Need an E-Discovery GPS? Put Yourself in the Driver’s Seat with Avansic Tracker

- Dr. Gavin W. Manes, President and CEO of Avansic (www.avansic.com), says:

As any IT or data center manager knows, there is an enormous amount of electronic information associated with any given user or company. Keeping that information safe and intact is the most important job of a data manager. Since digital information is now ubiquitous in business, it is a major component of any potential litigation. And since data centers are a key player in handling electronic data that may be needed for a lawsuit, many have already encountered the navigational complexities of e-discovery.

In our experience, clients have found that they felt out of the loop and disconnected from their own case. This sense of disorientation is particularly stressful in the midst of a lawsuit, so we created Avansic Tracker, an electronic tool for tracking progress on e-discovery cases.

Avansic Tracker helps users visualize the progress of an e-discovery case through all stages, from preservation through processing and data-export. Since processing is the most complex stage of e-discovery, Tracker includes specific updates for the stages of culling, filtering, de-duplication and export (load-file creation). The tool provides a visual representation of each case and its stages, and even provides specific status for each custodian and data set. That way, if a particular part of the case is slowing down the overall progress, clients and their Case Managers can take action to move forward.

There are several other features that help put clients in command of their complex e-discovery cases. For instance, Avansic Tracker can be configured to send an email notification when the process advances from one stage to the next. And, addressing the security concerns that are always prevalent among the legal community, Avansic Tracker is designed to ensure that no identifying or privileged case information is ever exposed.
Avansic Tracker puts clients in the loop about their case and provides transparency about the often-complex process of e-discovery. If you need a road map for eDiscovery, the software will get you from Point A to Point B and you won’t have to stop and ask for directions!

About the Author:
Dr. Gavin Manes is a nationally recognized expert in e-discovery and digital forensics. He is currently the President and CEO of Avansic, a firm that provides ESI processing, e-discovery, and digital forensics services to law firms and companies across the nation. He holds a Ph.D. in Computer Science from the University of Tulsa.

Don’t Let Your Enterprise Sink in the Tsunami of Digital Data Ahead

- Stephen Chan, co-founder and vice president of business development with ZL Technologies (http://www.zlti.com/), says:

According to the IDC’s 2011 Digital Universe study, the amount of electronic information created and copied across the earth today is an astounding 1.8 zettabytes of data. That’s right, zettabytes: 1 billion terabytes. It’s a concept almost too challenging to wrap your head around in describing what could be a paralyzing phenomenon for many IT organizations. The same report also found that the world’s total volume of digital data is now essentially doubling every two years. If your IT group already feels like it’s drowning in data (and you are not alone), this news comes as no surprise.

Some companies have gotten better at purging their so-called “junk” data and organizing their “good” data. The trick, though, is to make all that data easily searchable and consistently findable; otherwise it has no real value for legal discovery. Despite recent technological advances, most IT organizations still have a long way to go to shore up their company for the continuous onslaught of digital data.

There are three things you should do to bolster your company’s data management capabilities before your system is overwhelmed:

• Find a technology (software) vendor that is focused on advanced archiving technology with a track record of success in archiving projects and a team with tangible archiving expertise. Seek one consolidated solution that maintains one archive and is built upon one highly-scalable platform.
• Arm your company with a software solution that is focused specifically on advanced archiving capabilities.
• Make sure the vendor offers in-house expertise in archiving to help you avoid the “gotchas” and solve each piece of the data management puzzle: eDiscovery, archiving, records management, and compliance.

You can’t afford to waste time or money relying on a vendor whose attention is focused elsewhere, or who really offers just a bundle of 3rd party software that will cause you more headaches. Like many things in life, it’s wise to keep it simple. In doing so, you’ll be able to streamline all of your information storage and archiving practices, gain fast eDiscovery capabilities, and calm the data explosion swirling around your enterprise.

