10 Things to Know Before Moving E-Discovery to the Cloud
The adoption of cloud computing has been an undeniable force spreading quickly across all segments of the technology market.
In the legal industry, cloud or software as a service accounted for 49 percent of all e-discovery software revenues tracked in 2011, according to Gartner’s report, “Market Trends: Automated, Analytical Approaches Drive the Enterprise E-Discovery Software Market.” Cloud computing is attractive because it enables users to do more with less; however, with this great power comes great responsibility and risk. This risk comes in the form of legal, security, business continuity and compliance issues. When e-discovery is involved, the risk considerations become increasingly complex.
If your organization is considering moving data to the cloud, or transitioning e-discovery systems to the cloud, follow this checklist of the top 10 things to consider before taking the leap.
1. Actively involve all stakeholders across multiple departments.
While it may seem like an obvious first step, getting all of the key stakeholders at the decision-making table is much easier said than done. Deployment of new software is often done in haste by a single stakeholder in response to looming deadlines or critical business needs. This type of reactive response leads to challenges late in the process that can ultimately slow things down and incur more costs than if it had been handled proactively from the start.
At the very outset of evaluating the cloud, it is important to take a holistic, organizational view and involve as many stakeholders and members of management as possible, typically from legal, IT, compliance, security and any other department that may be impacted by a new model. By having a complete group of decision-makers at the table, it is easier to identify the objectives in moving to the cloud (for example, if it is efficiency or cost driven), and it provides an opportunity to look at information management, data privacy and storage policies and procedures long-term to make sure they are effectively working for the company as a whole.
2. Document and define areas of potential cost savings.
First, the e-discovery process as defined by the E-Discovery Reference Model should be taken into consideration, with the legal team leading the discussion about what characteristics of the cloud provider and e-discovery software are most important from a legal perspective. Productivity and robust features that enable a fast review process are important, as well as comprehensive capabilities that address the entire e-discovery process.
Secondly, the evaluation team will need to address maintenance, support and the impact to data center management and storage, ensuring there is cost efficiency around data infrastructure.
Thirdly, risk mitigation should be addressed. Specifically, ensure that the selected software can limit the amount of rework associated with collecting data through other platforms or via in-house systems. Outages and other unforeseeable disasters can cause missed deadlines in the e-discovery process, which may lead to sanctions that dwarf the upfront cost of evaluating and implementing a reliable solution.
3. Evaluate the e-discovery platform first and the cloud options second.
The review capabilities, production capabilities and formats an e-discovery platform can handle are just some of the factors that must be considered prior to or in parallel with the search for cloud solutions. This step assures that the fundamental e-discovery needs of the legal team will be met.
IT evaluations can take up to six months or more in many cases, and if issues with infrastructure compatibility or internal resources to support the product are detected at the end of an evaluation, significant time is wasted and IT is often left scrambling to implement. Once the right e-discovery platform is in place, or at least the key factors have been evaluated, the stakeholders can determine which type of cloud solution will fit the existing needs.
Further, information management, IT and legal decision-makers must consider a few important features to expect from a cloud provider to ensure it can meet the compliance and legal needs of the company. Primarily, cloud providers need to be secure so that client data is not co-mingled with other data and potential data loss is significantly mitigated. If the cloud provider allows for self-administration, then the customer owns control of the data without the strain of hosting it.
4. Benchmark your existing e-discovery processes including data upload, processing, review and export.
In cases where existing e-discovery software is already in place internally, evaluate whether moving to the cloud will be beneficial in terms of cost and time savings. Have a clear understanding of the current e-discovery process and the turnaround time for getting data uploaded, reviewed, processed and exported. Key benchmarks include data throughput on file transfers, data processing rates, as well as the potential speed of review – often measured by the number of decisions per hour that can be made by the reviewers. Many e-discovery practitioners, reviewers and project managers have been able to realize increases in their team’s overall review productivity through the use of data analytics and visualization tools or applications.
Test these same processes in the potential cloud environment and make sure it changes for the better. This is not always the case; any results that are lacking are a potential showstopper – at least for the e-discovery aspect. It’s also important to determine if data can be exported quickly and in a format that is generally used in e-discovery to avoid additional costs of meeting unsupported requirements of a regulatory body or opposing counsel.
5. Learn the differences between public and private clouds.
Understanding the different types of clouds — specifically the difference between public and private — is critical for e-discovery due to the sensitive nature of the data. Companies need to understand where there data will go, how it is protected, and if it is secured according to any industry specific regulations that apply (e.g., HIPPA, Sarbanes-Oxley, etc.). Global considerations apply as well for multinational companies that may need to conduct e-discovery across borders and handle varying data privacy regulations.
