This article can also be found in the Premium Editorial Download "Information Security magazine: Reviews of six top Web application firewalls."
Download it now to read this article plus other related content.
An important step in the e-discovery process is opening lines of communication with the legal team to understand the implications of e-discovery. Doing so may not be an easy task. A tug-of-war between the IT and legal teams may result from their debate over what needs to be accomplished.
For example, legal may ask for record retention and retrieval systems that are cost- and resource-intensive, thus blowing IT budgets out of the stratosphere. Another example is last-minute legal holds (preservation requests) that give IT little notice but tremendous amounts of work. This relationship is a delicate one that may require some business management oversight to balance cost and demand.
Developing internal leadership also is wise. A number of large enterprises consider e-discovery to be of such paramount importance that they have created specific roles to lead the IT effort companywide. Such "e-discovery experts" close the gap between the legal team and the IT/security organization. They help facilitate communication for operational issues and manage projects to improve e-discovery.
Prudent technology changes will be required as well. Although organizations shouldn't save everything--it's too costly and risky--they do need automated systems that properly preserve what needs to be saved, handle sensitive metadata appropriately, and
| can transform data in accordance with the requirements of the legal team.
By enhancing policies and making careful technology choices, organizations can, over time, improve e-discovery response. As legal and security teams work together more closely, the critical issue will be defining and following information lifecycle practices so organizations don't find themselves on the losing end in court.
This was first published in March 2008