Email Supplanted as Most Requested eDiscovery Data Type

- Dean Gonsowski, eDiscovery attorney for Symantec (www.symantec.com), says:

Symantec recently issued the findings of its second annual Information Retention and eDiscovery Survey, fielded by Applied Research, which examined how enterprises are coping with the tsunami of electronically stored information (ESI) that we see expanding by the minute. Perhaps counter intuitively, the survey of legal and IT personnel at 2,000 enterprises found that email is no longer the primary source of ESI companies produced in response to eDiscovery requests. Email came in third place (58 percent) to files/documents (67 percent) and database/application data (61 percent). The primary takeaway should be less about the relative descent of email’s importance, but instead should be seen as the ascendency of other data types (including social media), which now have an unquestioned seat at the table.

To cope with this new reality, organizations need to prepare for eDiscovery and governmental inquires by casting a wider ESI net, expressly including social media, cloud data, instant messaging and structured data systems. Forward-thinking companies should map out where all electronically stored information resides company-wide so that these important sources do not go unrecognized. Once these sources of potentially responsive ESI are accounted for, the right eDiscovery tools need to be deployed so that these disparate types of ESI can be defensibly collected and processed for review in a singular, efficient and auditable environment.

In another survey, corporate boards were increasingly concerned about risk management with more than half of respondents identifying it as the topic they should be spending more time on, and 61 percent saying that their liability risk has increased during the financial downturn. Despite the numerous risks associated with bad eDiscovery hygiene, the Symantec survey found nearly half of the respondents did not have an information retention plan in place and of this group only 30 percent were discussing how to do so.
Treating eDiscovery as a repeatable business process isn’t a Herculean task, but it is one that can’t be accomplished without good information governance hygiene and the profound recognition that email isn’t the only game in town.

Archiving Conundrums: Making Sense of Social Media Conversations

- Sarah Carter, vice president at Actiance (www.actiance.com), says:

Have you ever logged onto Twitter and wondered what on earth that random conversation between two colleagues is really about? Imagine coming across it months or even years later and then trying to make sense of it. Whether it is for eDiscovery, disciplinary procedures or to prove a point on compliance, all business conversations need to be stored securely and social media is no different. The problem is that the process of archiving, storing and making posts easily retrievable is made exponentially more complex because of their multidimensional nature.

What happens to the social media archive if the conversation is taken from Twitter to another medium such as email? A perfectly legitimate action if you want to provide a detailed response to a customer question that is going to take more than 140 characters. Who joined a conversation within the chat function of Facebook and when they left, might be just as pertinent as the content when trying to understand the context of the entire conversation.

To meet most industry regulations and eDiscovery legislation requires special controls around how data is captured, stored, searched and recovered. Being able to archive contextually is of significant importance. Without it, even if organizations have implemented rudimentary measures to capture social media conversations, all they are left with is snippets of content and no sense of what took place without a time consuming reconstruction. That is of course, if it’s possible to retrieve all the content in the first place.

Archiving social media is also made more difficult because of the different channels available to users in which to participate. Unlike email where all messages can be driven through a designated email server, social media can easily be accessed outside of the corporate network such as home computer or on a mobile device. Key to be able to easily recognize employees in archived social media conversations, as well as controlling user activity and monitoring content, is the ability to identify individuals by their numerous social media logins and pseudo names back to their corporate identity.

In some industries, particularly in financial services where for some advisors there is requirement to control all electronic communication where the employee is identifiable, archiving and controlling content posted off–network is a prerequisite to social media’s use. With Regulatory Notice 11-39, FINRA explicitly points out that “Rule 17a-4(b) under the Securities Exchange Act of 1934 (SEA) requires broker-dealers to preserve certain records for a period of not less than three years, the first two in an easily accessible place.” Most organizations can’t – or don’t choose to monitor Facebook conversations, let alone have a searchable archive.

In addition, organizations must be able to demonstrate that posts and messages recovered are the same content that was originally stored and that it is a true representation of the original data. This requires a centralized archiving system that enables easy review of messages posted alongside detailed analysis of electronic conversations including file downloads both internally and externally. As with all tamperproof systems all of this information must of course include a complete audit trail of the auditor reviewing the information.

