Archives for mcook

Key Considerations Before Migrating to Office 365

Companies of all sizes are preparing for their transition to the cloud. Office 365 (O365) will likely be a foundational part of that transition, particularly for small- and medium-sized businesses.  The transition is certain: it’s no longer a question of if, but a matter of when businesses will do it.

For small- to medium-sized business, there are a number of things that must be considered, from internal processes to compliance. While the benefits of migrating to the cloud may be clear: lower operational costs, simplicity, scalability, redundancy, and easy mobile access – the risks are easily overlooked.  We’ve compiled a list of things to consider before making the big move to the cloud.

    1. Data Protection
      Office 365 ChecklistCompanies with highly sensitive data naturally have heightened security needs and would be wise to consider how comfortable they are with having all of their data stored on a public cloud server. While O365 is very secure – it maintains high standards for backup and encryption procedures – migrating entirely to the cloud is effectively entrusting your data to a third party. A solution partner like RVM can help your organization adopt best practices such as minimizing the identity information copied to the cloud, providing policy to block unauthorized access, and employing multifactor authentication and integrated device management. Industry standard security parameters are available and can be customized to fit your organization’s requirements. Depending on the complexity or simplicity of your environment, it may be recommended to look for a hybrid solution where some mailboxes remain on premises as others move to the cloud. This allows you to test as you migrate.
    2. Compliance
      Many businesses today are bound by compliance. While this may have prevented businesses from adopting the cloud in years past, it’s less of a hindrance now that the Financial Conduct Authority has approved cloud usage (including public cloud providers). That said, understanding your company’s compliance responsibilities should still be a consideration before migration.  These may affect your company’s use of document retention and  data export settings, should you need to demonstrate documentation in response to a subpoena or compliance investigation.  Your licensing package, volume of data, and software expertise impact how efficient or inefficient this endeavor can be.
    3. Litigation Readiness
      Often companies overlook the business need to be litigation ready. They look at solutions like O365 as a means to reduce their operational costs related to IT and forget that there may be an impact down the road, like when faced with an SEC subpoena or a civil litigation.  When implementing O365, companies need to  conduct analysis beyond email, and consider additional impacts such as email archive solutions, integration with other business systems, and how to functionally use it to accomplish data exports or other recovery tasks.  Companies often realize their inability to accomplish these things too late, when they are faced with subpoenas and document requests, and end of paying a lot of money to quickly fix what they already spent a lot of money to implement.
    4. Managing Accounts
      For small- or medium-sized businesses, finding a solution to automate the cumbersome process of setting up accounts across cloud apps is crucial to success. Tools that enable provisioning of users for all services can be difficult — especially if you have custom or legacy apps that require complex configuration – but often pay off, as provisioning is typically the easiest way to add new users into the Active Directory. There are a number of options for managing synchronization between Active Directory and O365, supporting third party applications and single sign-on, and providing multiple accounts for multiple applications.
    5. Licensing
      O365 licensing includes many options. Many users will require different levels of access, based on use case. A valuable asset of O365 is the ability to avail the right toolsets to the right users. The platform also enables administrators to track license consumption and availability, reducing costs and simplifying true-ups.
    6. Hands off – Patch Management & Control
      Moving to O365 means giving up control over elements such as the patch management process, software upgrades, and other administrative tasks that could previously be performed on premises. Many organizations use third party utilities to manage their internal servers (Microsoft Exchange, Lync/Skype and SharePoint), but utilities designed to be installed directly on a server won’t work with O365 – as the management is done through O365’s portal. One benefit of remote management is that Microsoft pushes out environment updates regularly, meaning that users will always be running the most recent tools.

Above all, there is no one right answer for all organizations. Each should take the time to consider all the factors mentioned above (and any others that are relevant to the company or industry) and weigh the pros and cons. Should your company elect to migrate to O365, it is critical that you do so strategically, and with consideration for the safety and security of your data. Hiring a company like RVM to oversee the migration can ensure a proper setup protecting your company from threats now and in the future.

Leading Technology Through Strategy

As 2017 comes to a close we at RVM are taking stock of the changes we’ve seen this year and honing our strategies to remain on the forefront of analytics and technology application in eDiscovery in 2018. eDiscovery has undergone immense change as technology has evolved to tackle growing data sources and foster the needs of the attorneys wading through them. While that evolution has resulted in improved workflows adoption of these workflows has thus far been slow.

