edisco compliance whitepaper

8/6/2019 eDisco Compliance Whitepaper

1/13

ASearchCompliance.comEBook

1 DATA SECURITY IN THE E-DISCOVERY PROCESS SEARCHCOMPLIANCE.COM

CHAPTER1

Ease the Painof E-discovery

CHAPTER2

E-discoveryGets Smart

CHAPTER3

Avoiding theBreach

CHAPTER4

CSI: Compliance

DataSecurityinthe

E-discoveryProcessE-discovery can be complicated, time-consumingand expensiveand so can proper data security.Heres how to merge the two and get the most bangfor your buck.


2/13


3/13

E-discoverymay be adirty word among ITexecutives, but a more

aggressive use ofrecords managementtools can help alleviatethe pains and cost.BY KEVIN BEAVER

COMPLIANCE IS OFTEN deemed a dirtyword in IT circles. But I have another10-letter word that's just as dirty:e-discovery. This one word arguablycreates the most angst among ITexecutives today. But there is a wayto soften that angst with the help oftwo other words: records manage-ment.

I have a lot of firsthand experiencewith e-discovery-related projects, soI can attest to the level of effort theyrequire of a variety of people in ITroles. Similarly, in my expert-witnesswork, Ive seen how quickly certain e-discovery requests are made by attor-neys. The whole process of e-discov-

ery is often brutal, extracting itspound of flesh from an enterprise,regardless of the resources it has todevote to it.

What used to be a cash cow for a

select few e-discovery firms with theright tools has gone mainstream.There are numerous e-discovery andrecords management applications tohelp reduce the pain and cost associ-ated with discovery requests. Accord-ing to Stamford, Conn.-based consul-tancy Gartner Inc., the market fore-discovery software will reach $1.5billion this year. Vendors such as EMC

Corp., Optical Image Technology Inc.,StoredIQ Inc. and Messaging Archi-tects offer an array of archiving, e-dis-covery and information managementsolutions focused on records manage-ment.

The increase in data breaches,bribery and insider abuse underscoresthe need for such tools. Withoutthem, its practically impossible tosearch through hundreds of gigabytesof electronic records for the relativelysmall subset of data thats needed. Ifyou dont have some semblance ofelectronic records management andsomething bad happens that leads toe-discovery, youre toast.

Chapter 1


CHAPTER1


CHAPTER2


CHAPTER3

Avoiding theBreach

CHAPTER4

CSI: Compliance

Ease the Pain

of E-discovery


4/13

THE IMPORTANCE OF

RECORDSMANAGEMENT

Looking at the bigger picture, recordsmanagement is deeply entrenched in

various business, compliance and ITprocesses. Given the amount of infor-mation you have, combined with thecomplexity of your information sys-tems, the only reasonable way tomanage these aspects of electronicdata is with a good records manage-ment tool.

One of the greatest risks to any

business is a lack of knowledge aboutwhat electronic information is, and thehard fact is that many businesses havelittle or no control over data classifica-tion and retention. These two factorsare a dark cloud hovering over an en-terprise, threatening to burst into araging storm. You would be wise to leanon records management tools for help.

That said, as much as these tools

can help, they are hardly a panaceayou will have to streamline your man-agement processes as well. If you real-ly want to get records managementand e-discovery down to a science,you will have to tweak both your busi-ness processes and the culture insideyour organization. This will require:

I Obtaining and maintaining buy-infrom members of upper manage-ment (which should be easy becauseits their rear ends on the line);

I Putting the necessary policies inplace (classification, retention, labeling and disposal come to mind);

I Getting the word out on what consti-tutes business records (this is thetough part, but it has to be done);

I Holding people accountable fortheir actions when missteps occur(making them understand that"Internal use only" and "Archiveafter 90 days" mean just that); and

I Working with legal counsel periodi-cally to ensure that your system iskept current (theres nothing worse

than an outdated records manage-ment system that creates moreproblems than it solves).

Getting management and employeebuy-in is half the battle. The typicallyslow-moving bureaucracy that hauntslarger enterprises often hinders infor-mation security and risk managementefforts. But we can all learn from the

finely tuned records management pro-cesses many such businesses utilize.