But there is no point in recording all of this information, if it cannot be linked to an employee’s corporate identity. Most people have different buddy-names on different types of media and possibly more than one account within one social network. Mapping user’s buddy-name to their corporate identity using tools such as Active Directory is crucial in producing a meaningful archive.

Of course, being able to retrieve content posted to social media in way that is meaningful long after anyone actually remembers what was said relies on being able to control the content in the first place and this can provide additional benefits. For instance one of the prerequisites for PCI DSS (the Payment Card Industry Data Security Standard) compliance is that organizations block all non-approved channels of communication. If you’ve approved social media’s use, then you need to be certain that credit card numbers and other personal information can’t leave the organization unauthorized.

Since traditional security infrastructures don’t detect many Web 2.0 applications and tools, this isn’t as easy as it first seems. Many legitimate social media tools and services are encrypted or use evasive techniques such as port hopping and tunneling to ensure a direct path straight to a user’s desktop or browser. Besides data leaking out, there is also the danger of malware entering in too.


The road is littered with soon to be forgotten social networks such as MySpace or Bebo, and whether Facebook will be as popular in two years time as it is today is impossible to say. But as with any archive it’s important to be able to retrieve the information a long after the application or service it was created on has disappeared. Implementing the technology required to create that archive will deliver more than just easy retrieval, it will provide the necessary security, management and compliance controls required for any business to embrace social media today.

Meeting the Challenge of Information Overload

- Balaji Srinivasan, director of microsoft exchange products at Sherpa Software (www.sherpasoftware.com), says:

The amount of electronic data flowing through organizations is growing at an incredible rate. Much of this information is collected and stored. According to a whitepaper published by Osterman Research, 75 percent of the information end users need to do their jobs is stored in email. The consequences of this are numerous, and include typical data management issues such as the cost of storage and difficulties with backup and recovery. In today’s heavily regulated environment, there are more significant challenges associated with ensuring all corporate data meets relevant organization and industry requirements and is accessible for legal and eDiscovery purposes.

Where is all this data coming from? Email has been an ongoing culprit. Despite the rise of other methods of communication, email remains the primary means of corporate communication and continues to grow and generate the vast amount data being retained and managed by IT departments. In a recent report, Osterman Research found that the average email system message store size had increased by more than 25 percent during the past 12 months for nearly half of organizations. The firm further estimated that storage-related issues such as increasing message size, increasing backup and restore times, and lack of messaging-related disk space constitute three out of the five leading problems in managing messaging systems.

These issues, in particular the “slowness” of email, has created a need for a more immediate means of communication, resulting in the rise in use of instant messaging and social media. However, corporate information shared over instant messages and social networks is subject to the same regulatory and compliance requirements as email and other corporate data. As organizations grapple with the right corporate social media strategy, the fact remains that it is turning into another area through which information is distributed and warrants monitoring.
The drop in the cost of storage devices has led to another trend. Rather than taking the time to clean up their environment, individuals and organizations seemingly retain more and more, potentially unneeded, data. With the increased adoption of document management applications such as Microsoft SharePoint, duplication of data across multiple repositories, such as files stored both in network shares and also in SharePoint, is steadily on the rise.

Security is another obvious concern when looking at managing large volumes of data across multiple repositories. Although data leakage has received a lot of attention recently through the activities of Wiki Leaks, it is an age-old problem. With all the different avenues for easily extracting and sharing information - from physical media such as thumb drives to technologies such as email, instant messaging and social media outlets - there are an increasing number of ways for information to leave an organization.

While organizations have been dealing with many of these challenges for a number of years, the sheer volumes of data involved makes managing them a daunting task. Recent regulatory changes such as updates to the Federal Rules of Civil Procedure (FRCP) and other more industry-specific requirements such as HIPAA covering healthcare, the Sarbanes-Oxley Act (SOX) covering publicly traded companies, and the US Securities and Exchange Commission rules covering the financial industry, organizations have eliminated unpreparedness as an excuse for not meeting data collection and retention requirements. The consequences for failing to produce information can be crushing.

