Security Learning its Role in E-Discovery
This article can also be found in the Premium Editorial Download "Information Security magazine: Reviews of six top Web application firewalls."
Download it now to read this article plus other related content.
- Believing data should be massively centralized in order to accommodate finding it. Although a reduction in the number of repositories and instances of products can be a boon, it's not feasible to create a "super-storage vault." Any sane response to e-discovery will necessarily involve multiple data sources and multiple technical approaches. Organizations will have to employ many different technologies to attack the problem, including search, mapping and categorization/classification. Clearly, reducing the number of deployments of, say, SAP from 20 to 10 can be beneficial. But for many organizations, simply knowing the location of relevant documents and records would be a step above their current situation.
- Thinking that most e-discovery problems relate strictly to email. This mistake can be blamed on misrepresentations by some vendors and media reports. While email is an important and often material piece of evidence in litigation, it's only one of a great many records that need to be found, preserved and presented. No enterprise is going to satisfy the e-discovery challenge simply by deploying an email archive and/or search tool. Proper management of email is necessary but not sufficient.
Haystacks and Needles
If data is stored and used as part of the normal course of business, then it's
| expected to be discoverable. The court has little tolerance for a claim that the needle is too hard to find in the haystack.
Some of the data types are obvious, such as email messages or electronic business documents. But security teams are sometimes confused about sources like video or event logs (see "Evidence Sources," below). Ultimately, legal counsel needs to rule on information's applicability, but because many types of ESI are generated and stored for audit or security purposes, they are fair game in court. For example, a company may choose to utilize access control logs as its evidence of control for a regulation such as HIPAA. Because these logs are routinely stored and used for the business, they become part of the organization's e-discovery landscape.
|Examples of various types of information and places they may be stored that are relevant ESI evidence sources in many large enterprise.
This was first published in March 2008