This article can also be found in the Premium Editorial Download "Information Security magazine: Reviews of six top Web application firewalls."
Download it now to read this article plus other related content.
The most developed organizations will integrate e-discovery into the standard lifecycle of information management (see "Road to Improvement," below). For example, during information creation, organizations will apply tags to data that help set context and enforce policies. These may include things like "Project: WidgetCo," "Last modified: |
Similarly, as data is to be archived, it may be de-duplicated (so there's only one canonical copy), have sensitive metadata removed (such as trade secrets), and be flagged for preservation if a known court case is pending.
A sticking point, however, in information lifecycle management is the important data users often create on their individual systems in an increasingly mobile world. This begs the question: What needs to be done about user PCs?
There are two answers. The first is to discuss the issue frankly with a legal expert. Given that ESI rules are still relatively new, it's not yet clear how courts will respond, and only an organization's lawyers can offer the final word. The second is to evaluate and deploy possible additional
| controls for the user environment. One approach could be improved host policy enforcement, perhaps through content-aware agents, monitoring, or rights-management solutions, but more likely via detective and deterrent effects of random or comprehensive audits. Ultimately, any technology choice must be buttressed with user training and awareness that makes clear the policies and processes, and what's expected from users.
This was first published in March 2008