It would be wise to look into thesesolutions. If you need help justifyingtheir cost, many vendors have alreadydone the research for you. The moneysaved in one e-discovery request canpay for a solution tenfold. Why nottake that leap and invest in the righttools now, before you really needthem? Things are only going tobecome more complex. I

Kevin Beaver is an information security consultant

and expert witness, as well as a seminar leader and

keynote speaker at Atlanta-based Principle Logic

LLC. Write to him at [email protected].

Chapter 1: Ease the Painof Ediscovery


CHAPTER1


CHAPTER2


CHAPTER3

Avoiding theBreach

CHAPTER4

CSI: Compliance
mailto:[email protected]:[email protected]:[email protected]:[email protected]


5/13

The e-discoverysoftware market isgrowing due to morestringent governance,risk managementand complianceregulationsandits creating smartersolutions.BY ADRIAN BOWLES

THE PAST DECADE has seen increasingdemands on enterprises of all sizes,and in all industries, to be preparedto produce specific business recordsin defending themselves against pros-ecution. Data from many systemsunder IT control may be required tosatisfy regulators and the courtscharged with enforcing privacy, secu-rity, governance, environmental andtrade/tariff rules and regulations.

Most of the attention to e-discoveryin the popular press is focused onemailsthe proverbial smokingguns in regulatory cases. But datastemming from various areas of an

organization may be requested in alegal proceeding. As the demand forbetter archiving solutions hasincreased alongside the overall growthof enterprise data, its not surprisingthat e-discovery software is growingas a market.

To make sense of the requirements,the Electronic Discovery ReferenceModel (EDRM) has become the defacto reference used by vendors, con-sultants and buyers of e-discoverysoftware products and services.EDRM is organized by projects, eachof which comprises working groups.The v2 reference model includes:

I Identification: Identification andcertification of electronically storedinformation (ESI) sources that maybe relevant to discovery requests.

I Preservation and collection: Decidewhat to preserve and for how long.Litigation hold is a stipulation topreserve recordspaper and ESIthat may be required in a legalaction. Knowing what may berequired by rule and practice isessential to a preservation policyand to subsequent collection efforts(which may involve people or anautomated system to find and pro-duce records).

Chapter 2


CHAPTER1


CHAPTER2


CHAPTER3

Avoiding theBreach

CHAPTER4

CSI: Compliance

E-discovery Gets Smart


6/13

I Processing, review and analysis:These are the heart of e-discoverysoftware, and the steps where spe-cific legal functionality and knowl-

edge/rules must be applied. Thedefending enterprise must deter-mine, according to laws, rules,guidelines and precedents, whichdata (including metadata) must beproduced for opposing counsel. Coresearch technologies of today maysoon be augmented by smarterprocessing in the future.

I Production: Extraction and prep-aration of relevant data.

I Presentation: The display of ESI informats suitable for review by peo-ple charged with their evaluation:courts, counsel, juries, etc.

As noted, the processing/review/

analysis steps require more legalknowledge than the rest. Therefore,it is natural that specialized vendorshave emerged to address those steps,and just as natural that more tradi-tional database archiving vendorshave adapted their waresor at leasttheir marketingto address the ancil-lary steps.

When asked about the plethora ofvendors approaching e-discovery froma database and archiving standpoint,Parity Research founder Gary Mac-Fadden noted, the e-discovery spaceis immatureyou see a lot of ham-mers looking for nails.

One product manager noted that

the technology his firm developed fordatabase archiving has found favor asan e-discovery aid because there is abig push from risk and compliance

managers for live archiving. As aresult, they are able to apply the sametype of data retention strategy torecords management and compliance.

IT has traditionally focused on priceand performance of database archiv-

ing solutions when making buyingdecisions, based on criteria such asfrequency of retrieval and storagecosts. The new emphasis on collec-tion, search and review can compli-cate purchasing, but it can also helpfree up the budget. When the transac-tion system is the system of recordthat may be subject to review underthe Sarbanes-Oxley Act, those facedwith the possibility of fines and incar-ceration are more inclined to fundappropriate expenditures for adequateimprovements and controls.

Vendors with strengths in the keyprocesses, such as Autonomy Corp.,Clearwell Systems Inc., Recommind

Chapter 2: EdiscoveryGets Smart


CHAPTER1


CHAPTER2


CHAPTER3

Avoiding theBreach

CHAPTER4

CSI: Compliance

Thenewemphasis

oncollection, searchand reviewcancompli-

catepurchasing, but

it canalsohelp free

upthebudget.


