A Strategic Approach to Cloud E-Discovery: Five Key Considerations

Bryant Bell

According to a Nov. 2011 survey from analysts at eDiscovery Journal, 35 percent of in-house legal teams surveyed were planning a move to a cloud or hybrid cloud solution for e-discovery. Why this increasing interest in cloud? Because of the scalability, computing power, and secure accessibility it offers for facilitating portions of the e-discovery process.

If you’re considering a move to cloud or hybrid e-discovery, you first need a good grasp of what the cloud can and can’t do. And central to that is an understanding of which e-discovery processes are best adapted to cloud solutions. In actual practice, those phases best suited to cloud solutions are:

• Processing
• Analysis
• Review
• Production. 

Why? A key reason is that these phases usually involve multiple resources in multiple locations from both inside and outside of a company and its network security perimeters.

The Hybrid Approach Opens Up New Capabilities

We believe that the cloud is the ideal location for a centralized legal repository that offers all geographically dispersed parties secure access to the documents involved in e-discovery proceedings. Combined with an on-premises solution for the legal hold, identification and collection, and preservation stages of the e-discovery process, this hybrid approach delivers the most value to corporate counsel.

With its one-click integration with CaseCentral’s private cloud-review platform, EnCase® eDiscovery v5 takes this hybrid approach with some high-impact results and features for legal teams:

• Only one copy of confidential data is stored in the centralized legal repository
• E-discovery managers are empowered with central oversight of the entire e-discovery process 
• Outside counsel and other geographically distributed participants can easily access the centrally stored case documents and workflow, instead of petitioning the IT department to give outside parties direct access to the corporate network through the firewall.

With that foundation as a start, here are five other considerations for choosing the right cloud-based e-discovery application.

1. Maintain oversight when implementing a hybrid cloud approach

Cloud-based e-discovery applications meet the in-house test without a host of other IT-related decisions and purchases (including the hardware, systems, data centers and human capital necessary to deliver the application). This often results in less risk, greater efficiency and lower, more predictable costs than purchasing, installing and maintaining on-premise software.

2. Choose a private cloud network over a public cloud network

The difference between public and private clouds is very important for those performing e-discovery. A public cloud uses shared hardware, software and applications that are available to a wide range of service providers and consumers.

3. Ask for disaster recovery and business continuity technology

System crashes or natural disasters can impact not only cloud computing providers, but also any corporate enterprise or law firm. To provide maximum benefit, ensure that a cloud e-discovery provider offers enterprise-class disaster recovery, with an SAS-70 Type II certified and replicated data center in the event a service gap or power outage occurs. Providers also should offer business continuity planning protocols to ensure that core business processes are preserved and service to clients is maintained, avoiding a “ghost ship” scenario in which systems may be up, but core business processes fail.

4. Ask for security and compliance certifications

The notion of security for cloud-based e-discovery apps is manifold and must include data security, physical security and network security. Massachusetts provides a good example of this balanced security with 201.CMR.17, a data protection law that requires third-party service providers that are capable of properly safeguarding personal information to do so[SBM1] . The third-party service provider provision in 201 CMR 17.00 is modeled after the third-party vendor provision in the Federal Trade Commission’s Safeguards Rule. 201.CMR.17 requires each and every service provider to have and provide a written information security program and to encrypt data in transit. Other states are writing, planning to adopt or have already adopted similar legislation.

5. Multi-matter, multi-party and business intelligence capabilities are important

The ideal solution is a private cloud-based e-discovery software application that stores only a single copy of a document, despite the fact that it may be used in multiple cases with different workflows and designations in each. With such an application, the data can be centrally managed, controlled and secured regardless of the number of firms or users who need access. And the corporation can audit security once, thereby ensuring compliance and privacy requirements, as opposed to auditing any number of outside counsel and vendors that receive the data.

In summary, leveraging a hybrid solution for cloud-based e-discovery tools, especially for review and production, can boost the security and accessibility of data. When integrated with on-premise tools for collection, processing, analysis and early case assessment, this hybrid combination appears to deliver a best-of-breed solution that could be called “e-discovery done right.”