The remainder of this article will provide strategies IT administrators can use to alleviate some of this burden and better prepare their organizations to proactively meet these challenges. The first step is defining corporate policies around information management. This task certainly falls under the cliché of easier said than done, but it cannot be emphasized enough that this is absolutely necessary. A policy provides the framework for an information management strategy. It also justifies the actions IT will need to take to control corporate data.
There is plenty of information available on creating corporate policies. Depending on the size of the organization, this process should involve members from several departments within the organization. A clear and thorough policy definition makes for easier compliance and enforcement; so spend the necessary amount of time in this phase.

Under threat of repercussions that can be as severe as termination, corporate policies can be used to force employees’ adherence to corporate policies. For instance, a policy could require that no company information be shared on social media sites. Although difficult to monitor, the policy provides the cover to take appropriate action when a failure to comply is detected.
Given today’s eDiscovery and regulatory requirements, relying on users to comply with corporate policies is often not good enough. IT administrators need to have systems and processes in place to proactively manage corporate data. As has been well documented, the exponential growth of email isn’t showing signs of lessening. Although hosted email solutions seem to be gaining some steam, a majority of organizations still host and manage their own email infrastructure. The burden of management rests with the internal IT department.

When investigating an email policy enforcement system, exploring native tools is a good place to start. Most email platforms include some basic management capabilities. Microsoft Exchange, for instance, going as far back as Microsoft Exchange Server 5.5, has included a utility called Mailbox Manager to help enforce elementary retention policies. With each new version of the Exchange, there have been improved management capabilities, with Exchange 2010 incorporating some of the most advanced built-in capabilities to date. In situations where the built-in capabilities are not sufficient or are unable to meet an organization’s management needs, there are products available from third-party vendors that specialize in email management and can be used to augment or fulfill these needs.

On the topic of managing email, especially in Microsoft Exchange environments, one cannot ignore PST files. PST files are local archives created by end users of server-based email using the Microsoft Outlook email client. Since these are created locally, access to them, and quite often even their very existence, is beyond the purview of the IT administrator. Locating, managing and investigating the content within PST files can be a monumental task.

If your organization currently uses or has used PST files, it is wise to consider the use of a third-party email management product to assist with the task of identifying and locating all PST files across the company’s network storage and users’ desktops. Once located, you can use native or third-party tools to enforce your company’s email policy. If your policy calls for eliminating PST files from your environment, there are group policy options available to prevent the creation of PST files and to prevent addition of email data to existing PST files. Third party solutions can also assist in other areas such as ensuring compliance with corporate instant messaging policies.

If use of instant message is approved and necessary within your organization, it is advisable to deploy an approved corporate-wide instant messaging solution such as Microsoft Lync (formerly called Office Communicator) and IBM Lotus Sametime and disallow the use of other instant messaging options. This can be fairly easily enforced at the corporate network level to ensure compliance. Most corporate instant messaging solutions offer options to archive and store communication transcript history, providing a mechanism to capture and retain that information to comply with your organization’s messaging policy requirements.

If disabling the use of public instant messaging is not an option, capturing information transmitted across these channels will be a challenge. Here is where third-party solutions can assist. They are typically deployed as an appliance at the perimeter of the corporate network, which collects all instant message traffic and provides the data in several formats that can then be ingested into data repositories.

Hoarding of data on network file shares and in document management systems such as SharePoint is another place where data can accumulate and hide. There are a number of network storage devices that include advanced capabilities such as deduplication and enforcing user quota limits. Although these technologies assist in limiting data overload, mining the content in these collections is another challenge entirely. There are a number of search and indexing solutions available including some built into the native platforms that could alleviate the burden of managing this data. However, an obstacle encountered by a number of administrators is the need to perform a consistent search across all sources of data in an organization. Third-party archiving and eDiscovery solutions are an excellent solution to these types of business challenges.

