Hype Cycle for Legal and Regulatory Information Governance, 2011

Size: px
Start display at page:

Download "Hype Cycle for Legal and Regulatory Information Governance, 2011"

Transcription

1 Research Publication Date: 26 July 2011 ID Number: G Hype Cycle for Legal and Regulatory Information Governance, 2011 French Caldwell Information governance is emerging as a critical discipline. Legal departments and IT organizations must work closely together to improve it. Many different information technologies can complement strategies to improve information governance Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed in any form without Gartner's prior written permission. The information contained in this publication has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. This publication consists of the opinions of Gartner's research organization and should not be construed as statements of fact. The opinions expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartner's Board of Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization without input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartner research, see "Guiding Principles on Independence and Objectivity" on its website,

2 TABLE OF CONTENTS Analysis... 4 What You Need to Know... 4 The Hype Cycle... 4 The Priority Matrix... 8 Off the Hype Cycle On the Rise Legal GRC Continuous Controls Monitoring Enterprise Fraud Management Social Media Compliance Enterprise Internet Reputation Management At the Peak Board of Directors Communications Systems Privacy Management Tools Redaction Tools Vendor Risk Management Sliding Into the Trough Master Data Management Content-Aware Data Loss Prevention Enterprise Matter Management Fraud Detection Forensic Tools E-Discovery Software Enterprise Digital Rights Management Encryption Enterprise GRC Platforms Enterprise Information Archiving Foreign/Global Trade Compliance Climbing the Slope Database Encryption Intellectual Property Rights and Royalties Management Software Content-Aware DLP for Risk Management and Compliance Consulting Services Entering the Plateau Records Management Appendixes Hype Cycle Phases, Benefit Ratings and Maturity Levels Recommended Reading LIST OF TABLES Table 1. Hype Cycle Phases Table 2. Benefit Ratings Table 3. Maturity Levels Publication Date: 26 July 2011/ID Number: G Page 2 of 60

3 LIST OF FIGURES Figure 1. Hype Cycle for Legal and Regulatory Information Governance, Figure 2. Priority Matrix for Legal and Regulatory Information Governance, Figure 3. Hype Cycle for Legal and Regulatory Information Governance, Publication Date: 26 July 2011/ID Number: G Page 3 of 60

4 ANALYSIS What You Need to Know Gartner defines "information governance" as the specification of decision rights, and an accountability framework to encourage desirable behavior in the valuation, creation, storage, use, archiving and deletion of information. It includes the processes, roles, standards, and metrics that ensure the effective and efficient use of information to enable an organization to achieve its goals. Information governance should be an element in planning an enterprise's information architecture. Legal and compliance challenges are most often the business drivers for beginning or enhancing information governance programs. Therefore, corporate compliance officers, general counsels and IT legal support managers have crucial roles in formulating policies, overseeing processes and enforcing standards around information governance. For these groups and roles, which are mostly concerned with mitigating and managing information risk, information governance will be important for meeting regulatory obligations and for building litigation management capacity. Legal and compliance departments must work with IT and line-of-business executives to determine the scope of the information risks they face, and weigh it against the cost of the programs they will need to implement to "do" information governance properly. IT has a role in facilitating and implementing those departments' decisions. In addition, many different information technologies and methodologies can complement strategies to improve information governance. Each group must take a series of steps to improve information governance to decrease risk and better respond to regulatory and legal requests: IT creates a good working inventory of electronically stored information (ESI), including active and archived databases, , document and other content repositories, Web content, social media content, and ESI that is maintained, stored or archived by third parties. The compliance organization reviews the inventory and assigns retention requirements, while legal assesses the relative risks of the ESI in the inventory. Business users review the inventory and the legal assessment of risk, and overlay a view of the business value of the information. Using the input of legal teams and business users, IT creates a plan that allows them to get control of the information in place, and matches it with possible software applications that will support information governance: master data management, records management, and file archiving, encryption, and document management. In parallel, if the organization faces a high number of ongoing requests for e-discovery, then legal and IT need to work together to specify requirements and purchase software. Legal, IT and business users create repeatable business processes for e-discovery and information governance. IT helps find software applications, if necessary, from the categories of management solutions including e-discovery; enterprise governance, risk and compliance (GRC) platforms; and emerging legal GRC applications that support workflow, reporting, policy management, collaboration and other requirements. The Hype Cycle Managing information risks is an inherent task of IT organizations. Typically, risks are considered in terms of threats to the information for example, vandals, people seeking to gain Publication Date: 26 July 2011/ID Number: G Page 4 of 60

5 unauthorized access to it, and denials of service from outside or inside threats. IT security technologies are employed to manage most of those risks. However, when faced with litigation and compliance risks, security technologies alone won't ensure the proper governance of the information and do not protect against all insider threats. Chief legal officers and corporate compliance officers are turning to IT legal support professionals to identify relevant technologies to manage litigation, compliance and reputation risks. With the recent financial crises, there's been more consideration given to information risks posed by the potential for litigation, regulations, and the abuse or misuse of information by employees, customers and partners. In a business environment characterized by uncertainty, regulatory compliance has grabbed the attention of senior executives and corporate boards. Among the plethora of legislation and regulation, several are related to information governance and are of particular interest to corporate executives, including: The U.S. Securities and Exchange Commission's requirements for brokerages to retain , social media and other electronic communications Amendments to the U.S. Federal Rules of Civil Procedure (FRCP), which specifically call out electronically stored information Security breach privacy laws in the U.S. and Germany that require any company to notify customers that their personal information has been compromised Anti-fraud, anti-bribery and anti-corruption laws in the U.S., the U.K., Germany and elsewhere The commercial adoption of social networking technologies, such as Facebook, and the rapid adoption of alternative IT supply models, such as software as a service (SaaS) and cloud services, increase the risk of reputation and regulatory risks arising from the misuse or negligent management of personal and corporate information. Notably, social media compliance and enterprise Internet reputation management have been added to the Hype Cycle to address these issues. Risks increase even further when there is a failure to produce that information at the request of law enforcement agencies, regulators or requesting parties in a lawsuit. The cost of legal discovery actions can run into the millions of dollars, and the improper or unauthorized use of intellectual property can put entire business models at risk for example, the transformation of the music recording industry that's resulted from file sharing. The ongoing overhaul of the financial system's regulatory structure is leading to more-direct oversight, as well as a need to respond rapidly to regulators' information demands. In addition, companies that do business internationally, no matter where they are headquartered, are subject to an increasing number of cross-border regulations and/or regulations that conflict with one another in different political domains. As these litigation, regulatory and IT services trends continue, the hype around information governance in the context of risk management will grow. Many people who are not close to legal and regulatory issues expected a regulatory Armageddon as a result of the financial crisis, which could have led to the rapid emergence of radically new technology solutions. Certainly, there has been an onslaught of new regulations, but the public policy life cycle is very predictable, and there are professionals who manage that life cycle so that it is taken into account within the normal business cycle. This current public policy life cycle of increasing transparency and accountability has been in place since at least 2002, with the passing of the Sarbanes-Oxley Act in response to corporate scandals, such as Enron. Furthermore, the 2006 FRCP changes for digital evidence and the regulatory proliferation as a result of the 2008 financial meltdown are realities for most businesses, and they are adding to the regulatory information governance burden on enterprises' business processes. Publication Date: 26 July 2011/ID Number: G Page 5 of 60