Technology Options

There are myriad technology options – a seemingly unending list of interesting tools that promise to push our industry into the future. It would be easy to race right to artificial intelligence (AI) and push ourselves into the sphere of the futurists. However, as we discussed in our recent webinar “Demystifying Analytics, Automation, and Predictive Coding in eDiscovery” there is no one-size-fits-all solution for the best application of technology and analytics, and the focus should be on the project process and goals – not the technology.

The webinar was designed to make attorneys comfortable with the many ways analytics can be used to accomplish your matter’s goals in the most efficient and — more importantly — defensible way. We also wanted to highlight that the courts are quickly adapting to these changes and embracing counsel’s use of technology up to and including predictive coding. The most pertinent decisions are summarized in our webinar materials. Full versions of those cases can be found in the Sedona Conference TAR Case Law Primer.

Those thoughts were echoed in a recent article for LegalTech News entitled “eDiscovery Leaders Look to Methodology, Not AI, to Update Toolkits.”

Applying the Technology

The article recognizes industry experts who agree that parties have become more comfortable with the technical aspects of eDiscovery and seem more willing to utilize technology to accomplish their goals. They see increased adoption of technology-assisted review (TAR) and predictive coding on the rise, and the courts support this evolution. The continued and thoughtful use of technology will make for better case outcomes, but the process needs to match the goals. The article’s author, Ralph Losey, points out that “Software improvement by vendors should be a constant process, but that is usually beyond the direct control of lawyers. What we can control is the methodology.” We agree with this sentiment.

Our aim for 2018 is to continue to be on the cutting edge of technology application for our clients, by coupling it with strategic consulting in order to leverage the right technology and process to meet a client’s goals. Without the process, the technology will not succeed on its own.

It Pays to Use Formal Discovery

Preparing for litigation comes with a mountain of expenses and challenges —much of which are attributable to discovery. And, as data volumes grow, so too, do those discovery costs. Unfortunately, eDiscovery is often misunderstood by clients and rationalized to be more complicated than it needs to be.

In an effort to contain the rising tide of costs and perceived complexity, some litigants are undertaking “informal discovery” — a process that on its face seems like a cost-effective and ideal option. It allows for the exchange of key documents without the burden of production format, custodian tracking or consideration for defensibility. In a common scenario the client will comb through their own inbox and send the relevant emails to counsel.

Sounds like a good deal, right?

“Clients don’t like the idea of paying money for things that they believe they can do themselves,” says Greg Cancilla, Director of Forensics at RVM Enterprises. “Collecting data can seem more like a job for an intern than an eDiscovery and legal forensics firm.”

Although it might seem like a cost-effective approach, parties that engage this way may be in for trouble.

The Trouble with Informal Discovery

Common Missteps in Informal Discovery
Self-selection of relevant documents
Self-collection of ESI
Emailing documents to counsel as attachments
Copying and pasting files to external media or an FTP site
Producing ESI by a) printing to hard copy or b) converting the files to .pdf
Bates numbering documents individually

A major concern with informal discovery is the risk exposure regarding authentication of evidence and the potential extra time and costs one might incur to correct the collection of data.  While eDiscovery providers have developed systems and technologies that enable them to work quickly and efficiently in an appropriate review environment, an informal approach does not offer those advantages. eDiscovery providers take the appropriate time and use the correct processes to collect data so that it can be done once, efficiently, and defensibly. With informal discovery, if further searches are warranted, the entire process may need to be repeated, adding undesirable costs and time.

Another issue is the likelihood of altering metadata. By using the “copy and paste” — or “foldering” —approach to data collection, you run the risk of modifying key dates such as last opened, last modified, etc. This can make authentication problematic, and makes it harder to sort and de-dupe files that have been modified, again adding to cost.

The most important shortcoming of the informal method is the unnecessary risk of misstating the scope of the production of electronically stored information (ESI). (Applied Underwriters, Inc. v. American Employer Group). In some circumstances, courts have held that self-identification and collection may not even be defensible.

According to Cancilla, “Self-collection puts all the responsibility on the custodian to determine what ESI is relevant. Foldering in particular can be troubling, as even well-intentioned clients may simply not realize that certain sources, a sent mail box for example, need to be included in the folder to be produced.”  In today’s age of electronic information, it is important to note that relevant information is not just the substance of the document, but also the metadata — or surrounding information — of the document.  FRCP Rule 34(b)(2)(E) advises that a party must produce documents “as they are kept in the usual course of business” or must “organize and label them to correspond to the categories in the request.”  “Informal Discovery” adversely impacts that instruction.

