Arkovi        – Archive-It        – LiveOffice S...
• e-Discovery Cloud Solutions  – SaaS (Continued)     • Comprehensive        – Sonian        – Smarsh
• e-Discovery Cloud Solutions  – PaaS     • Various Platform Vendors           – Build e-Discovery Modules Leveraging Exis...
• Processes  – EDRM  – IGRM
• Questions?• Contact  –   Email: smarkey@ncontrol-llc.com  –   Twitter: markes1  –   LI: http://www.linkedin.com/in/smark...
E discovery 2-cloud_v5
E discovery 2-cloud_v5
E discovery 2-cloud_v5
Upcoming SlideShare
Loading in …5
×

E discovery 2-cloud_v5

385 views
352 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
385
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • MS Exchange Online Connector (MEOC) Exchange 2007
  • BES 4.0 for 2007 BES 5.0 for 2010
  • BES v5.0.3 for Balancing
  • E discovery 2-cloud_v5

    1. 1. e-Discovery 2.0: In the Cloud Wednesday, November 16, 2011 9:45 AM - 10:45 AMSteven C. Markey, MSIS, PMP, CISSP, CIPP, CISM, CISA, STS-EV, CCSK Founder/Principal, nControl, LLC; Adjunct Professor; President, Cloud Security Alliance – Delaware Valley Chapter (CSA-DelVal)
    2. 2. • Presentation Overview – Technology • Case Study 1: IN the Cloud • Case Study 2: FROM the Cloud • e-Discovery Cloud Benefits • e-Discovery Cloud Concerns • e-Discovery Cloud Solutions – Process • Electronic Discovery Reference Model (EDRM) • Information Governance Reference Model (IGRM)
    3. 3. • Technology
    4. 4. • Case Study 1: IN the Cloud – Background – Drivers – Technologies – Limitations – Risks – Lessons Learned
    5. 5. • Case Study 1: IN the Cloud (Continued) – Background • A Fortune 1000 Financial Services Firm – Investment Management (PA) – Life Insurance (CT) – Annuities (IN) • Legacy Project: 2005/2006 • In-House, Mature IT Team – Drivers • Efficiency/GUI Availability • Compliance • Cost
    6. 6. • Case Study 1: IN the Cloud (Continued) – Technologies • Email: In-House Exchange/IXOS – Recently Transitioned from GroupWise in CT • Discovery: Zantaz (SaaS) – Limitations • De-Centralized Back Office (IT, Compliance, HR) – No Formal Records & Info Mgmt (RIM) Function/Role • Lack of Enterprise Project Mgmt Office (PMO) • Lack of Discovery Specialists
    7. 7. • Case Study 1: IN the Cloud (Continued) – Risks • Data Loss – Tape Conversion – Large Result-Set Delivery » CD-ROMs via Snail Mail » Hourly Vendor Processing Fee • Vendor Management: Contractual/SLA Omissions • Search/Result-Set False Positives/Negatives • BCP/DR: Datacom • Poor Usability • Scope Creep
    8. 8. • Case Study 1: IN the Cloud (Continued) – Lessons Learned • Schedule/Effort Underestimated – Uploading Email on Tape to Zantaz » Transitioned Legacy GroupWise Data to Exchange • Not Enough On-Site Training – Compliance, HR Not Technical • Discovery Support Resource Limitations – Budget Was Not There • Testing Plans – Incident Response – BCP/DR
    9. 9. • Case Study 2: FROM the Cloud – Background – Drivers – Technologies – Limitations – Risks – Lessons Learned – Next Steps
    10. 10. • Case Study 2: FROM the Cloud (Continued) – Background • Financial Services SMB – Capital Management (PA) • Recent Project: 2010 • IT: Managed Service Provider/Operations, Director – Drivers • Cost • Compliance – Technologies • Email: Exchange Server ‘07/Online/BPOS/Office 365 • Discovery: Symantec Enterprise Vault (EV) v8.0/v9.0
    11. 11. • Case Study 2: FROM the Cloud (Continued) – Limitations • Budget • Skill-Sets • Resources – Risks • Software/System Interoperability • Vendor Management: Contractual/SLA Omissions • BCP/DR: Datacom • Legacy Email Availability • Scope Creep
    12. 12. • Case Study 2: FROM the Cloud (Continued) – Lessons Learned • Limited Cost Savings – On-Site Exchange Box for Journaling – Upgrade to EV v9.0 to Support Exchange 2010 • Exchange Journaling From the Cloud, Complicated • Leverage Interim Solution for BlackBerry Services – Shutdown BlackBerry Enterprise Server (BES) – Leverage AstraSync (Exchange ActiveSync)
    13. 13. • Case Study 2: FROM the Cloud (Continued) – Next Steps • Upgrade to EV v10.0 – Incorporate Social Media • Test BCP/DR e-Discovery Functionality • BlackBerry Office 365/BES Express – Looking at BES Balance (“Data Boxing”) • Reviewing Cloud e-Discovery SaaS Solutions – Symantec Enterprise Vault.cloud – Microsoft EOA/EHA