6 The need to manage the effect of rule proliferation on processes, and thereby limit their impact, is the reason for an emerging new cadre of risk management and compliance professionals. These new professionals are in addition to the traditional audit, legal, investigation and security professionals with whom they often work. The adoption of tools that may have been used previously by audit, legal, investigation and security personnel, and extending them to a new group often requires changes in the functionality and scalability of the tools. This market adaptation can result in shifts in the Hype Cycle for example, the slowdown in the progression in the maturity of forensic tools, or the short lags followed by sudden bursts in the adoption of emerging technologies, such as legal GRC, early case assessment and privacy management tools. These discontinuities are evidence of a market in flux, adjusting to an expanding and shifting group of end users, who, in turn, are adjusting to new rules and business realities. Publication Date: 26 July 2011/ID Number: G Page 6 of 60

7 Figure 1. Hype Cycle for Legal and Regulatory Information Governance, 2011 Source: Gartner (July 2011) Publication Date: 26 July 2011/ID Number: G Page 7 of 60

8 The Priority Matrix This Hype Cycle focuses on information technologies that provide for the management of information risks directly related to litigation and regulatory compliance. These technologies complement information governance policies and processes, and they focus on improving an organization's capability to manage the risks posed by: Difficulties in storing and finding regulated data or content The loss of customer information and other personally identifiable information The cost of discovery in a legal or regulatory context Intellectual property mismanagement or misuse Compliance with regulations and other external mandates Reputational and corporate social responsibility issues The IT organization should work closely with the legal department to manage these risks and ensure that audit trails clearly link their activity to legal guidance. Notably, many of the technologies with high and transformational benefits focus on the legal and compliance risks associated with anti-fraud, anti-bribery and anti-corruption. These include enterprise fraud management, fraud detection and enterprise Internet reputation management. While anti-fraud technology has often been associated with protecting digital revenue streams, there are new reasons for investment due to new anti-bribery rules in the U.K. and enhanced enforcement of the U.S. Foreign Corrupt Practices Act. Major bribery scandals cannot just result in fines and penalties, but can also sully an enterprises reputation. Publication Date: 26 July 2011/ID Number: G Page 8 of 60

9 Figure 2. Priority Matrix for Legal and Regulatory Information Governance, 2011 Source: Gartner (July 2011) Publication Date: 26 July 2011/ID Number: G Page 9 of 60

10 Sample Vendors: IBM; Informatica; Kalido; Oracle; Orchestra Networks; Riversand Technologies; SAP; Software AG; Teradata; Tibco Software Recommended Reading: "Mastering Master Data Management" "Market Trends: Master Data Management, Worldwide, 2011" "MDM in 2011: Who's Interested in MDM and Why?" "Key Issues for Master Data Management, 2011" "'Big Data' Is Only the Beginning of Extreme Information Management" Content-Aware Data Loss Prevention Analysis By: Eric Ouellet Definition: Content-aware data loss prevention (DLP) tools enable the dynamic application of policy based on the classification of content determined at the time of an operation. These tools are used to address the risk of inadvertent or accidental leaks, or exposure of sensitive enterprise information outside authorized channels using monitoring, filtering, blocking and remediation features. DLP technologies include hardware and software solutions that are deployed at the endpoint (desktop and servers), at the network boundary and within the enterprise for data discovery purposes. These technologies perform deep-content inspection using sophisticated detection techniques that extend beyond simple keyword matching (for example, advanced regular expressions, partial document matching, Bayesian analysis and machine learning). DLP products also maintain detailed logs that can be used to support investigations. Mobile devices have arrived and taken hold in the enterprise, resulting in many organizations struggling to establish appropriate terms of use especially as they relate to the interaction with sensitive data. None of the DLP vendors represented in this Hype Cycle entry offered integrated DLP solutions on the mobile device itself due, in part, to the variability of platform versions (Android) and closed system architecture (ios). Many are providing pseudosupport by leveraging forced VPN connections to the corporate network and doing DLP inspection of content data as it exits the internal enclave via DLP network appliances. Organizations are also beginning to leverage the cloud as a meaningful component of their data centers. DLP vendors are planning offerings to support these initiatives during the next 12 months. Position and Adoption Speed Justification: While DLP use is rising, it is not yet considered an expected practice; even after a failed regulatory audit or loss of personally identifiable information (PII). It is unlikely that an organization would be considered negligent for not having implemented DLP. However, Gartner predicts that DLP will become part of the standard of due care in the U.S. by year-end 2013, and by 2015 in the EU and in Asia/Pacific. By year-end 2011, content-aware DLP will be a common feature in endpoint protection suites, leading to downward price pressure on content-aware endpoints. This market continues to experience rapid and steady growth, with an estimated total gross revenue of $50 million in 2006, $120 million in 2007, $215 million in 2008, $300 million in 2009 and $400 million in Content-aware DLP deployments and overall sales have been only minimally affected by the current economic downturn. A key factor in the ongoing maturation of both the market for content-aware DLP technology offerings and the offerings themselves is the acquisition of small, venture-capital-backed startups by large security suite vendors. These large vendors are able to support complex development life cycles and have extensive sales, partner Publication Date: 26 July 2011/ID Number: G Page 27 of 60

11 and reseller networks that can deliver content-aware DLP offerings to more-varied client deployment environments. More vendors of non-dlp products for example, , intrusion detection, and identity and access management (IAM) technologies added or enhanced single-channel content awareness to their products during the past two years. The embedding of content awareness in more products will enable the broad, effective application of protection and governance policies across the entire enterprise IT ecosystem, and throughout all the phases of the data life cycle, becoming what Gartner refers to as "content-aware enterprises." Enterprise DLP vendors will support APIs that can manage common detection policies and response workflows by User Advice: Content-aware DLP technology is commonly perceived as being an effective way of preventing the theft of intellectual property and for prevention of accidental disclosure of regulated information. In practice, it has proved much more useful in helping identify and correct faulty business processes and accidental disclosures. Inadvertent data leakage actually represents the lion's share of the problem, so these automated controls are proving useful. However, motivated insiders will always find ways to steal data, and no technology will fully control this. As the technology matures, network-only mechanisms will evolve to a more comprehensive model that also addresses host protection. However, only the network components are mature enough for enterprise use today. Organizations should anticipate coverage beyond initial requirements, and should develop a phased, comprehensive strategy. Based on analysis of the Gartner client base, 40% of organizations start with the network (data in motion), 20% start with discovery (data at rest) and about 40% start with a content-aware endpoint. Through 2Q11, deployment trends show that organizations start deployments with either network or endpoint capabilities, then follow up with discovery. As the market continues to develop more content-aware mechanisms, the definition of DLP gets more complicated, vendor marketing messages become more convoluted and finding the right product gets that much harder. Products claiming to be in the DLP market have widely diverging definitions. Beware of vendor claims that present "the real" definition of DLP and the constant reassurance that, whatever you are looking for, it is what they have. It is critical at this stage of market development that organizations approach vendors with a set of independently developed, enterprise-specific requirements. Lastly, content-aware DLP is not a transparent security control like antivirus protection, firewalls and other security technologies. This means that end users will be impacted when deployed in any mode other than monitoring only. End users need to be trained on the proper way to interact with DLP systems and also educated on the proper handling of sensitive data. Business Impact: This technology is not foolproof, and it is relatively easy for a smart attacker to circumvent, but it effectively addresses the 80% of leakage that is due to accidents and ignorance. Organizations with realistic expectations are finding that this technology does, indeed, meet their expectations and significantly reduce nondeliberate outflows of sensitive data. Benefit Rating: Moderate Market Penetration: 5% to 20% of target audience Maturity: Early mainstream Sample Vendors: CA Technologies; Code Green Networks; Fidelis Security Systems; GTB Technologies; McAfee; Palisade Systems; RSA; Symantec; Trend Micro; Trustwave; Websense Recommended Reading: "Content-Aware DLP in Asia/Pacific" Publication Date: 26 July 2011/ID Number: G Page 28 of 60

