Special E-Discovery Considerations When Solving the On-Premises vs. Cloud Debate
While most considerations point to a likely industrywide shift toward cloud-based e-discovery, each firm still needs to consider its own specific circumstances before proceeding with a given project.
December 28, 2018 at 07:00 AM
10 minute read
This article appeared in Cybersecurity Law & Strategy, an ALM publication for privacy and security professionals, Chief Information Security Officers, Chief Information Officers, Chief Technology Officers, Corporate Counsel, Internet and Tech Practitioners, In-House Counsel. Visit the website to learn more.
The cloud is everywhere in today's legal technology world, but knowing what to consider before embarking into the cloud can be daunting. While you have many of the same issues that exist in other industries, data exchange in the e-discovery industry presents some very interesting challenges, especially as the data flows downstream from the corporation to the e-discovery vendor and then to the law firm and even further down the line to the experts or others that are going to view the data.
How do you know if the cloud is right for you and your organization? While more and more cloud-based solutions are appearing in the e-discovery arena, which seem to be a better choice than on-premises solutions, e-discovery presents some special considerations that need to be examined before deciding what is best for your organization and really taking a stand in the on-premises vs. cloud debate.
|Security
Security is always at the top of people's lists of concerns when it comes to the cloud. The ability to have hands-on control and ensure security through your firm's firewall and other sophisticated security measures is one of the big draws of on-premises software over cloud-based software. As you can imagine, in the case of something as important as e-discovery, where the protection of confidential and sensitive information is a serious concern, many firms have historically been reluctant to relinquish that control and trust in the security of the cloud.
However, while the cloud may have originally raised real questions regarding security, those concerns have long since been addressed. In fact, weak security in the cloud is a huge misperception; the cloud might be safer than some of its on-premises counterparts these days.
Vendors who routinely deal in the storage of sensitive information have invested significant money and resources in security. Major cloud-based e-discovery solutions such as RelativityOne are built on the Microsoft Azure cloud or comparable cloud servers. Most corporations now require some form (or multiple forms) of security certifications such as SSAE 16, certain HIPAA requirements, as well as ISO, to name a few. These certifications can cost organizations tens of thousands of dollars per year to obtain and maintain.
Cloud providers like Microsoft and Amazon spend over $1 billion a year on security research and development and have huge teams dedicated to ensuring network security. Even the most security-focused law firm can't hope to meet that level of investment. When you opt for cloud-based e-discovery solutions, you get to take full advantage of that advanced security without having to invest in it yourself.
One of the hot-button topics regarding public cloud services is how the service provider can access the raw data. Larger corporate clients need assurances that their data is safe and private, even from the company that is hosting the files, the databases and the user credentials. For example, in the Microsoft cloud, a technology called Customer Lockbox is used, which gives the client complete control over whether a support engineer can ever touch its data. RelativityOne has a similar lockbox, as well as granular permissions that allow the customer to not only say that support can access the environment, but what, specifically they are allowed to access.
Beyond the compliance and customer lockbox issues, it is also important to understand the granular parts of the cloud solution. This is not just a question of access vs. non-access. What is the management platform that your network and security administration staff will have access to so they are able to define specific rules and controls and define the needs for access? Are there predefined roles in the system that you have no control over, or can you decide per screen, per field, per checkbox in the application what a user can get to? Not only should your solution have the ability to make these changes, but also the ability to audit these changes, especially in the event of some type of breach.
Security in cloud-based applications, although it can be enhanced, still does not entirely take the place of an overall security strategy. Even if all the data in the cloud or in your application is secure, if users are able to download or retrieve information out of the cloud, your on-premises or overall security strategy needs to account for this. If the cloud is locked down sufficiently and controls are in place but the application allows you to download to locations that aren't secure and encrypted, the data is no more secure than if it lived in the on-premises environment. Therefore the functions of the application and how data is made available for use need to be analyzed and sufficiently tailored to your compliance requirements just like when you weren't in the cloud.
A question that comes up often in corporate security RFPs is “When and where is your data encrypted?” The only acceptable answer is everywhere. For a cloud solution to be considered a valid option, data should be encrypted at rest, in transit and at every endpoint. This should be a typical question whenever you are considering any type of cloud solution, but especially an e-discovery cloud solution.
|Scalability
One of the greatest advantages that cloud-based storage has over on-premises storage is scalability. When you use on-premises storage, you must have a fairly good sense in advance of how much storage you will need — not just now, but in the long run. If you run out of storage, you have to scramble to add more servers. Perhaps worse, though, is if you overestimate how much storage you'll need. In those situations, you're stuck paying a lot of money for storage you aren't actually using.