    14. 14. • e-Discovery Cloud Benefits – Generic (Across SPI Stack) – SaaS Specific – PaaS Specific – IaaS Specific
    15. 15. • e-Discovery Cloud Benefits (Continued) – Generic (Across SPI Stack) • Cost – More Quantifiable Return on Investment (ROI)….? – Total Cost of Ownership (TCO) Savings » Operating Expense versus Capital Expense » Variable Expense versus Fixed Expense • Core Competency Focus – Vendor Has Skill-Set » Configuration Management » Tie-In 3rd Party Products – Legal/Litigation Support – Cross-Platform Support
    16. 16. • e-Discovery Cloud Benefits (Continued) – Generic (Across SPI Stack) • Core Competency Focus – Processing » Retention » Disposition – Compliance Best Practices – System Criticality » Vendor/Provider Configuration Management » BCP/DR • Supports Distributed Enterprises – Distributed Parties (Internal/External Counsel, Plaintiffs) – Satisfy Different Jurisdictional Requirements » e.g. AWS Zones
    17. 17. • e-Discovery Cloud Benefits (Continued) – SaaS Specific • “Turn-Key” – PaaS/IaaS Specific • Flexibility – Tie-In Best Practices » EDRM » IGRM » Generally Accepted Privacy Principles, GAPP » Generally Accepted Recordkeeping Principles, GARP • Control – Configuration Management
    18. 18. • e-Discovery Cloud Concerns – Generic (Across SPI Stack) – SaaS Specific – PaaS/IaaS Specific
    19. 19. • e-Discovery Cloud Concerns (Continued) – Generic (Across SPI Stack) • Cost – Data Transfer – Storage – Third Party Connectors/Extra License for Journaling • Loss of Additional Functionality/Scalability/Features – PST Collectors – Additional Archival Artifacts/System Integration » File Share(s) » Content Management System (CMS: SharePoint, Quickr) » Mobile/PC Social Media » Mobile/PC Instant Messaging (IM) » Mobile/VoIP PBX: Phone Calls, Voicemail (VM), SMS/Texts
    20. 20. • e-Discovery Cloud Concerns (Continued) – Generic (Across SPI Stack) • Vendor Management – Viability/Long Term Market Prospects – Portability/Interoperability (“Lock-In”) – Vendor’s Vendors • BCP/DR • IAM – Federated Identities for Services/Users? » SAML » OAuth » OpenID » WS-Trust
    21. 21. • e-Discovery Cloud Concerns (Continued) – Generic (Across SPI Stack) • Privacy/Compliance Jurisdiction • Usability (GUI) • RIM – Conversion Effort/Project/Task » Platforms: GroupWise/Lotus/Squirrel Mail/Exchange » Hard-Copy Files: Optical Character Recognition (OCR) • Compatibility – May Force Upgrade • Incident Response – Vendor’s CompSec Incident Response Team (CSIRT) » Criminal Investigations
    22. 22. • e-Discovery Cloud Concerns (Continued)
    23. 23. • e-Discovery Cloud Concerns (Continued) – SaaS Specific • AppSec • RIM – Classification – Retention – PaaS/IaaS Specific • Skill-Set • Control – Multi-Tenancy • Cost Effectiveness – Volume/Block-Level Storage
    24. 24. • e-Discovery Cloud Concerns (Continued) – PaaS/IaaS Specific • Justification – Deal With Software Vendor & Cloud Service Provider • Third-Party Products – Long-Term Strategy/Viability
    25. 25. • e-Discovery Cloud Solutions – SaaS – PaaS – IaaS
    26. 26. • e-Discovery Cloud Solutions – SaaS • Social Media-Centric – Arkovi – Archive-It – LiveOffice SocialArchive • Comprehensive – Zantaz – Proofpoint Enterprise Archive – Microsoft EOA – Symantec Enterprise Vault.cloud – EMC SourceOne – VARs/Resellers – Google Message Discovery (GMD)
    27. 27. • e-Discovery Cloud Solutions – SaaS (Continued) • Comprehensive – Sonian – Smarsh
    28. 28. • e-Discovery Cloud Solutions – PaaS • Various Platform Vendors – Build e-Discovery Modules Leveraging Existing Platform » Not Much of a Market/Business Model » Re-Create the Wheel – IaaS • Various Cloud Vendors – Build e-Discovery Solution on IaaS Instance » Leverage Existing Licensing » Analogous to Hosting
    29. 29. • Processes – EDRM – IGRM
    30. 30. • Questions?• Contact – Email: smarkey@ncontrol-llc.com – Twitter: markes1 – LI: http://www.linkedin.com/in/smarkey – CSA-DelVal: http://www.csadelval.org/

    ×