7/13

Inc. and ZyLAB North America LLC,now face giants such as EMC Corp.(Kazeon Systems Inc.), IBM (Open-Pages Inc., PSS Systems Inc.), Infor-

matica Corp., Oracle Corp., SAP AGand Symantec Corp. as formidablecompetitors in the e-discovery space.

While the market shakes out, itscommon for IT managers to look firstto their traditional suppliers (enter-prise software and hardware vendors),while legal, compliance and risk man-agers are wooed by the new breed of

e-discovery solution providers. IToften has direct responsibility for soft-ware acquisition and operations, whilethe other stakeholders have more visi-ble liability for compliance and legalactions.

This may set up a somewhat uneasyrelationship and budget conflict. Weare seeing new mandates from riskmanagement and compliance man-

agers, but funding still comes primari-ly through IT. One vendor suggestedthat this makes the buying cycleshorter, but the implementation cyclemay actually take longer due toincreased scrutiny and participationfrom new stakeholders.

For now, risk management and com-pliance professionals should be pre-pared to look beyond immediate regu-latory concerns to include e-discoverypolicy choices when evaluating all

enterprise software purchases. ITexecutives, meanwhile, should famil-iarize themselves with the new play-ers at the heart of e-discovery, either

as possible solutions or to challenge

their incumbent enterprise solutionproviders to provide comparable func-tionality. There will no doubt be fur-ther consolidation in this space, butthe courts wont wait, and neithershould IT. I

AdrianBowleshas more than 25 years of

experience as an analyst, practitioner and academic

in IT with a focus on IT strategy and management.

He is the founder of SIG411 LLC, an advisory services

firm in Westport, Conn., and director of the Sustain-ability Leadership Council. Write to him at

[email protected].

Chapter 2: EdiscoveryGets Smart


CHAPTER1


CHAPTER2


CHAPTER3

Avoiding theBreach

CHAPTER4

CSI: Compliance

Fornow, riskmanage-

mentandcompliance

professionals should be

prepared to lookbeyond

immediate regulatory

concerns to includee-discoverypolicy

choiceswhenevaluat-

ing all enterprise

softwarepurchases.


8/13

Web-based vulnera-bilities are often sim-ple to exploit becauseno ones watching.To protect your data,

expand the scope ofyour incident responseand Web forensics.BY KEVIN BEAVER

WHEN WE THINK about computer foren-

sics and incident response, its oftenin the context of workstations andserversitems at the OS level, andrightly so, as thats where many Websecurity breaches take place. Frommalware infections to password crack-ing to lost or stolen laptops, theresoften plenty of information right insidethe operating system to help create aforensic timeline. But theres an areaof Web forensics and incident re-sponse that we dont hear about asmuch: websites and applications.

Why is this? There are severalreasons:

1. The assumption that a firewall and

Secure Sockets Layer for Webencryption are all thats needed.

2. The assumption that your managedsecurity services provider is takingcare of things.

3.The assumption that your lastWeb security scan didnt turnup anything, so alls well.

4. The assumption that your businessdoesnt have anything the bad guyswould want.

In many cases, Web-based systemshave remained out of the spotlight.

Perhaps its because of the complexityof Web systems and all of the compo-nents involved? When you experiencea Web security breach, there arenumerous systems that may need tobe analyzed. These include routers,network firewalls, Web applicationfirewalls, Web servers and databaseservers. This shouldnt keep Web sys-tems off your incident response radar,however. Given vulnerabilities asprevalent as cross-site scripting, Web-based malware and weak passwords,you have to ensure that your Webenvironment isnt taken for granted.After all, you cant respond to whatyou dont acknowledge.

Chapter 3


CHAPTER1


CHAPTER2


CHAPTER3

Avoiding theBreach

CHAPTER4

CSI: Compliance

Avoiding the Breach


9/13

When I refer to Web environment, Idont mean just your main websiteand your public-facing Web applica-tions. Instead, Im referring to every

critical Web system you have, bothexternally facing and on your internalnetwork. In my security assessments,I often find the greatest risks are tointernal Web systems such as finan-cial applications, intranet portals andsystem management interfaces. Somecommon Webcentric vulnerabilities Ifind are in core processing systems

and ATMs in banks, firewall and stor-age management systems, physicalsecurity closed-circuit television mon-itoring systems and Microsoft Share-Point systems.

