Key Considerations for Deploying E-Discovery Software in the Cloud

As compared to a decade ago, organizations have a number of deployment options for their technology investments. No deployment trend has garnered more attention in recent years than the advent and soaring popularity of cloud computing. The cloud offers organizations a degree of scalability, cost efficiency and "pay-as-you-go-pricing" desired in today's tenuous economic climate.

Traditionally, e-discovery software has been deployed in an organization's infrastructure behind the firewall. As with other enterprise-class software, organizations are now demanding additional deployment models to meet their specific requirements. In fact, some have adopted a "cloud-first" strategy, meaning that much of the organization's electronically stored information (ESI) is being stored in the cloud.

However, because e-discovery—and the technologies that support it— is subject to sensitive legal risks and technical complexities, selecting the optimal deployment model is not always as straightforward as might first appear.

Following are five key criteria knowledge workers, in conjunction with IT and legal, should consider in deciding which e-discovery software deployment method is right for their organization:

1.    E-Discovery Process(es) that Need to be Supported

The legal requirements surrounding e-discovery are generally well understood. From a technical standpoint, however, e-discovery is a complex, multi-faceted endeavor involving a bevy of variables. For this reason, deciding whether to deploy e-discovery software in the cloud depends largely on the organization's overall cloud strategy and the e-discovery process(es) that need to be supported. The Electronic Discovery Reference Model (EDRM) defines nine distinct processes, starting with information management, identification and preservation and progressing through collection, processing, analysis, review, production and presentation (in court).

In order to determine what's right for the organization, the knowledge workers from legal and IT need undertake a formal assessment. Some of the questions that need to be answered include:

a.     What is the organization's litigation volume or regulatory requirements?

b.     How is the legal team currently managing the e-discovery process?

c.     What areas of the process represent the greatest opportunity for cost and/or risk savings?

d.     What type of systems, such as IT, HR or existing e-discovery tools, need to be integrated?

e.     What IT resources are available to support legal?

f.      Are there global implications that need to be considered?

g.     Where does the budget lie for making the investment - IT or legal?

2.    Security & Privacy Requirements

Since information management and identification are mostly internal processes, organizations maintain a lot of deployment flexibility. When moving to the preservation and collection phases of e-discovery, security, spoliation and other IT risks emerge. For example, collection requires the transfer of ESI from the native data source to the e-discovery system's ESI storage repository. Doing so in the cloud, where ESI transverses on public networks, adds additional security considerations.

While security standards for cloud-based systems have advanced greatly in recent years, organizations naturally cede some control of the corporate data when storing ESI outside the network. These concerns can be mitigated by using tier-one hosting providers that have implemented strong security controls and have subjected their services to thorough auditing. Additionally, secure protocols and/or data encryption can mitigate the information security risk. 

In the context of e-discovery, collecting and preserving ESI outside the United States can be a more daunting hurdle due to data privacy laws. Some countries, including those in the European Union, have strict privacy laws that restrict data from leaving the country. In these circumstances, it is critical to take into account where the cloud servers hosting the organization's ESI are physically located and what protocols are in place should that ESI be needed in response to a legal action or e-discovery request.

3.    Integration Requirements

E-Discovery systems don't exist in a vacuum. Effective management inside a global organization often requires the integration of existing IT systems, such as single sign-on, HR and asset management applications, as well as data sources with the e-discovery software. The process of deciding on a deployment method should involve a full assessment of the organization's existing IT infrastructure and whether there are any specific requirements that may be compromised. For organizations that have embraced the cloud, many of their data sources are already in the cloud, so collecting with cloud-based software isn't a big new step. 

4.    Licensing and Budget Model

E-Discovery software deployed behind the firewall is typically acquired as a perpetual license and is normally considered a capital purchase. While this may be the preferred approach due to alignment with an organization's IT strategy, capital purchases almost always require detailed financial justification that must be presented to and approved by a capital budgeting committee. A cloud deployment offers organizations significantly more flexibility, which is important as many organizations encounter immediate e-discovery needs and can ill afford to wait out a lengthy acquisition process. In a hosted model, legal has the option of diverting existing expense budgets for third-party providers for investing in their e-discovery solution.

5.    Software Administration

Any decision regarding a large-scale technology investment must take into account ongoing maintenance and management requirements. Organizations have varying levels of IT resources available to implement and manage new applications. IT must always balance the requirement to meet the needs of lines of business, such as legal, while minimizing operational costs, preserving data security and working within the constraint of available staff resources. Organizations with more limited IT resources often prefer to leverage the vendor's expertise to host and manage software in the cloud.

Conclusion

The cloud has revolutionized the way we think about data storage and software delivery, and we are only scratching the surface of its ultimate capabilities. E-Discovery software has been thrust into the cloud as well, a trend that only figures to intensify. Choosing the right e-discovery software deployment method is an important decision. By addressing the key criteria detailed in this article, organizations will be better equipped to assess their needs and achieve a successful software deployment.