Changes on the Horizon

Two proposed amendments to Federal Rule of Evidence 902 are set to take effect on December 1, 2017 that will significantly affect the collection of ESI and its admissibility. In addition to providing a structure for standardizing ESI collection, these amendments, 902(13) and 902(14) demand a stricter, more organized method of collection that is outside the scope of informal eDiscovery. Where the current version of Rule 902 allows for self-authentication of certain types of documents, the new additions allow for authentication of electronic evidence by an affidavit of a “qualified person” who can certify in writing that the document was obtained with the requirements of Rule 902(11) and (12).

“The new rules are changing everything,” continues Cancilla. “It doesn’t make any attempt to disincentivize self-collecting, but by making ESI gained through formal discovery ‘self-authenticating,’ the advantages are well worth any cost to work with the professionals.”

The new rules cover records that can be authenticated using a document’s hash values, which are assumed to be unique. For purposes of authentication, hash values are the backbone of the proof that Rule 902 requires, but not the only allowable method. As the Advisory Committee on Evidence notes, “[t]he rule is flexible enough to allow certifications through processes other than comparison of hash value, including by other reliable means of identification provided by future technology.”

As December draws closer, parties must consider the implications of these rule changes and how they may affect authentication in upcoming trials. If they wish to take advantage of the new rules they must be prepared to track digital fingerprints on any new collection. If they don’t, they stand to spend more time and money authenticating their documents, including having their own in-house IT and network administration staff called to testify.

Says Cancilla, “Using the informal method of discovery is like driving with too little insurance: you’ll save money for a while, but if anything bad happens, you could wind up paying for it. Companies should remember that a well-documented and formalized data collection process is a small investment relative to the overall eDiscovery spend, but can significantly affect accuracy and defensibility.”

###

Greg Cancilla, EnCE, ACE is a Certified Computer Forensic Engineer and the Director of Forensics at RVM. He has performed countless digital forensics investigations since entering the field in 2003. Additionally, Greg has offered testimony in numerous cases, including presenting a key piece of evidence in Ronald Luri v. Republic Services, Inc., et al., which rendered the largest verdict in the State of Ohio’s history.

4 Questions About Media Preservation & Restoration

Last month RVM announced that it had acquired The Oliver Group – experts in collecting and preserving data stored on tape and other offline media.

Anyone involved in litigation discovery and collection understands the critical nature of electronic data. Long gone are the days of collecting paper from centralized file cabinets. Instead, companies are challenged with collecting data from multiple sources, such as email, hard drives, file shares, cell phones, social media, and older media including backup tapes. At times these backup tapes and offline media, often found tucked away in storage closets, can be the most burdensome and expensive to collect and process.

Unfortunately, with so much attention on cloud solutions (e.g., SAN and NAS storage, and other easy data storage options) there just aren’t as many companies capable of handling this kind of data properly. However, collection and authentication of offline files in a defensible manner is just as critical as for their digital brethren.

That’s where RVM and The Oliver Group come in. To learn more about the acquisition and why it’s such a game changer, we spoke to Chief Operations Officer, Sean King.

 

Sean KingWhat was the impetus for this acquisition?

RVM was interested in meeting its clients’ needs by becoming a one-stop shop for forensics, media restoration, and eDiscovery services. We saw The Oliver Group and the services they offer as a great partner that is very well-known and respected among clients and competition in the industry.

How will media preservation/restoration be folded into the work that RVM currently does?

Media preservation and restoration are a natural extension of RVM’s services. We’ve actually had a long working relationship with The Oliver Group, so we’re familiar with them and how they work. Our goal has always been to manage our clients’ eDiscovery needs – from data collection through document review and production – and this acquisition makes that possible in such a way that clients benefit with a streamlined process and lower costs.

With so many tech and media companies in the market what makes The Oliver Group’s work special?

The Oliver Group is one of the select few companies that understands media and its application to legal discovery requirements. RVM and The Oliver Group are both focused intently on the defensibility of the data that are collected – that means having policies that indicate compliance with a comprehensive audit trail and chain of custody. We have to be able to track the movement, access, and location of the data in question throughout the life of the evidence, and that is not something that a commercial media firm is equipped to do.

What do you see as the long-term future of media preservation/restoration?

There will always be a need for media preservation and restoration as companies respond to disaster recovery, compliance requirements, and litigation needs. Data management continues to evolve, and being able to support all storage mediums is a requirement for service providers looking to offer clients a cost-effective and defensible offering.

###