12 sufficiently trained internal capability can perform the majority of forensic and e-discovery tasks at a lower cost, and can do it more quickly. Benefit Rating: Moderate Market Penetration: 5% to 20% of target audience Maturity: Mature mainstream Sample Vendors: AccessData Group; Guidance Software; Paraben; Technology Pathways Recommended Reading: "E-Discovery Software Market Shift Requires Magic Quadrant Analysis" "Magic Quadrant for E-Discovery Software" "Emerging Vendors in Malware Control, 2010" "Remote Forensic Software" "Network Forensics Market" "What Every IT Manager Should Know About Digital Forensics" E-Discovery Software Analysis By: Debra Logan Definition: Electronic discovery (e-discovery) software facilitates the identification, collection, preservation, processing, review, analysis and production of large amounts of electronically stored information (ESI) within an enterprise, to meet the mandates imposed by common-law requirements for discovery. These demands may be due to civil or criminal litigation, regulatory oversight or administrative proceedings. An independent group of consultants, legal scholars and vendors has created and put into the public domain an "E-Discovery Reference Model" ([EDRM] that maps traditional common-law discovery into a six-step, nine-process framework for technology. There are hundreds of vendors with products that fit within the EDRM framework; products that do everything from policy management and search and analysis to production and presentation. When Gartner focuses on the e-discovery software market, it is concentrating on the technology providers that work at the nexus where IT and legal staff meet: the preservation and collection of relevant ESI from the technologist's point of view; and the search, review and analysis of its content for the legal professional. Position and Adoption Speed Justification: E-discovery is being hyped by vendors, while enterprise adoption remains slow and steady picking up in late 2010 and early Adoption remains at 20% to 50% of enterprises, with most of them adopting only point products to cover a piece of the EDRM, rather than a "platform" solution to cover every aspect of e-discovery. There are companies that do have multiple products, and handle every aspect of e-discovery in-house with products from multiple vendors. The most common steps of the EDRM performed in-house are information management, identification, preservation, collection, processing and early case assessment. Interest in using information governance techniques and tools to control the amount of data that is kept by the enterprise is also growing. This year, the EDRM group changed the name of the first step of its process model from "information management" to "information governance." In the past year, U.S. courts have become clearer about expectations around discovery. Judges are emphasizing the need for cooperation between parties when it comes to discovery activities. Cooperation between litigants depends on knowing what data an enterprise is holding, where it is, what format it is in and how easily it can be accessed. E-discovery (therefore) involves IT, and internal cooperation between legal and IT is essential to cooperation Publication Date: 26 July 2011/ID Number: G Page 34 of 60

13 outside the walls of the corporation. Best practices are emerging, especially around the identification and preservation of ESI in enterprises which is the area of biggest risk for legal counsel and, therefore, companies. The market remains crowded with new vendors declaring themselves to be "in the market" on a regular basis. There are no integrated end-to-end solutions, and there may never be, because the market demand for this is uncertain. Many content archiving vendors have included e-discovery features in recent releases. Offsetting the software spend against the expenses incurred by outsourcing this work, many see straightforward cost savings in in-house capabilities. The market is also consolidating: many acquisitions have already taken place and there are many more to come. User Advice: The move to acquire e-discovery software is driven by efforts to reduce risk and drive cost efficiencies and savings. Savings come from paying less to outside e-discovery service providers and, ultimately, law firms. Information management software such as enterprise content archiving which frequently has e-discovery functionality can save money in storage and labor costs for IT. Legal and IT should always work together to specify a process that they will use when discovery becomes necessary. Suspending the routine deletion of data, putting data on litigation hold in a targeted way and seeking tools to make the process defensible and auditable, are the main points that need to be specified in the working process between legal and IT. Evaluate products that can aid in the identification, preservation and collection of potential evidence. Another important area of functionality is the ability of these tools to create, communicate, enforce and document compliance with litigation hold orders. Other areas of increasing interest are early case assessment and early stage processing, to avoid sending large amounts of redundant data to either outside processing providers or, worse (in terms of expense), to outside legal counsel. Because of the volatility of the market, organizations using or acquiring e-discovery tools should take market volatility into account in assessing potential offerings and in calculating ROI. Business Impact: Major enterprises undergo dozens, or even hundreds, of investigations per year, which can result in high costs to specialized litigation support companies and outside law firms. Software that supports the ability to conduct and manage discovery activities in-house not only saves money, but also enables enterprises to have higher levels of control over investigations. As awareness and knowledge of the issues spreads in the legal community, corporate lawyers are in need of advice from IT specialists. The most important considerations are specifying a defensible, repeatable business process (like any other business process) and making sure that the parties involved are well trained in what they must do, understand the legal ramifications of the task, and are equipped with the right tools for carrying it out. The market is maturing, with point products that handle part of the process being the norm. In 2010 and 2011 we have seen increasing consolidation, with vendors who specialize in enterprise information management acquiring more specialist companies in e-discovery, and specialist e- discovery firms merging or making acquisitions of other specialists. Gartner tracks the e- discovery market in a Magic Quadrant which, in 2011, contains evaluations of 24 vendors ("Magic Quadrant for E-Discovery Software"). The tools for e-discovery have emerged from several adjacent and related areas, such as forensic investigations, records and document management, archiving, content analytics, and search and information access. There is also a large, stand-alone review and analytics market focused on providing review and analysis tools for legal personnel. The software-as-aservice model is particularly attractive here. The enterprise market continues to consolidate Publication Date: 26 July 2011/ID Number: G Page 35 of 60

