IT and the early eDiscovery process are getting to be one hot item, sometimes to IT’s dismay. IT is – or soon will be – fielding data collection requests from lawyers panicked over the latest eDiscovery pronouncement from the judicial bench. But very few companies are adding eDiscovery specialists to the IT payroll, leaving existing staff to shoulder more of the burden. Technology is critical in this area of early eDiscovery and IT is likely to administrate and use identification and collection products. Products that require careful vetting for purchase, deployment, usage and maintenance.
Before I talk about IT’s critical success factors (CSF) for eDiscovery purchases, let me define a few things. First, IT is being called on to partner with Legal over technology decisions up and down the eDiscovery line. Even when the purchases are primarily focused on Legal users, only IT can answer questions about computing systems, bandwidth, or data security concerns. This type of purchase tends to be a one-off for IT who acts in a consulting capacity.
However, some eDiscovery technologies directly impact IT. These are the products that support the early eDiscovery stages: identifying, collecting and preserving electronically stored information (ESI). This type of product operates close to home by directly accessing data sources across the storage infrastructure. IT may be an end user or the application administrator; increasingly both. Note that this type of product is not new. A number of vendors have done very well with identification and collection software for both Legal and IT. What has changed is the number of searches, huge volumes of data that must be searched, and the complexity of the storage infrastructure at almost every company.
This is why IT should have a methodology in place for reviewing and purchasing the eDiscovery technology that they will be supporting and using. The purchasing process should be done in concert with Legal, but IT should bring its own set of critical success factors to the table.
- CSF No. 1: Integration. The eDiscovery product should integrate with most existing storage and data management technologies. The best identification and collection products work with existing data applications and multiple storage protocols. Look for products that search multiple applications and storage locations, including remote networks and user devices.
- CSF No. 2: Simplicity. Collections software is complex under the hood but it should have a straightforward interface, templates and policies. IT is already short-staffed and does not need a bigger management burden, especially since Legal end users may not be the most technical of staff (to say the least). For example, setting up policies and schedules provides a tremendous ongoing advantage, but if it’s too complex IT will not take advantage of it.
- CSF No. 3: Cost-effectiveness. If the product impacts IT’s budget and support time, it should have very attractive OPEX and CAPEX. It should also demonstrate strong ROI by lowering ongoing data collection costs and risks. The latter being very important, as sanctions for poor eDiscovery are getting popular with judges.
- CSF No. 4: Scalability. The product should scale performance across users and servers. Collections vendors make a big deal about querying across numerous applications and data sources. They should be able to prove that they can do it without sacrificing compute performance across the network.
- CSF No. 5: Security. The product should protect data security. Note that data security is slightly different from legal defensibility. Defensibility is necessary and collections software must support a fully secure preservation environment. But IT will also be concerned with the security of the original data and its copies, and 1) must be certain that collections operations will not compromise data or applications, 2) know that they control end user access, including attorneys and outside consultants, and 3) are confident that data uploaded to a service provider is protected in-transit and at-rest.
These CSFs will look very familiar to IT since they are the same factors involved in a storage management purchase. This is no accident, since eDiscovery at its early stages is nothing more than a business process that collects data from the storage infrastructure. Query building and legal concerns remain with the General Counsel’s Office, but stored data and its security are the firmly held territory of IT. The fact that this particular process is called “eDiscovery” does not change that.
Christine Taylor is an Analyst with the Taneja Group, an industry research firm that provides analysis and consulting for the storage industry, storage-related aspects of the server industry, and eDiscovery. Christine has researched and written extensively on the role of technology in eDiscovery, compliance and governance, and information management.
Follow Enterprise Storage Forum on Twitter.