The one thing thats easy to forgetis that its often easier to abuse thesecritical internal systems because, afterall, everyones trusted if theyre onthe internal network. Theres nothing

to worry about, right? Nope. You dohave stuff to worry aboutespeciallywhen it comes to the governance andcompliance of critical business sys-tems.

The reality is, Web-based vulnera-bilitiesboth public-facing and inter-nalare, more often than not, simpleto exploit because no ones watching.Theres little to no logging, limited sys-tem monitoring and no real accounta-bility. If something happens in such a

scenario, whos to blame? How areyou even going to perform a forensicsanalysis when you dont have any visi-bility into the environment or controls

in place generating data to analyze?

Cast a broader net and expand yourscope for incident response and Webforensics. Otherwise, your Web-basedsystems are sitting ducks and yourhands are going to be tied when theunimaginable becomes reality. I


and expert witness, as well as a seminar leader andkeynote speaker at Atlanta-based Principle Logic


Chapter 3: Avoiding theBreach


CHAPTER1


CHAPTER2


CHAPTER3

Avoiding theBreach

CHAPTER4

CSI: Compliance

SomecommonWeb-

centric vulnerabilities

I findare incore process-

ing systems andATMs

inbanks, firewall and

storagemanagementsystems,physical secu-

rity closed-circuit tele-

visionmonitoring

systemsandMicrosoft

SharePoint systems.
mailto:[email protected]:[email protected]:[email protected]:[email protected]


10/13

Computer forensics isperceived as a sciencerarely used by com-pliance officers, butthats just not the case.BY KEVIN BEAVER

COMPUTER FORENSICS technology is anemerging field involving security inci-dent and data breach investigations.The general perception is that com-puter forensics is a highly specialized

area that businesses rarely tap into. Inreality, it can be used in a wide arrayof circumstancesin fact, anyoneworking in or around IT, legal, compli-ance and human resources depart-ments can benefit from learning moreabout computer forensics technologyand the impact that it has on the over-all information risk managementprocess.

Computer forensics technologyinvolves securing, collecting and ana-lyzing digital evidence related to com-puter security incidents, data breach-es and similar abuses of computersystems. Depending on the circum-stances, law enforcement officers can

perform the detailed technical andoperational procedures associatedwith forensics investigations. Mostcomputer forensics investigationsrequire either commercial or opensource software to uncover and pre-serve the details of what took place

during the event in question.

Whats the difference between

computer security and computer

forensics?There are information system controlsand security assessments for thosewho take security seriously, and foren-sics tools and techniques for thosewho dont. Computer security is

proactive and involves the manage-ment of information risks beforesomething happens. Computer foren-sics is reactive and is something youdo after a breach.

The prospect of a security breach isvery real, no matter how proactive youare and no matter how tightly thingsare locked down. Experienced compli-ance officers and security managershave systems for both the proactiveand reactive components of managingtheir information systems.

How does computer forensics

technology tie into incident

response?

Chapter 4


CHAPTER1


CHAPTER2


CHAPTER3

Avoiding theBreach

CHAPTER4

CSI: Compliance

CSI: Compliance


11/13

Incident response is the act ofresponding in a systematic andmethodical way to internal and exter-nal security breaches. Forensics is a

component of incident response thatoutlines how breach investigations areactually carried out through a numberof tools and techniques.

There are various types of incidentsor breaches that may warrant a com-puter forensics investigation, including:

I External attackers performing an

SQL injection against a Web applica-tion to siphon data out of the data-base;

I External attackers breaking into anunsecured wireless network andgaining access to the internal net-work;

I Rogue employees copying sensitive

information to an external hard driveto take off-site and share with a thirdparty;

I A careless employee leaving anunencrypted laptop computer in hiscar, and the computer is then stolen.

The general assumption is that allsecurity breaches are known and visi-ble, but thats not always the case.Certain controls such as activity moni-toring, audit logging and passwordlockouts can aid in both detection andforensics investigations when abreach occurs. The important thing isto ensure that the lack of an incident-

response plan doesnt leave a hole inyour information risk managementand compliance strategies. Its alsoimportant to realize that certain

breaches may go undetected for aperiod of time, especially if the propercontrols arent in place.

