Security Learning its Role in E-Discovery


This article can also be found in the Premium Editorial Download "Information Security magazine: Reviews of six top Web application firewalls."

Download it now to read this article plus other related content.

  1. Believing data should be massively centralized in order to accommodate finding it. Although a reduction in the number of repositories and instances of products can be a boon, it's not feasible to create a "super-storage vault." Any sane response to e-discovery will necessarily involve multiple data sources and multiple technical approaches. Organizations will have to employ many different technologies to attack the problem, including search, mapping and categorization/classification. Clearly, reducing the number of deployments of, say, SAP from 20 to 10 can be beneficial. But for many organizations, simply knowing the location of relevant documents and records would be a step above their current situation.
  2. Thinking that most e-discovery problems relate strictly to email. This mistake can be blamed on misrepresentations by some vendors and media reports. While email is an important and often material piece of evidence in litigation, it's only one of a great many records that need to be found, preserved and presented. No enterprise is going to satisfy the e-discovery challenge simply by deploying an email archive and/or search tool. Proper management of email is necessary but not sufficient.

Haystacks and Needles
If data is stored and used as part of the normal course of business, then it's

    Requires Free Membership to View

expected to be discoverable. The court has little tolerance for a claim that the needle is too hard to find in the haystack.

Some of the data types are obvious, such as email messages or electronic business documents. But security teams are sometimes confused about sources like video or event logs (see "Evidence Sources," below). Ultimately, legal counsel needs to rule on information's applicability, but because many types of ESI are generated and stored for audit or security purposes, they are fair game in court. For example, a company may choose to utilize access control logs as its evidence of control for a regulation such as HIPAA. Because these logs are routinely stored and used for the business, they become part of the organization's e-discovery landscape.

Evidence Sources
Examples of various types of information and places they may be stored that are relevant ESI evidence sources in many large enterprise.

This was first published in March 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: