eDiscovery Daily Blog

• August 31, 2017

In my webcast discussion with Tom O’Connor yesterday, we had a terrific discussion of several pros and cons of both on-premise and off-premise (cloud) eDiscovery technology solutions as well as other factors to consider.  If you missed the webcast, you can check it out here.

While we talked about advantages of each approach, we also discussed how your overall eDiscovery solution could include both on-premises and cloud-based tools and mechanisms for a “best of breed” approach to meeting your eDiscovery needs.

But, if you’re considering a cloud solution, how do you know whether the solution(s) you’re considering have the security mechanisms your organization needs?

Earlier this week, Rocket Matter published an interesting post (written by Larry Port) that discussed vetting your cloud providers that might provide some insight.  While the article provided a link to the security standards developed by the Legal Cloud Computing Association (LCCA), it also provided a succinct list of ten items to address with your cloud provider to ensure that the provider can meet your needs.  Here they are:

• You should own your data. The cloud provider should not own it.
• You should be able to get your data out of a cloud system at any time in a usable format.
• Encryption should be used to safeguard client information.
• The cloud provider should be able to spell out their backup policies.
• You need to determine who at the cloud provider has access to see your data and under what circumstances. You must be comfortable with the answer.
• Find out if the company has had a breach before. If so, how did they respond to it?
• What measures does the cloud company take to ensure cybersecurity on an operational level? In other words, aside from the application you’re spending money on, is the organization itself safe? Do they conduct background checks on employees? How do they manage passwords internally?
• Does the application limit attempts to log in to prevent brute force and dictionary attacks?
• Can you use two-factor authentication?
• How does the company handle data destruction? It is important when you leave a service that copies of your data are not lying around.

This is a terrific list of guidelines to keep in mind when considering cloud providers and it’s a good idea to get an understanding of how they would address each of these areas.

Also, if you’ve been watching the news the past few days, you’ve seen the devastation in my hometown of Houston from Hurricane Harvey.  What can you do to help?  Consider donating online to the Houston Food Bank, Galveston County Food Bank or Corpus Christi Food Bank.  Or the Coastal Bend Disaster Recovery Group.  And, if you’re in the Houston area, you can volunteer at the American Red Cross here or by calling 713-526-8300.  Thanks for your help.

So, what do you think?  How do you evaluate cloud providers?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.