Entries categorized under “Litigation Readiness”

It's easy for those new to VMware, or even for those who have used VMware for awhile, to assume that all VMware backup solutions provide similar functionality. While it might be true to say that all of these solutions protect VMs, their similarities in many cases end there. Among their differences, two of the largest focus on how they manage VMware backups and the ensuing archives that are created which is where software like VizionCore's vRanger Pro stands out. (read more)

Last week's blog took a look at the 10 most read blogs in 2009 that were written in 2009. This week I wanted to step even further back and reflect upon the top 10 most read blogs in 2009 regardless of when they were written as I find this insightful in two ways. It lets me know what information continues to hold the attention of readers on as well as what topics from the past might become new trends in 2010. So while there is definitely some overlap between the two, there are also some entries that appear on this list that knock some of the top 10 blogs from last week off the list. (read more)

Smart managers always put a large emphasis on automating whatever processes they can within their organizations and for good reasons: processes become more predictable, there is a reduced chance of human error and ultimately the business is more successful. However businesses are finding out that it may not be in their best interest to automate data classification and that for now courts still prefer people to computers when it comes to performing this particular task. (read more)

A recent report from Ferris Research estimates that the total number of business e-mails sent in North America alone will surpass 139 million in 2009 and 143 million in 2010. This volume of email growth continues to put pressure on IT staff in every size organization to manage its inflow, outflow and retention. While the mechanics of managing emails inflows and outflows can be fairly straightforward, when it comes to setting policies as to how long to retain these emails, the picture can start to get a bit hazy. (read more)

"There is no truth if you cannot find relevant evidence and, unless companies get their eDiscovery act together, eDiscovery is about to destroy the American System of Justice as we know it." That statement summarizes the opening remarks that Ralph Losey, the noted eDiscovery attorney of FloridaLawFirm.com, made during a recent presentation. From there, he went on to explain why he believes most organizations - public or private, large or small - have no viable strategy for eDiscovery and why a reactive approach to eDiscovery is putting the viability of the American System of Justice as we know it at risk. (read more)

In 1978 the Presidential Records Act (PRA) was passed which fundamentally changed the landscape of Presidential records by moving them from a classification of personal information to the public domain. The PRA is explicit in describing that retention of records created by the President of the United States as well as the Vice President is the responsibility of the President. The PRA guides the President in how records should be handled and guides the steps in the proper destruction of records and how they are retained to comply with this federal statute. (read more)

Matt Kesner, the CTO of Fenwick and West and who runs the computer forensics group within that firm, even goes so far to say in a recent Symantec eDiscovery virtual round table that organizations who use social networking have lost control and it can seem sort of hopeless to get your arms around this new form of electronically stored content. But what is happening in response to this new wave of social networking is that some organizations are making employees responsible for the content they create on these Web 2.0 sites and instructing them to act as their own records managers. (read more)

A just released March 2009 Nielsen Company report, Global Faces and Networked Places, makes some startling observations about the rapid adoption of social networking such as blogs, social media sites (Facebook), Twitter and wikis among Internet users. While many may intuitively suspect that the adoption rate of these forms of social networking is accelerating, this report removes all doubt. It highlights that two-thirds of the world's Internet population now utilize social media sites, traffic to these sites is growing at 3x the rate of other Internet traffic and people now spend 10% of all Internet time on social networking sites. (read more)

A recent virtual eDiscovery roundtable that I participated in highlighted the difficulties that companies are having in getting their arms around the proliferation of electronically stored information (ESI) in their organization. This is especially true when one considers the growth of social media and how it can negatively impact them going forward. One attorney participating in the roundtable even went so far to say that, "We have lost control in regards to blogs, wikis and newer forms of social media." Thankfully the news is a little bit better in regards to the management of older, more mature forms of social media such as email but challenges still remain. (read more)

I had a friendly, yet disturbing, conversation with an acquaintance who happens to be a local bankruptcy attorney and trustee. (Boy, how his world has changed recently.) We started off just catching up (my business - not so good; his business - unfortunately very good). The conversation then moved to a local bank that had recently been shut down by the FDIC, and how the ramifications of its failure are being felt by individuals and businesses. (read more)

Over the last few months DCIG has spent fair amount of time researching and documenting specific reasons why tape will not die. Green IT is the one reason we most often hear cited for retaining tape, though new disk-based deduplication and replication technologies coupled with new disk storage system designs that are based on grid storage architectures can offset some of those concerns. So before organizations think that after 30, 90 or 180 days that they should immediately move their archival and backup data, deduplicated or otherwise, from disk to tape just to save money, there are certain intangible savings from an eDiscovery perspective that keeping data on disk provides that are not always feasible on tape. (read more)

A recent DCIG blog entry called into question the value of Bear Stearns selection of Orchestria and its inability to detect the alleged illegal activities of two of its Asset Management portfolio managers. More specifically, it asked why Orchestria did not detect the illegal activities of these individuals and why Bear Stearns did not configure it to monitor for these activities in the first place. The blog posting prompted a comment and phone call from Alan Morley, one of the individuals formerly responsible for implementing and managing Orchestria at Bear Stearns and why monitoring, detecting and preventing this activity is not as easy as it sounds. (read more)

Recently, I had a passing conversation with an attorney about FRCP and as we were talking, he kept bringing up areas that concerned him. So I asked him, "What is your biggest eDiscovery concern?" Without hesitation he replied, "Having a judge issue 'Death Instructions'." (read more)

