Legal professionals, from general counsel to managing partners, are becoming increasingly aware and concerned about data security and compliance. This concern is justified by the data breaches and hacks that riddle law firms and legal departments and often populate our news streams. Just the other day, Tech Crunch published a piece about the SEC’s investigation of Yahoo, who reported a massive data breach in September, as well as December. The SEC investigation is due to the fact that it took Yahoo months to report of the breach.
Many professionals in the space have learned they need to actively manage data and that deposition must be automated to ensure that data is kept on the right network. But these same legal personnel are quickly learning about technology that can help address security, general information governance, and compliance concerns, particularly behind the firewall and in the cloud. And this brings us to an interesting point: there are distinct benefits and risks with whatever solution an organization chooses – whether to bring technology solutions behind the firewall in hardware solutions or in the cloud, or keep them in an outside provider. Let’s talk about a few of them here.
Solutions behind the firewall
Whether hardware or cloud-based, investment in new technology requires money, time and internal resources, and this applies to the maintenance of the system, as well as the setup and implementation. The IT/IS folks who implement an information governance system should be familiar with the technology, particularly within the legal community. Whatever the solution, a provider must be able to deliver workflows and show solutions in court. There are two ways that these solutions can be implemented:
In-house hardware appliance
Implementation of hardware that can manage early information assessment or information governance behind the firewall connect to the Exchange, Office 365, Sharepoint and other cloud solutions through the Active Directory (AD). These appliances can track internal data real-time so that corporations can be continually aware of potential compliance issues. The advantage of the appliance is that it provides true “behind the firewall” security and allows for full ownership of the hardware location.
While the cloud-based solution is not truly behind the firewall, today’s corporations have accepted that cloud-based solution meet security requirements. Because of this, cloud-based solutions provide all of the software benefits of the in-house hardware appliance, but also provide extreme flexibility and robustness, because they are able to scale immediately, when a need arises around big data or specialized server requirements.
Hosting data with a service provider
Most eDiscovery software is used within a service providers’ firewall – and not within the organization itself. There are a number of pros and cons to this type of solution. Data solutions within a service provider are tended to by a dedicated team of professionals. For businesses with a limited information technology/security group, this is ideal because the providers’ team cab learn your data and how to best assist your team. While you are relying on a provider’s firewall and cybersecurity efforts (many of which are likely more robust), certain clients may need to bring to bring the data hosting solution in-house for compliance reasons. While not always recommended, this is becoming more common as corporations want to leave their data in-place, except when it is identified as potential responsive or is essential to an investigation. However, at the same time data is being housed in-place, corporations understand that service providers are needed to manage the day-to-day administration of the software tools, as well as provide expert advice around the specific, highly-critical tasks that need to be performed.
There is no right or wrong answer in how corporations and law firms manage data. Security comes with a cost – each organization must weigh for itself the specific benefits of each solution and choose from there. Within our space, the litigation sphere, a good service provider can support any data hosting and information governance solution.