Security Learning its Role in E-Discovery
This article can also be found in the Premium Editorial Download "Information Security magazine: Reviews of six top Web application firewalls."
Download it now to read this article plus other related content.
Relevant types of tools include:
- E-discovery point solutions: A handful of vendors have emerged to specifically address the e-discovery lifecycle. Such tools offer "one-stop-shopping" by locating important data in information repositories, helping to track legal holds and workflow, and keeping copies of information needed for cases. In truth, most products are grounded in a specific domain such as email archival, content management or forensics, which may not translate to all e-discovery needs. Example vendors in this category are PSS Systems and Iron Mountain's Stratify division.
- Storing business information: Storage of important records spans document management, Web content management, records management, email archives, file systems (local, storage area, network wide) and many other places. The critical lesson for the security team is that no stone can be left unturned under threat of judicial or regulatory repercussions. In addition, secondary information repositories may be relevant for preservation and production. In particular, various IT logs used as part of business operations may be in scope for discovery. An event log might corroborate a claim about when a particular email was sent or a transaction executed, for example. Network management consoles, log management solutions and security information management (SIM)
- products all play in this arena.
- Locating information: Classification tools help tag information or the containing repository with helpful meta data for finding data later. Although classification tools have not traditionally been used for discovery purposes, vendors are quickly adapting to the use case. Examples are EMC with its InfoScape product and StoredIQ. More common are search tools, which provide a means to index content in a variety of resources for later discovery. These include Web search, desktop search, enterprise search and taxonomy-management products.
- Transforming information: E-discovery rules allow opponents to request different formats for information, not just native format. It's difficult to know in advance what types of data transformation might be required for a particular case. Although various products can change the format of files, none of them rises to the level of an architectural consideration. Instead, they are just tactical tools used in a case-by-case basis.
This was first published in March 2008