14 around a set of tools to handle information management or information governance functions, identification, collection, preservation and processing. Aspects of the problem remain difficult, particularly those relating to information access and finding relevant data in the mass of content that most enterprises have. An emerging trend in the document review space is "predictive coding;" that is, taking sample documents that have been analyzed by human reviewers and using these to identify similar documents in a corpus that would have the same "code." In legal terms, these codes refer to whether or not a document relates to the case at all (relevant or not), or whether it is something that is "privileged" and should only be seen by the party and their attorneys. Using predictive coding can cut down on the amount of human review that is necessary in any given case and, therefore, cut down on the costs, because attorney review is the most expensive part of the legal process. More automation is being applied to all aspects of the litigation process, which most believe to be necessary given the volume of information generated by modern businesses. Benefit Rating: High Market Penetration: 20% to 50% of target audience Maturity: Early mainstream Sample Vendors: AccessData Group; Autonomy; CaseCentral; Catalyst Repository Systems; Clearwell; CommVault; Daegis; EMC; Epiq Systems; Exterro; FTI Technology; Gallivan Gallivan & O'Melia; Guidance Software; IBM; IE Discovery; Integreon; Ipro Tech; kcura; Kroll Ontrack; LexisNexis; Merrill Corporation; Nuix; Orange Legal Technologies; Recommind; StoredIQ; Symantec; Xerox Litigation Services; ZL Technologies; ZyLAB Recommended Reading: "Magic Quadrant for E-Discovery Software" "E-Discovery Market, 2011: Drivers, Inhibitors and Influencers" Enterprise Digital Rights Management Analysis By: Eric Ouellet; Ray Wagner Definition: "Digital rights management" (DRM) is the term used for applying access and usage controls on media assets (MP3 audio files, videos and so on). Enterprise digital rights management (EDRM) is a set of distinct technologies that is used to apply mandatory access and usage controls on enterprise applications, such as messaging ( ), documents (word processing, spreadsheets and PDFs) and intellectual property (computer-aided design/computer-aided manufacturing files, design files and plans) by combining cryptography with identity services and access control policies to restrict distribution and how data can be used (cut, pasted, printed, viewed, edited and forwarded). Some solution providers also call their EDRM offering enterprise rights management (ERM) or information rights management (IRM). Typical access control policies applied to data might include "company confidential" to limit outside distribution, "individual access only" for personal health information or "legal department employees only." Policies are applied directly to the protected data as part of the data file and enforced by the EDRM client software working with the parent/workflow application. Position and Adoption Speed Justification: EDRM solutions have been available in one form or another for more than a decade. Although the technology is elegant and the value of EDRM is sound, there has been little progress in the EDRM market in the past five years. Although we are seeing a steady increase in EDRM interest, we are not seeing a matching increase in actual deployments because of lack of industry standardization and overall solution complexity. Early adopters, which are sensitive to intellectual property loss and data privacy especially among Publication Date: 26 July 2011/ID Number: G Page 36 of 60

15 is to enable a common set of compliance controls testing and risk assessments to support multiple reporting requirements. Although it is not possible to get to that perfect ideal, many organizations have reduced their compliance costs by 30% or more through reduction in complexity and redundancy. For enterprise risk management initiatives, improved business performance is a stretch goal for many organizations. Benefit Rating: Moderate Market Penetration: 20% to 50% of target audience Maturity: Early mainstream Sample Vendors: Achiever (Sword Group); AlignAlytics; Archer (EMC-RSA); BWise; Compliance 360; Cura Technologies; DoubleCheck; Enablon; List Group; LogicManager; Mega; Methodware; MetricStream; Mitratech; Modulo; OpenPages (IBM); Oracle; Protiviti; SAP; SAS; Software AG; Strategic Thought; Thomson Reuters; Xactium Recommended Reading: "A Comparison Model for the GRC Marketplace, 2011 to 2013" "Magic Quadrant for Enterprise Governance, Risk and Compliance Platforms" "Critical Capabilities of Enterprise GRC Platform Vendors" Enterprise Information Archiving Analysis By: Sheila Childs Definition: Leading enterprise information archiving solutions provide tools for capturing all or selected data in a distributed or centralized repository for efficient storage and access. Enterprise information archiving supports multiple data types (including , file system and other content, such as Microsoft SharePoint) and is replacing application-specific archiving solutions. These tools prune data from active data stores based on policy, and provide access to the archived data via a stub or pointer, or via browser-based access to the archive. Retention management features also provide for policy-based deletion as data ages. Archiving is designed to keep the active data stores as small as possible, improve application performance and reduce recovery times. remains the predominant content type archived as part of an enterprise information archiving implementation; in this case, the need for users to maintain personal stores is eliminated, and established stores can be migrated to the archive. Features such as litigation hold, content retention management, search and data export are used to meet discovery and compliance requirements. Archiving has become an important part of e-discovery, providing functionality identified as part of the information management category of the Electronic Discovery Reference Model (EDRM). Enterprise information archiving products also provide a way to export data for use with specialpurpose or more feature-rich e-discovery tools. Tools for sampling and reviewing messages ( , instant messages and, in some, cases social media content) are available with many enterprise information archiving products, in response to requirements specific to the regulated portion of the financial industry. To meet the requirements of mobile workers, it is becoming important to provide users with the option to have a copy of their archived data on their local disks, and to provide access to archived data via mobile devices. Position and Adoption Speed Justification: The number of vendors offering enterprise information archiving solutions continues to increase, with most offering functionality and deployment models appropriate for the markets they target. Market growth remains healthy, particularly as the utilization of archiving as contributing technology for compliance and e- discovery gains favor with organizations implementing information governance programs. The Publication Date: 26 July 2011/ID Number: G Page 43 of 60

16 market has seen a number of changes in the past year. In particular, archiving software as a service (SaaS) offerings have gained significant traction as alternatives to on-premises deployments (and are now growing at a faster pace). Support for capture and supervision of social media (Twitter, Facebook and LinkedIn, for example) has become a requirement in the regulated financial services industry (and interesting to other industries), and file system archiving as a component of EIA is evolving with an even stronger focus on storage management as unstructured data grows in volume. Some companies are looking to replace their current archiving products with others (in particular as cloud solutions gain traction), and a few consulting companies are offering migration services. Companies with large volumes of data and long retention periods overtax the system so that it might not be scalable or reliable, requiring improved index methods and, in some cases, major architectural changes. The appetite for -only archiving solutions remains, but most organizations are looking to vendors with existing solutions or a road map for enterprise information archiving products. User Advice: As requirements to store, search and discover old data grows, and in the face of increased demand for large mailbox support as users struggle to keep up with increased numbers of messages and larger messages in their systems, companies should implement an enterprise information archiving solution now, starting with as the first content type to be managed. Consolidating archived data into regional repositories, a centralized repository or the cloud can support a quick response to discovery requests, and will facilitate a quick implementation of the organizational retention policies, providing the necessary specification of those policies has taken place. Migrating personal stores to the archive should be part of the deployment of an archive system. Business Impact: Enterprise information archiving improves application performance, delivers improved service to users and enables a timely response to legal discovery and business requests for historical information. Archived data can be stored on less-expensive storage, with the opportunity to take some data offline or delete it. Moving old data to an archive also reduces backup and recovery times. Benefit Rating: High Market Penetration: 20% to 50% of target audience Maturity: Early mainstream Sample Vendors: Atempo; Autonomy; Bloomberg; C2C; CommVault; Computer Generated Solutions; EMC; HP; IBM; Iron Mountain; Kroll Ontrack; LiveOffice; MessageSolution; Metalogix Software; Microsoft; Mimecast; Mirapoint; OpenText; Sherpa Software; Symantec; Unify; Waterford Technologies; ZL Technologies Recommended Reading: "Enterprise Information Archiving Transforms the Strategy and Approach for Archiving" "Case Study: Standard Bank Dramatically Improves Storage Utilization and Compliance Through Enterprise Information Archiving" "Vendors Expand Enterprise Information Archiving With Support for Files: How to Select the Right Solution" "Magic Quadrant for Enterprise Information Archiving" Publication Date: 26 July 2011/ID Number: G Page 44 of 60