Cloud-based storage, on the other hand, is infinitely flexible. When you use a cloud-based e-discovery system from a SaaS vendor, the vendor's entire system is at your disposal. When you need more storage or processing power, you simply increase your subscription plan and pay a little more. If your project shrinks unexpectedly, you can scale back to just the amount of storage you need, saving money in the process by no longer paying for unused storage.
|Accessibility
Like almost everything else in the digital era, the legal profession has become mobile. Lawyers no longer do all their work from their offices—they expect to work wherever they are, whenever something needs to get done. Because they depend on the firm's internal security measures, on-premises e-discovery systems often can only be accessed at the office or through specific remote access protocols. The story is very different for cloud-based systems. When e-discovery is hosted in the cloud, employees can access it anywhere, and on any device, as long as they have an Internet connection. In addition to making things more convenient for employees, this also makes it much easier to coordinate geographically dispersed review teams.
Cloud-based systems also tend to be less susceptible to interruptions caused by power outages or natural disasters because they have a more robust and less centralized backup system. SaaS vendors can manage necessary system upgrades and updates in a way that minimizes disruption to your project as well. On-premises interruptions are much more difficult to control.
Many cloud-based systems also have mobile apps that allow users to collaborate in the cloud, review documents in the cloud and manage their application from their iPad or tablet. The ability to make a responsive call on a document, shift resources around or simply catch up on the status of a project from the comfort of your couch and your mobile device can give any user the type of accessibility needed to stay productive.
|Cost
At the end of the day, many technology decisions at law firms come down to a question of cost. Spending for on-premises vs. cloud-based e-discovery software differs greatly. Conducting e-discovery with on-premises solutions requires a much larger capital investment upfront in crucial hardware like servers and backup drives, as well as IT staff to support and maintain the system. Investing in the on-premises infrastructure necessary to securely store e-discovery data is an ongoing expense and not an insignificant one. It often requires IT buy-in for purchase and support, but even in today's world, many IT departments still do not understand the advanced hardware requirements for e-discovery. Many IT departments still operate their e-discovery infrastructure on the same oversubscribed hardware used for regular infrastructure, causing performance issues that are only seen by the IT departments.
In contrast, most cloud-based e-discovery solutions are provided on a software as a service basis with a monthly subscription. The SaaS provider makes the initial investment in systems, servers and IT staff. As the subscriber, the law firm takes advantage of that infrastructure already in place, simply paying for necessary services as they are used. Subscription-based services allow firms to stay competitive with the most cutting-edge technology, but without the often prohibitive investment of capital.
|The Takeaway
While most of the considerations outlined above point to a likely industrywide shift toward cloud-based e-discovery, each firm still needs to consider its own specific circumstances before proceeding with a given project. If your firm is one of the few that has already significantly invested in on-premises servers, security and support staff, in-house e-discovery solutions might continue to be the right answer for the time being. As compliance and new regulations continue to mount, however, you may find that keeping all of it secure can easily double or triple your costs through not only employing the various security measures, but paying for audits as well.
There's a good reason more and more firms are making the move to the cloud. Between reduced investment in infrastructure, enhanced security and increased scalability and accessibility, cloud-based storage solutions offer benefits over traditional on-premises e-discovery solutions that might just be too good to pass up. So, if you are like many firms or corporations and have not made the necessary investment for on-premises solutions or are looking to cut expenses in these areas, you should strongly consider making the switch to cloud-based e-discovery. Just because you've always done your e-discovery in-house in the past, that doesn't mean you have to continue down that path in the future.
Stephen Ehrlich is the CIO at The MCS Group. With over 20 years of experience in the area of information technology, he oversees all technology operations for MCS.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
- 1As 'Red Hot' 2024 for Legal Industry Comes to Close, Leaders Reflect and Share Expectations for Next Year
- 2Call for Nominations: Elite Trial Lawyers 2025
- 3Senate Judiciary Dems Release Report on Supreme Court Ethics
- 4Senate Confirms Last 2 of Biden's California Judicial Nominees
- 5Morrison & Foerster Doles Out Year-End and Special Bonuses, Raises Base Compensation for Associates
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250