As many companies debate whether moving operations to the cloud is wise, they may not realize they are already utilizing systems that reside in the cloud. The benefits offered by cloud-based applications means that even those who are not there yet will find it hard to avoid it much longer. As a result, it’s important to understand and address the challenges of managing data in the cloud.
In the early days of cloud migrations, providers compared “going to the cloud” with switching from having onsite power generators or drinking water from wells to moving to offsite power plants or water storage and purification plants. Like water and power, people want data to be accessible, safe, and cheap. To accomplish those goals, control over data has to be balanced – not too loose, not too tight. Depending on the circumstances, the cloud potentially improves accessibility, safety, and cost. But it’s also daunting because of the amount of work needed to reset the controls over cloud data.
For corporate eDiscovery, Information Governance, and Regulatory teams, the cloud is just as alluring and can be just as challenging. What’s new is the explosive proliferation of cloud-based applications that hold data critical to eDiscovery and Regulatory teams. Whether an enterprise officially or unofficially embraces the cloud, more and more work is happening in the cloud. As a result, more and more eDiscovery projects and Regulatory efforts require corporate teams to locate, collect, and work with potential evidence and data from the cloud.
In conversations with corporate eDiscovery and Information Governance professionals, they tell us that they see a strong push to the cloud, and they have a sense that “ready or not, here it comes.” Some of the key questions they are raising with their teams are helpful for anyone planning cloud migrations to ask, including:
How will we find it? The good ol’ days of data mapping (if there ever were good ol’ days of data mapping) are over. Today, there is an explosion of new cloud-based tools that help people do their work, particularly when it comes to communication tools. The problem is that data mapping is less about boxes and racks, and more about apps. Finding data means understanding the cloud-based tools data custodians are using. Of course, once those tools are identified, you still haven’t located the data. Where to find the data depends on many factors that are unique to the tool used to create, store, and access the data. Upgrades and changes by the application providers further complicate the search as data is migrated and accessibility to the data changes.
How will we collect it? Cloud application developers carefully design and engineer products that allow users to access their data in ways that work for those users. But rarely do they design applications with eDiscovery or Regulatory considerations in mind. More often, a driving consideration is whether the users’ data can be protected against collection to protect privacy. Most people remember when it was impossible to export Facebook or LinkedIn data in any useful way. Today, those same issues confront teams trying to collect Slack, Yammer, or even mobile application data. Sometimes, the provider offers “upgrades” that can be purchased for easier collection, but typically, collection requires permission and speed is extremely limited.
Running searches in these platforms remains a challenge. Early corporate adopters of cloud-based enterprise email and archiving systems faced almost insurmountable obstacles trying to run searches in hopes of narrowing the volume of data to be collected. Speed of data collection is also a serious issue. The slow speed at which information can be downloaded from cloud applications can make the collection of terabytes of historical data impractical if not impossible.
Will the data be usable? eDiscovery and Regulatory professionals use different tools to work with data. Those tools are critical to finding the relevant data. They are also designed to maintain the metadata that ensures authenticity and reliability of data to be used in a legal proceeding. That is not how cloud applications are designed to handle data. Today, before trial lawyers can “parse” words to argue their case, tech teams must parse cloud data, so the lawyers can see it.
Will the data remain secure? Data breaches are in the news regularly, so companies and lawyers must be mindful of data security and precautions that can help protect sensitive data. There are globally recognized standards for the establishment and certification of information security management systems which companies and their vendors should follow. The federal government also has developed standards through its Federal Risk and Authorization Management Program (FedRAMP).
What will it cost? Going to the cloud is intended to save time and money. It can and usually does. But without considering the needs and potential challenges of corporate eDiscovery and Regulatory teams, those savings could take a hit.
Like water and power, eDiscovery and Regulatory teams need data that is accessible, “clean,” and inexpensive. If managed appropriately, the cloud offers improvements to meet all of these goals. But managing the work of “going to the cloud” should include consultation with the eDiscovery and Regulatory teams that inevitably need that data to meet the company’s mission critical legal requirements.
If you are utilizing or considering cloud-based applications or cloud storage, contact us for a consultation.