E-DISCOVERY AND E-DISCLOSURE 5 IMPLICATIONS

E-DISCOVERY AND E-DISCLOSURE 5 IMPLICATIONS Analyzing the Business of Enterprise IT Innovation E-DISCOVERY AND E-DISCLOSURE Bringing It All Back Home Almost four years after all electronic information became legally discoverable in US courts, organizations

More information

Best Practices for Storage Administrators: Staying Relevant in an Information-Centric Data Center

Best Practices for Storage Administrators: Staying Relevant in an Information-Centric Data Center G00248888 Best Practices for Storage Administrators: Staying Relevant in an Information-Centric Data Center Published: 13 March 2013 Analyst(s): Sheila Childs, Alan Dayley Success in an information-centric

More information

CA Technologies Data Protection

CA Technologies Data Protection CA Technologies Data Protection can you protect and control information? Johan Van Hove Senior Solutions Strategist Security Johan.VanHove@CA.com CA Technologies Content-Aware IAM strategy CA Technologies

More information

CA Message Manager. Benefits. Overview. CA Advantage

CA Message Manager. Benefits. Overview. CA Advantage PRODUCT BRIEF: CA MESSAGE MANAGER CA Message Manager THE PROACTIVE MANAGEMENT OF EMAIL AND INSTANT MESSAGES IS INTEGRAL TO THE OVERALL STRATEGY OF INFORMATION GOVERNANCE. THERE ARE MANY COMPLEX CHALLENGES

More information

Lowering E-Discovery Costs Through Enterprise Records and Retention Management. An Oracle White Paper March 2007

Lowering E-Discovery Costs Through Enterprise Records and Retention Management. An Oracle White Paper March 2007 Lowering E-Discovery Costs Through Enterprise Records and Retention Management An Oracle White Paper March 2007 Lowering E-Discovery Costs Through Enterprise Records and Retention Management Exponential

More information

Symantec Enterprise Vault and Symantec Enterprise Vault.cloud

Symantec Enterprise Vault and Symantec Enterprise Vault.cloud Symantec Enterprise Vault and Symantec Enterprise Vault.cloud Better store, manage, and discover business-critical information Solution Overview: Archiving Introduction The data explosion that has burdened

More information

Symantec to Acquire Clearwell Systems, Inc. May 19, 2011

Symantec to Acquire Clearwell Systems, Inc. May 19, 2011 Symantec to Acquire Clearwell Systems, Inc. May 19, 2011 1 Forward-Looking Statements This presentation contains forward-looking statements within the meaning of U.S. federal securities laws, including

More information

Data Sheet: Archiving Symantec Enterprise Vault Store, Manage, and Discover Critical Business Information

Data Sheet: Archiving Symantec Enterprise Vault Store, Manage, and Discover Critical Business Information Store, Manage, and Discover Critical Business Information Managing millions of mailboxes for thousands of customers worldwide, Enterprise Vault, the industry leader in email and content archiving, enables

More information

10 Steps to Establishing an Effective Email Retention Policy

10 Steps to Establishing an Effective Email Retention Policy WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION 10 Steps to Establishing an Effective Email Retention Policy JANUARY 2009 Eric Lundgren INFORMATION GOVERNANCE Table of Contents Executive Summary SECTION

More information

10 Building Blocks for Securing File Data

10 Building Blocks for Securing File Data hite Paper 10 Building Blocks for Securing File Data Introduction Securing file data has never been more important or more challenging for organizations. Files dominate the data center, with analyst firm

More information

Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com

Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com WHITE PAPER The IT Manager's Role in Proactive Information Retention and Disposition Management: Balancing ediscovery and Compliance Obligations with IT Operational and Budget Constraints Sponsored by:

More information

68% Meet compliance needs with Microsoft Exchange. of companies send sensitive data via email.

68% Meet compliance needs with Microsoft Exchange. of companies send sensitive data via email. Meet compliance needs with Microsoft Exchange As the volume and importance of digital information grows, regulatory compliance schemas are broadening to encompass an ever-larger share of data that companies

More information

Privilege Gone Wild: The State of Privileged Account Management in 2015

Privilege Gone Wild: The State of Privileged Account Management in 2015 Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...

More information

Rethinking IT and IT Security Strategies in an Era of Advanced Attacks, Cloud and Consumerization

Rethinking IT and IT Security Strategies in an Era of Advanced Attacks, Cloud and Consumerization Rethinking IT and IT Security Strategies in an Era of Advanced Attacks, Cloud and Consumerization Neil MacDonald VP and Gartner Fellow Gartner Information Security, Privacy and Risk Research Twitter @nmacdona

More information

IBM Information Archive for Email, Files and ediscovery

IBM Information Archive for Email, Files and ediscovery IBM Information Archive for Email, Files and ediscovery Simplify and accelerate the implementation of an end-to-end archiving and ediscovery solution Highlights Take control of your content with an integrated,

More information

IBM Unstructured Data Identification & Management An on ramp to reducing information costs and risk

IBM Unstructured Data Identification & Management An on ramp to reducing information costs and risk Amir Jaibaji - Product Management Program Director IBM Information Lifecycle Governance IBM Unstructured Data Identification & Management An on ramp to reducing information costs and risk Enterprise big

More information

Strategies and Best Practices to Implement a Successful Data Loss Prevention Program Sebastian Brenner, CISSP

Strategies and Best Practices to Implement a Successful Data Loss Prevention Program Sebastian Brenner, CISSP Strategies and Best Practices to Implement a Successful Data Loss Prevention Program Sebastian Brenner, CISSP Principal Systems Engineer Symantec LAMC Agenda 1 What DLP is and its purpose 2 Challenges

More information

Only 1% of that data has preservation requirements Only 5% has regulatory requirements Only 34% is active and useful

Only 1% of that data has preservation requirements Only 5% has regulatory requirements Only 34% is active and useful Page 1 LMG GROUP vs. THE BIG DATA TIDAL WAVE Recognizing that corporations, law firms and government entities are faced with tough questions in today s business climate, LMG Group LLC ( LMG Group ) has

More information

Enterprise Data Protection

Enterprise Data Protection PGP White Paper June 2007 Enterprise Data Protection Version 1.0 PGP White Paper Enterprise Data Protection 2 Table of Contents EXECUTIVE SUMMARY...3 PROTECTING DATA EVERYWHERE IT GOES...4 THE EVOLUTION

More information

Guide to Information Governance: A Holistic Approach

Guide to Information Governance: A Holistic Approach E-PAPER DECEMBER 2014 Guide to Information Governance: A Holistic Approach A comprehensive strategy allows agencies to create more reliable processes for ediscovery, increase stakeholder collaboration,

More information

Corporate Presentation 2016

Corporate Presentation 2016 Corporate Presentation 2016 2 AGENDA About SPAMINA Cool Vendor 2016 The Security Challenge 3 Concerns over data protection and confidentiality Why Spamina? SPAMINA Platform 4 Parla Secure Cloud Email ParlaMI

More information

Information governance is old news at Nuix

Information governance is old news at Nuix Information governance is old news at Nuix Analyst: David Horrigan 18 Jul, 2014 Sydney-based software developer Nuix was one of the early tech proponents of information governance (IG), after being known

More information

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution Automating policy enforcement to prevent endpoint data loss IBM Data Security Services for endpoint data protection endpoint data loss prevention solution Highlights Protecting your business value from

More information

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security

More information

DOCSVAULT WhitePaper. Concise Guide to E-discovery. Contents

DOCSVAULT WhitePaper. Concise Guide to E-discovery. Contents WhitePaper Concise Guide to E-discovery Contents i. Overview ii. Importance of e-discovery iii. How to prepare for e-discovery? iv. Key processes & issues v. The next step vi. Conclusion Overview E-discovery

More information

ZL UNIFIED ARCHIVE A Project Manager s Guide to E-Discovery. ZL TECHNOLOGIES White Paper

ZL UNIFIED ARCHIVE A Project Manager s Guide to E-Discovery. ZL TECHNOLOGIES White Paper ZL UNIFIED ARCHIVE A Project Manager s Guide to E-Discovery ZL TECHNOLOGIES White Paper PAGE 1 A project manager s guide to e-discovery In civil litigation, the parties in a dispute are required to provide

More information

Chief Security Strategist Symantec Public Sector

Chief Security Strategist Symantec Public Sector Chief Security Strategist Symantec Public Sector Advanced Persistent Threat Further things to understand about the APT Compromised Game Networks Lulzec Anonymous/YamaTough WikiLeaks 101 Global Intelligence

More information

Top 5 reasons to choose HP Information Archiving

Top 5 reasons to choose HP Information Archiving Technical white paper Top 5 reasons to choose HP Information Archiving Proven, market-leading archiving solutions The value of intelligent archiving The requirements around managing information are becoming

More information

E-discovery Project Decision Guide

E-discovery Project Decision Guide E-discovery Project Decision Guide Policy, Process & Software FORMING POLICIES AND IMPLEMENTING SUCCESSFULLY A MANAGEMENT DECISION GUIDE THIS REPORT IS A CRITICAL GUIDE FOR RECORDS MANAGERS, IT MANAGERS,

More information

Miguel Ortiz, Sr. Systems Engineer. Globanet

Miguel Ortiz, Sr. Systems Engineer. Globanet Miguel Ortiz, Sr. Systems Engineer Globanet Agenda Who is Globanet? Archiving Processes and Standards How Does Data Archiving Help Data Management? Data Archiving to Meet Downstream ediscovery Needs Timely

More information

www.pwc.co.uk Cyber security Building confidence in your digital future

www.pwc.co.uk Cyber security Building confidence in your digital future www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in

More information

W H I T E P A P E R E X E C U T I V E S U M M AR Y S I T U AT I O N O V E R V I E W. Sponsored by: EMC Corporation. Laura DuBois May 2010

W H I T E P A P E R E X E C U T I V E S U M M AR Y S I T U AT I O N O V E R V I E W. Sponsored by: EMC Corporation. Laura DuBois May 2010 W H I T E P A P E R E n a b l i n g S h a r e P o i n t O p e r a t i o n a l E f f i c i e n c y a n d I n f o r m a t i o n G o v e r n a n c e w i t h E M C S o u r c e O n e Sponsored by: EMC Corporation

More information

Investigating the prevalence of unsecured financial, health and personally identifiable information in corporate data

Investigating the prevalence of unsecured financial, health and personally identifiable information in corporate data Nuix And EDRM Case Study: Removing PII from Nuix the and EDRM EDRM Enron Case Data Study Set Removing PII from the EDRM Enron Data Set Investigating the prevalence of unsecured financial, health and personally

More information

Privilege Gone Wild: The State of Privileged Account Management in 2015

Privilege Gone Wild: The State of Privileged Account Management in 2015 Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...

More information

EMAIL MANAGEMENT SOLUTIONS SAFEGUARD BUSINESS CONTINUITY AND PRODUCTIVITY WITH MIMECAST

EMAIL MANAGEMENT SOLUTIONS SAFEGUARD BUSINESS CONTINUITY AND PRODUCTIVITY WITH MIMECAST EMAIL MANAGEMENT SOLUTIONS SAFEGUARD BUSINESS CONTINUITY AND PRODUCTIVITY WITH MIMECAST Enabling user efficiency with a cloud-based email platform With productivity, revenues and reputation at stake, an

More information

Keeping watch over your best business interests.

Keeping watch over your best business interests. Keeping watch over your best business interests. 0101010 1010101 0101010 1010101 IT Security Services Regulatory Compliance Services IT Audit Services Forensic Services Risk Management Services Attestation

More information

Nuix bolsters its e-discovery team and continues its push to information governance

Nuix bolsters its e-discovery team and continues its push to information governance Nuix bolsters its e-discovery team and continues its push to information governance Analyst: David Horrigan 5 Sep, 2013 Over the past 12-18 months, many e-discovery vendors and thought leaders have jumped

More information

Using EMC SourceOne Email Management in IBM Lotus Notes/Domino Environments

Using EMC SourceOne Email Management in IBM Lotus Notes/Domino Environments Using EMC SourceOne Email Management in IBM Lotus Notes/Domino Environments Technology Concepts and Business Considerations Abstract EMC SourceOne Email Management enables customers to mitigate risk, reduce

More information

Business white paper Top 10 reasons to choose Cloud-based Archiving

Business white paper Top 10 reasons to choose Cloud-based Archiving Business white paper Top 10 reasons to choose Cloud-based Archiving Table of contents 3 Reason 1: Equal or better security 4 Reason 2: Lower risk 4 Reason 3: Cost savings 5 Reason 4: Greater data access

More information

The Impact of HIPAA and HITECH

The Impact of HIPAA and HITECH The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients

More information

Symantec Enterprise Vault for Microsoft Exchange

Symantec Enterprise Vault for Microsoft Exchange Symantec Enterprise Vault for Microsoft Exchange Store, manage, and discover critical business information Data Sheet: Archiving Trusted and proven email archiving Symantec Enterprise Vault, the industry

More information

RSA Solution Brief RSA. Data Loss. Uncover your risk, establish control. RSA. Key Manager. RSA Solution Brief

RSA Solution Brief RSA. Data Loss. Uncover your risk, establish control. RSA. Key Manager. RSA Solution Brief RSA Solution Brief RSA Managing Data Loss the Lifecycle of Prevention Encryption Suite Keys with Uncover your risk, establish control. RSA Key Manager RSA Solution Brief 1 Executive Summary RSA Data Loss

More information

Managing Storage and Compliance Costs through E-mail Archiving and ediscovery

Managing Storage and Compliance Costs through E-mail Archiving and ediscovery Managing Storage and Compliance Costs through E-mail Archiving and ediscovery Gregory P. Kosinski Director, Product Marketing EMC Heidi Maher, Esq. Compliance and ediscovery Advisor EMC Copyright 2009

More information

A Practical Approach to Information Management

A Practical Approach to Information Management A Practical Approach to Information Management Solution Brief: Information Management Contents Information management isn t just a priority, it s mandatory.................................................

More information

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution Automating policy enforcement to prevent endpoint data loss IBM Data Security Services for endpoint data protection endpoint data loss prevention solution Highlights Facilitate policy-based expertise and

More information

SAME PRINCIPLES APPLY, BUT NEW MANDATES FOR CHANGE

SAME PRINCIPLES APPLY, BUT NEW MANDATES FOR CHANGE Information is an organization s most important strategic asset the lifeblood of the organization s knowledge, processes, transactions, and decisions. With information continuing to grow exponentially,

More information

Archiving with Enterprise Vault Bruno Ritter

Archiving with Enterprise Vault Bruno Ritter Archiving with Enterprise Vault Bruno Ritter Senior Presales Tech Specialist Symantec Enterprise Vault Flexible Policy-based Archiving Software Resource management Retention management Discovery management

More information

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking

More information

WHITE PAPER SPON. Email Archive Migration: Opportunities and Risks. Published February 2014. An Osterman Research White Paper.

WHITE PAPER SPON. Email Archive Migration: Opportunities and Risks. Published February 2014. An Osterman Research White Paper. WHITE PAPER N Email Archive Migration: An Osterman Research White Paper Published February 2014 sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058

More information

Protecting Regulated Information in Cloud Storage with DLP

Protecting Regulated Information in Cloud Storage with DLP Protecting Regulated Information in Cloud Storage with DLP Protection of Regulated Information in cloud storage can be provided by an appropriate Data Loss Prevention, DLP, solution. The steps involved

More information

email management solutions

email management solutions Safeguard business continuity and productivity with Mimecast email management solutions Computacenter and Mimecast in partnership Expert software solutions Computacenter and Mimecast help organisations

More information

Nuix continues rapid growth, expands e-discovery into information governance

Nuix continues rapid growth, expands e-discovery into information governance Nuix continues rapid growth, expands e-discovery into information governance Analyst: David Horrigan 8 Mar, 2012 Australian e-discovery vendor Nuix has embarked on a busy 2012, releasing three new components

More information

Detect, Prevent, and Deter Fraud in Big Data Environments

Detect, Prevent, and Deter Fraud in Big Data Environments SAP Brief SAP s for Governance, Risk, and Compliance SAP Fraud Management Objectives Detect, Prevent, and Deter Fraud in Big Data Environments Detect and prevent fraud to reduce financial loss Detect and

More information

Research. Magic Quadrant for E-Discovery Software

Research. Magic Quadrant for E-Discovery Software Research Publication Date: 13 May 2011 ID Number: G00212221 Magic Quadrant for E-Discovery Software Debra Logan, John Bace The market for electronic discovery software is volatile and overcrowded, with

More information

Email archiving, compliance, and ediscovery solution designed specifically for U.S. financial services companies.

Email archiving, compliance, and ediscovery solution designed specifically for U.S. financial services companies. Email archiving, compliance, and ediscovery solution designed specifically for U.S. financial services companies. Data Sheet: Symantec.cloud Email Compliance Redefined Our new and improved version of redefines

More information

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention symantec.com One of the interesting things we ve found is that a lot of the activity you d expect to be malicious

More information

ediscovery Solutions

ediscovery Solutions The Radicati Group, Inc. www.radicati.com ediscovery Solutions A Radicati Group, Inc. Webconference The Radicati Group, Inc. Copyright November 2010, Reproduction Prohibited 9:30 am, PT November 4, 2010

More information

CLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM

CLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM CLOUD STORAGE SECURITY INTRODUCTION Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members may use this material

More information

Organizations Must Employ Effective Data Security Strategies

Organizations Must Employ Effective Data Security Strategies Research Publication Date: 30 August 2005 ID Number: G00123639 Organizations Must Employ Effective Data Security Strategies Rich Mogull Organizations can best protect data through a hierarchical data security

More information

Top 5 reasons to choose HP Information Archiving

Top 5 reasons to choose HP Information Archiving Technical white paper Top 5 reasons to choose HP Information Archiving Intelligent, scalable, and proven archiving solutions Table of Contents The value of intelligent archiving... 2 Top 5 reasons to choose

More information

Security in Fax: Minimizing Breaches and Compliance Risks

Security in Fax: Minimizing Breaches and Compliance Risks Security in Fax: Minimizing Breaches and Compliance Risks Maintaining regulatory compliance is a major business issue facing organizations around the world. The need to secure, track and store information

More information

Realize That Big Security Data Is Not Big Security Nor Big Intelligence

Realize That Big Security Data Is Not Big Security Nor Big Intelligence G00245789 Realize That Big Security Data Is Not Big Security Nor Big Intelligence Published: 19 April 2013 Analyst(s): Joseph Feiman Security intelligence's ultimate objective, enterprise protection, is

More information

Private Cloud Computing: An Essential Overview

Private Cloud Computing: An Essential Overview Research Publication Date: 23 November 2010 ID Number: G00209000 Private Cloud Computing: An Essential Overview Thomas J. Bittman Private cloud computing requires strong leadership and a strategic plan

More information

Dispelling the vapor around Cloud Security

Dispelling the vapor around Cloud Security Dispelling the vapor around Cloud Security The final barrier to adopting cloud computing is security of their data and applications in the cloud. The last barrier to cloud adoption This White Paper examines

More information

WHITEPAPER. Data Security for Office 365 Balancing control & usability

WHITEPAPER. Data Security for Office 365 Balancing control & usability WHITEPAPER Data Security for Office 365 Balancing control & usability Contents Executive Summary... 2 Top Security Issues for Office 365... 4 Compelled Disclosures... 4 Unauthorized Sharing... 4 External

More information

Integrated email archiving: streamlining compliance and discovery through content and business process management

Integrated email archiving: streamlining compliance and discovery through content and business process management Make better decisions, faster March 2008 Integrated email archiving: streamlining compliance and discovery through content and business process management 2 Table of Contents Executive summary.........

More information

Symantec Enterprise Vault for Microsoft Exchange Server

Symantec Enterprise Vault for Microsoft Exchange Server Symantec Enterprise Vault for Microsoft Exchange Server Store, manage, and discover critical business information Data Sheet: Archiving Trusted and proven email archiving performance and users can enjoy

More information

ELECTRONIC DISCOVERY & LITIGATION SUPPORT

ELECTRONIC DISCOVERY & LITIGATION SUPPORT ELECTRONIC DISCOVERY & LITIGATION SUPPORT A Primer by MessageSolution, Inc. The recent influx of federal and industry email regulations combined with the increased use of electronic discovery in court

More information

Viewpoint ediscovery Services

Viewpoint ediscovery Services Xerox Legal Services Viewpoint ediscovery Platform Technical Brief Viewpoint ediscovery Services Viewpoint by Xerox delivers a flexible approach to ediscovery designed to help you manage your litigation,

More information

BDO CONSULTING FORENSIC TECHNOLOGY SERVICES

BDO CONSULTING FORENSIC TECHNOLOGY SERVICES BDO CONSULTING FORENSIC TECHNOLOGY SERVICES MARCH 2013 AGENDA Introduction About BDO Consulting Computer Forensics & E-Discovery Practice Current Trends Case Studies Q&A Page 2 Michael Barba Managing Director,

More information

Establishing a Strategy for Database Security Is No Longer Optional

Establishing a Strategy for Database Security Is No Longer Optional Establishing a Strategy for Database Security Is No Longer Optional Published: 29 November 2011 G00226793 Analyst(s): Jeffrey Wheatman The options for securing increasingly valuable databases are very

More information

BEYOND THE HYPE: Understanding the Real Implications of the Amended Federal Rules of Civil Procedure. A Clearwell Systems White Paper

BEYOND THE HYPE: Understanding the Real Implications of the Amended Federal Rules of Civil Procedure. A Clearwell Systems White Paper BEYOND THE HYPE: UNDERSTANDING THE REAL IMPLICATIONS OF THE AMENDED FRCP PA G E : 1 BEYOND THE HYPE: Understanding the Real Implications of the Amended Federal Rules of Civil Procedure A Clearwell Systems

More information

Leveraging a Maturity Model to Achieve Proactive Compliance

Leveraging a Maturity Model to Achieve Proactive Compliance Leveraging a Maturity Model to Achieve Proactive Compliance White Paper: Proactive Compliance Leveraging a Maturity Model to Achieve Proactive Compliance Contents Introduction............................................................................................