IT administrators are well aware of many of these challenges. To address information overload, the best place to start is by creating a comprehensive and clear corporate policy regarding data storage and retention. It is important to investigate the native capabilities of the data platforms. Where these fail to meet the requirements of organizational policy guidelines, consider third-party solutions to augment these capabilities. Good luck!

For more information, visit www.sherpasoftware.com.

Project Management for eDiscovery Collections – Get it Right the First Time

- Alon Israely, Senior Advisor, BIA (www.biaprotect.com), says:

Corporations get sued or investigated by regulators all the time – and one day, it will be your company (if it isn’t already.) As an IT professional, legal will probably come to you and ask you to gather certain data – that is, to perform “a collection of the relevant documents and emails”. Suddenly, you will find yourself forced into the realm of electronic discovery (“eDiscovery”), which is a different animal than the standard data migration job or file transfer operation.

From a project management perspective, think of eDiscovery just like any other IT project, but with a twist: since the requests are coming from lawyers, the data you’re harvesting is actually evidence. Concepts such as defensibility, spoliation and testimony apply in eDiscovery, so the data collection process must be handled with a forensically sound and methodical process.

Best practices for IT managing eDiscovery projects include:

• Use common sense. The tools and project management skill sets you currently possess have been vetted within your corporation and you know a lot about data. Just because eDiscovery is an unfamiliar type of IT project in your corporation, you don’t have to invent new eDiscovery project management protocols. The basic principles of gathering and organizing data are the same. It’s about using the right tools, keeping good documentation and being careful to ensure the data handling is performed in a compliant way that is different for eDIscovery projects.

• Get your team in place. Have well-defined roles and a clear understanding of industry standard models such as the EDRM (www.edrm.net) and principles espoused by the Sedona Conference (http://www.thesedonaconference.org/ . These models describe the full eDiscovery process related to data involved in legal proceedings and investigations, from information management on the IT level such as data mapping all the way through until the case goes to trial where some of that data must be presented in court. There are a lot more logging, auditing processes, chain-of-custody requirements and specialized mechanics in the eDiscovery process that each member of the team must understand to ensure the legal soundness and defensibility of the results.

• Remember - you only have one shot. In eDiscovery, you do not have the luxury of doing the collection again. You have to do it right the first time. Do not be afraid to ask questions and get the clarity you need from your department heads and legal counsel so you can perform the project correctly. There can be a host of inter-dependencies of which you may not be aware and thus will never know unless you ask questions. Clarify, clarify, clarify; and then base your data identification and collection schedule on that feedback.

• Standard IT tools won’t do. The biggest mistake an IT professional can make when it comes to eDiscovery is thinking he or she can not only do it themselves with standard IT tools, but also that standard IT tools will somehow be cheaper. Most standard IT data copy tools do not perform the necessary mechanical steps which preserve the integrity of the data collection. Additionally, you may come to realize midway through the process that you need too many of these tools to perform the process cost-effectively. Using standard IT tools for eDiscovery can be disastrous much later on when the lawyers are trying to make sense of the data that has been collected in a way that does not conform to legal standards.

• Use appropriate eDiscovery products. There are excellent eDiscovery products on the market designed from the ground-up for the eDiscovery process, and so, have the built in tools and measures to preserve the integrity of the collection process, the data results and to save IT professionals from having to testify as a witness at a deposition or in court. In the end, these products will be far more cost-effective than a piecemeal approach with standard IT tools.

eDiscovery projects are unfamiliar territory for many corporate IT professionals, and the territory is fraught with peril. However, by leveraging what you do know about data, consulting legal counsel to ensure the data is kept pristine and protected, and using proven eDiscovery tools to assist you, you can prevail. Being smart about eDiscovery protects you and your organization both, and next time your employer gets sued, you’ll be ready, willing and able to manage eDiscovery projects with great success.