Is a formal forensics analysisneeded for every suspected or

known security breach?

It depends. This needs to be discussedin advance by your security commit-

tee. Management, legal, IT and com-pliance executives need to be involvedin such decisions. You may not know if

a formal investigation is required untilyou gather more information post-mortem.

Not every breach is serious. Its agood idea, however, to approach eachone as though it is. You have to deter-mine which systems were compro-mised, what was accessed, andwhether such information is coveredby what laws, regulations and con-tracts. Regardless of whats compro-mised, youll want to step back todetermine what needs to be improvedin order to prevent the same occur-

Chapter 4: CSI: Compliance


CHAPTER1


CHAPTER2


CHAPTER3

Avoiding theBreach

CHAPTER4

CSI: Compliance

Noteverybreach is

serious. It isa good idea,

however, to approach

eachone as though it is.


12/13

rence. Your business may also bebound by data breach notificationlaws that require you to contact every-one whose personal information was

compromised, or even suspected ofbeing compromised.

You may also determine that theincident warrants getting law enforce-ment involved. A good rule of thumbis to get law enforcement involved ifyoure unsure. It pays to know yourlocal law enforcement agencys cyber-crime division. Knowing an independ-

ent forensics investigator or forensicsfirm would also be helpful.

How do I integrate computer

forensics technology with my

compliance program?Forensics is an aspect of informationsecurity, just like compliance. The twoareas are intertwined and need to fallunder the umbrella of your overall

information risk management pro-gram. The best advice is to not go atthis alone. You dont want to bear theburden of making the critical businessdecisions associated with compliance,forensics and information risk man-agement all by yourself. This will cometo light when something bad happensand a regulator, auditor or judge pinsyou down and wants to know the rea-soning and business justification forwhy you did or did not have controlsand response procedures in place. I


and expert witness, as well as a seminar leader and

keynote speaker at Atlanta-based Principle Logic


Chapter 4: CSI: Compliance


CHAPTER1


CHAPTER2


CHAPTER3

Avoiding theBreach

CHAPTER4

CSI: Compliance

Data Security in theE-discovery Process

is produced by CIO/IT Strategy Media,

2011 by TechTarget.

Jacqueline Biscobing

Managing Editor

Rachel Lebeaux

Assistant Managing Editor

Linda Koury

Director of Online Design

Kevin Beaver

Adrian Bowles

Contributing Writers

Ben Cole

Associate Editor

Scot Petersen

Editorial Director

FOR SALES INQUIRIES

Theron Shreve

Senior Product Manager

CIO/IT Strategy Media Group

[email protected]

(617) 431-9360
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]


13/13

RESOURCES FROM OUR SPONSOR

See ad page 2

Get Your Free White Paper on How to Deal with Foreign Languages in eDiscovery

Sign Up for a Free Demo of iCONECTs Early Case Assessment and Review Solutions

Learn How to Reduce Risk and Secure eDiscovery Data - White Paper

About iCONECT:

iCONECT is an indispensible component of any organizations information-sharing strategy,

trusted by AmLaw200 firms, Global 1000, and legal departments within government agencies.

By understanding, anticipating, and simplifying our customers needs, iCONECT enables its

partners to deploy innovative, collaboration technology solutions that drive their bottom-line

revenues.

With iCONECT nXT, users can load, review, analyze, and produce more data than any otherlitigation support software on the market, collaboratively and cost effectively, from anywhere in

the world.

INCEPT is an early case assessment software program that allows you to ingest data and

remove unnecessary files, apply time and materials costs to your project, and then analyze the

result to understand how much relevant data you have.
http://www.iconect.com/lgen/reg_whitepaper.asp?wp=dwflhttp://www.iconect.com/lgen/reg_demo_request.asphttp://www.iconect.com/lgen/reg_whitepaper.asp?wp=rrsdhttp://www.iconect.com/lgen/reg_whitepaper.asp?wp=dwflhttp://www.iconect.com/lgen/reg_demo_request.asphttp://www.iconect.com/lgen/reg_whitepaper.asp?wp=rrsdhttp://www.iconect.com/

edisco compliance whitepaper

Documents