More information

A Radicati Group Webconference

A Radicati Group Webconference The Radicati Group, Inc. www.radicati.com A Radicati Group Webconference The Radicati Group, Inc. Copyright September 2012, Reproduction Prohibited 9:30 am, PT September 27, 2012 The Radicati Group, Inc.

More information

Websense Data Security Suite and Cyber-Ark Inter-Business Vault. The Power of Integration

Websense Data Security Suite and Cyber-Ark Inter-Business Vault. The Power of Integration Websense Data Security Suite and Cyber-Ark Inter-Business Vault The Power of Integration Websense Data Security Suite Websense Data Security Suite is a leading solution to prevent information leaks; be

More information

Can CA Information Governance help us protect and manage our information throughout its life cycle and reduce our risk exposure?

Can CA Information Governance help us protect and manage our information throughout its life cycle and reduce our risk exposure? SOLUTION BRIEF: CA INFORMATION GOVERNANCE Can CA Information Governance help us protect and manage our information throughout its life cycle and reduce our risk exposure? CA Information Governance delivers

More information

Business-Driven, Compliant Identity Management

Business-Driven, Compliant Identity Management SAP Solution in Detail SAP NetWeaver SAP Identity Management Business-Driven, Compliant Identity Management Table of Contents 3 Quick Facts 4 Business Challenges: Managing Costs, Process Change, and Compliance

More information

INCIDENT RESPONSE CHECKLIST

INCIDENT RESPONSE CHECKLIST INCIDENT RESPONSE CHECKLIST The purpose of this checklist is to provide clients of Kivu Consulting, Inc. with guidance in the initial stages of an actual or possible data breach. Clients are encouraged

More information

Why You Should Consider Cloud- Based Email Archiving. A whitepaper by The Radicati Group, Inc.

Why You Should Consider Cloud- Based Email Archiving. A whitepaper by The Radicati Group, Inc. . The Radicati Group, Inc. 1900 Embarcadero Road, Suite 206 Palo Alto, CA 94303 Phone 650-322-8059 Fax 650-322-8061 http://www.radicati.com THE RADICATI GROUP, INC. Why You Should Consider Cloud- Based

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

Data Sheet: Archiving Symantec Enterprise Vault Discovery Accelerator Accelerate e-discovery and simplify review

Data Sheet: Archiving Symantec Enterprise Vault Discovery Accelerator Accelerate e-discovery and simplify review Accelerate e-discovery and simplify review Overview provides IT/Legal liaisons, investigators, lawyers, paralegals and HR professionals the ability to search, preserve and review information across the

More information

Partner / E-Discovery Team Chair. Craig Roy Director of IT & E-Litigation Services

Partner / E-Discovery Team Chair. Craig Roy Director of IT & E-Litigation Services E-Discovery Business Readiness Drew Sorrell, Esq. Partner / E-Discovery Team Chair Craig Roy Director of IT & E-Litigation Services What is Business Readiness in terms of E-Discovery? Risk Adjusted Management

More information

Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for?

Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for? Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for? Authored by Neeraj Sahni and Tim Stapleton Neeraj Sahni is Director, Insurance Channel at Kroll Cyber Investigations

More information

An ICT ConsultingCompany

An ICT ConsultingCompany An ICT ConsultingCompany About Us Innovation Experience Market leader technologies Solutions that ensure the best performance through efficiency An ICT Consulting Company 2 Our Mission Improvement of business

More information

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES The implications for privacy and security in the emergence of HIEs The emergence of health information exchanges (HIE) is widely

More information

WHITE PAPER. Deficiencies in Traditional Information Management

WHITE PAPER. Deficiencies in Traditional Information Management WHITE PAPER Deficiencies in Traditional Information Management Table of Contents 3 Abstract 3 Information Management Defined 7 Problems with Traditional Approaches 8 Conclusion Table of Figures 5 Figure

More information

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Securely Yours LLC IT Hot Topics Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps [Image Info]

More information

Financial discovery and beyond using BMMsoft EDMT Solution

Financial discovery and beyond using BMMsoft EDMT Solution Financial discovery and beyond using BMMsoft EDMT Solution USE CASE STUDY The industry is a litigation-intensive sector, so the timely iden ation of relevant business records is an imperative. This is

More information

Setting BYOD Policy: A New Partnership for IT and HR

Setting BYOD Policy: A New Partnership for IT and HR Introduction As the line between office and home life continues to blur, employees increasingly rely on their own smartphones, tablets, and laptop computers for work-related tasks. Today, more than 70

More information

Data Loss Prevention Program

Data Loss Prevention Program Data Loss Prevention Program Safeguarding Intellectual Property Author: Powell Hamilton Senior Managing Consultant Foundstone Professional Services One of the major challenges for today s IT security professional

More information

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to

More information

Information Governance Challenges and Solutions

Information Governance Challenges and Solutions Challenges and Solutions In this modern information age, organizations struggle with two things: the problem of too much electronic data and how to govern the data. Each year, the speed of information

More information

Intelligent Information Management: Archive & ediscovery

Intelligent Information Management: Archive & ediscovery Intelligent Information Management: Archive & ediscovery Byron Chang Senior Systems Engineer / Symantec Hong Kong Agenda 1 Today s Information Management Challenges 2 Why Information Management? 3 The

More information

Workshop: How an IAM RFP Can Help You Choose the Best Solution for Your Business

Workshop: How an IAM RFP Can Help You Choose the Best Solution for Your Business Workshop: How an IAM RFP Can Help You Choose the Best Solution for Your Business Earl Perkins Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced

More information

capabilities statement

capabilities statement capabilities statement GSA Schedule 70 Contract Holder: Contract #: GS-35F-0649Y Duns#: 824940121 Cage Code#: 6B5K3 SIN Codes: 132-34 Maintenance of Software 132-51 Information Technology Professional

More information

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing Driving Productivity Without Compromising Protection Brian Duckering Mobile Trend Marketing Mobile Device Explosion Paves Way for BYOD 39% 69% 340% 2,170% 2010 177M corp PCs 2015 246M corp PCs 2010 173

More information

White Paper. Why Should You Archive Your Email With a Hosted Service?

White Paper. Why Should You Archive Your Email With a Hosted Service? White Paper Why Should You Archive Your Email With a Hosted Service? An Osterman Research White Paper Published January 2008 Executive Summary Email is the primary communication system and file transport

More information

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical

More information

Email archives: no longer fit for purpose?

Email archives: no longer fit for purpose? RESEARCH PAPER Email archives: no longer fit for purpose? Most organisations are using email archiving systems designed in the 1990s: inflexible, non-compliant and expensive May 2013 Sponsored by Contents

More information