The National Institute of Standards and Technology outlines some characteristics of different types of clouds to help companies determine what is best for their needs. Before choosing a cloud provider, research and understand the differences. According to NIST, private clouds are “provisioned for exclusive use by a single organization,” may be owned and managed by the company or a third party, and may be hosted on or off the company’s premises. Public clouds are open for general use and on the premises of the cloud provider, which may be a business, government or other organization. There are also community and hybrid clouds, which offer a varying degree of features between public and private.
6. Assess potential - and realistic - risks associated with security, data privacy and data loss prevention.
Security is the number one concern when it comes to cloud computing, and e-discovery only exacerbates the issue. This is further reason for having security stakeholders within the company involved in the transition to the cloud. It is imperative that clear-cut policies and objectives are in place (e.g., how secure the data is currently and how secure it must be in the cloud), that a good understanding of how user access to information is managed, and that compliance needs are considered a top priority.
As mentioned earlier, many issues arise for global companies trying to manage various rules and regulations around data handling, access and privacy across a number of countries. Multinational companies have a big challenge in understanding privacy issues related to protecting privileged information and adhering to storage and retention requirements in multiple geographic divisions. Due to the complex legal and regulatory issues, the security and legal teams must work closely to determine a cloud provider that can meet all of these needs.
Data loss prevention is another security concern. Questions to consider – and to ask of a potential cloud provider – include: Are there adequate backups? How fast can data be restored when there is loss or files are corrupted? Is there a possibility of data co-mingling? What are the weak points for sensitive data being exposed to parties that should not have access to it?
7. Develop an implementation plan, including an internal communication strategy.
All of the teams impacted by a new implementation—specifically legal and IT —should be on the same page regarding the impact to their department. Legal needs to understand how the solution is going to be delivered to their team and how their workflows may change. In parallel, IT support should have a clear plan for how the new systems will be maintained and managed, as well as any policies and procedures that will be impacted. Testing and conducting a proof of concept on work procedures is paramount in ironing out any problems before the implementation is complete and permanent.
This also includes a plan around communicating across teams and measuring how the projects and user experience are proceeding. Metrics for evaluating the system/service should be quantifiable to maintain productivity long-term.
8. Leverage the success or adoption of other SaaS solutions in the organization to lessen resistance.
Change is often met with resistance. The process of moving to the cloud and/or moving e-discovery to the cloud will need to be driven through cultural change management. People impacted by the change may worry about how it will affect the importance of their role, their productivity or their ability to continue meeting individual professional goals. Leverage previous company-wide transitions to SaaS solutions (such as email, document management or online productivity applications such as Microsoft Office 365 or Google Docs) to illustrate the type of change and improvements that can be found in day-to-day efficiencies and how these can take place without major disruption to workflow.
Shape the mindsets of the users that will be most impacted by the new solutions by identifying how e-discovery can benefit from a cloud-based model. Provide case studies of other organizations that have reduced cost, increased productivity and streamlined the review process with e-discovery in the cloud. Be transparent with regards to changes to the user experience; we’re all creatures of habit, so a little change may be perceived as very disruptive by some users while others embrace the change or trade-offs for more up-to-date technologies.
9. Run a pilot on a small project before moving to larger, mission-critical matters.
Find a test data set or dormant case that has known outcomes, and run it in the new, hosted or cloud environment. This pilot project will validate that the benchmarks are where they need to be and that the expected benefits are achievable. By confirming results—and the ability to meet compliance needs—on a small project, you will aid change management as well as identify potential problems.
This is also a great way to build enthusiasm among stakeholders – if they are involved as users on the pilot, and see the positive results, they will be motivated to drive a successful implementation. Be sure to choose a provider that is willing to run a pilot in partnership with the stakeholders. Once the pilot is complete, apply the new system to mission critical matters in a calculated way over time to avoid any possible gaping holes in the process.
10. Understand you are still the ultimate custodian of all electronically stored information.
The data belongs to you, and the burden of controlling it falls on you. The Federal Rules of Civil Procedure state that no matter where the data is hosted, the company that owns it is ultimately responsible for it. The obligation to produce and manage data in response to litigation or investigation is not absolved simply because a third party is hosting it.
Any company considering moving e-discovery to the cloud can look forward to change toward a more successful business model — if the implementation is done correctly, with the right providers. As the legal process unfolds and more and more analytics tools are introduced to the market, the cloud will allow legal and IT to focus on their core competencies rather than trying to determine how to host the next new software solution. This provides more room for innovation, revenue growth and new practice areas for service providers.