The recent announcement that CA acquired Orchestria to extend its identity and access management portfolio to include data loss prevention raises some key questions about exactly what problems CA hopes to solve. While DCIG sees the value in companies acquiring and merging with other companies to solve specific strategic problems, this one left us scratching our heads a bit. After all, wasn't it Bear Stearns who back in 2005 selected Orchestria to oversee its electronic communications? But now, in the light of day, really how much benefit did its implementation of Orchestria provide Bear Stearns in light of its recent public failure? (read more)

Responding to an eDiscovery request is definitely not a task that most enterprise organizations eagerly anticipate. But the pain of an eDiscovery is often a result of poorly written or non-existent internal policies and procedures. An organization that takes the time to put internal policies and procedures in place may not only avoid this scenario but also lower its overall cost of doing an eDiscovery. (read more)

The portability and high capacity of flash drives is creating headaches for many companies. The Net is swarming with stories of the ill-use, illegal activities, and security concerns as more and more of these devices are lost and stolen or used to steal sensitive information. There are two basic categories of threats to information when corporations allow the free-will use of flash drives within an organization: the introduction of viruses, and the potential for lost or stolen data. (read more)

As analysts within the electronically stored information (ESI) space, DCIG pays close attention to not only features and benefits of specific products and solutions but also monitors other articles, blogs, and columns in the broader market place about specific vendors. In instances where allegations are made, it then tries to sort fact from fiction and present a more complete picture. Recently, some allegations about Autonomy have surfaced that sparked interest at DCIG as to their accuracy. (read more)

There is no question that the current economic uncertainty will continue to impact organizations on a global scale for some time to come and every organization is taking a much harder look at their IT budgets for 2009. Gartner notes that the projected IT budgets in 2009 will increase a meager 2.3 percent, down from the earlier projection of 5.8 while IDC has slashed how much it forecasts US IT budgets to grow to below 1% growth for 2009. But just because IT budgets for 2009 are getting cut does not mean the government is going to cut companies any slack in regards to meeting new compliance requests or giving them more time to satisfy them. (read more)

Not too long ago, we can recall checking our voice messages and finding 30 to 50 messages in our respective inboxes every day. We would listen to them and then delete some or all of them, making notes along the way until we reached the end of the mailbox. While some of the messages were irrelevant, some were very important in that they conveyed corporate direction or pseudo-contractual agreements. Given that same scenario today in the financial industry, companies need to exercise extra caution as regulatory agencies and courts heighten requirements for companies to make documents of any type available, including audio recordings (telephone messages, voice mail, etc.). (read more)

If compliance and eDiscovery were not already on the radar screen of every business prior to this current financial crisis, they better show up there pretty quickly. History tells us that anytime there is a financial crisis, more government regulations emerge that call for more visibility into corporate data stores and shorter time frames in which to produce requested information. But as Congress starts to have hearings and draft new legislation in response to this crisis, a question that companies need to answer now is who will pay for the technologies that they need to comply and which line item on whose budget should pay for it? (read more)

Today's financial crisis is not the first one to occur and likely will not be the last. However like previous stock market crashes, such as in 1929, we can expect to see new legislation take effect. Out of the crash of 1929 came the passage of the Securities Act in 1933 and the Securities Exchange Act in 1934 which ultimately resulted in the establishment of the Securities and Exchange Commission (SEC) in 1934. Since then, the SEC has been actively involved in making changes of the financial regulatory system anytime financial crisis occur and it is safe to say this one will be no exception. (read more)

Sarbanes-Oxley, FRCP amendments, the FTC Red Flag Rules and the Payment Card Industry's Data Security Standard (PCI DSS) are just some of the many federal, state and local regulations with which businesses may need to comply. This does not even begin to factor in the need to satisfy the many internal governance policies and procedures with which they need to adhere to. Then even if they somehow manage to satisfy all of these compliance requirements, they still have pools of data that do not fall under any compliance or regulatory requirements, at least not at the beginning of the data's lifecycle. (read more)

Before storing documents electronically gained acceptance in the enterprise, retrieving documents meant parsing file cabinets and retrieving paper forms. And when it came time to share that information with the public without revealing classified information, it usually meant copying the original document and then pulling out a black marker that was used to cross out sensitive information on the copy, followed by more copying until the underlying text could no longer be seen. So while in the last decade most companies have scrapped file cabinets in favor of document images, more companies keep the black marker handy than they would probably like to admit. (read more)

Phishing as a security risk has come a long way since its infancy and while phishing has changed its style; one thing that hasn't change is its effectiveness in attracting victims. By combining modern technology and social engineering to gain access to information such as credit card numbers or passwords, criminal activity is flourishing across the Internet. In the May 29th, 2008, Quarterly Trends and Analysis Report by US-CERT (United States Computer Emergency Readiness Team), the top reported security incident was phishing. The documented risk noted by US-CERT bears itself out in statistical evidence tracked by organizations such as the Anti-Phishing Working Group (APWG) which showed the number of unique phishing sites reported between January and March of 2008 was a combined 81,215. These staggering numbers highlight the reasoning behind the FTC Red Flag Rules. (read more)

If there are any two disciplines within corporate IT that should be in the process of becoming best friends, if not inextricably linked, it is security and storage. Storage management teams routinely send data offsite on tape or optical media, grant administrators or users permissions to search production or archived data stores during eDiscoveries or change backup policies on the fly with minimal or no supervision. The problem that emerges is that when companies are asked to prove that they can comply with certain laws or to respond to a legal eDiscovery, it turns into a corporate fire drill with security and storage scrambling to prove they managed corporate data according to preset corporate policies. This begins to change with today's announcement between CommVault and McAfee, Inc, as it creates a new mechanism for companies to proactively monitor corporate data while preventing corporate data leakage. (read more)