1 AMERICAN PUBLIC UNIVERSITY SYSTEM Charles Town, West Virginia CLOUD COMPUTING AND THE IMPLICATIONS FOR E-DISCOVERY A thesis submitted in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE in INFORMATION TECHNOLOGY - DIGITAL FORENSICS by Ann Hearn Ziluck Department Approval Date: January 30, 2012 The author hereby grants the American Public University System the right to display these contents for educational purposes. The author assumes total responsibility for meeting the requirements set by United States Copyright Law for the inclusion of any materials that are not the author s creation or in the public domain.
2 ii COPYRIGHT PAGE Copyright 2012 by Ann Hearn Ziluck All rights reserved.
3 iii DECLARATION I hereby declare that the work has been done by myself and no portion of the work contained in this Thesis has been submitted in support of any application for any other degree or qualification on this or any other university or institution of learning. Ann Hearn Ziluck
4 iv ACKNOWLEDGEMENTS I wish to thank my APUS graduate professors Dr. Karen Paullet, Dr. Diane Barrett, and Professor Robert Marlett who have encouraged me to strive for excellence and to reach for my academic goals. If not for their constant communications and support throughout my undergraduate degree, and the exciting discussions about network security, digital forensics and project management, I would not have immediately pursued a graduate degree. These dynamic professors continually 'threw down the academic gauntlet' forcing me to respond to their challenges. It seemed impossible to end the lively dialog with these three individuals after an undergraduate degree. Knowing they were all teaching in the newly launched Masters program in Information Technology Digital Forensics made it a very simple decision to continue my education in this exciting program. I would also like to thank Professors Sammy Abaza, and Murali Ramaswamy for serving as my technical mentors throughout my coursework. Their tireless support for a myriad of questions well outside the general course outlines was greatly appreciated. Lastly, this document could not have been crafted without the continual support, patience and good humor of Dr. Novadean Watson-Stone. While I endeavored to write about the emerging technologies of cloud computing and e-discovery, she provided continual feedback, moral and academic support, editing guidance, and went to great lengths to procure requested sources that were in many cases only a few weeks old. Her guidance, enthusiasm and confidence in my abilities were invaluable.
5 v DEDICATION I dedicate this thesis to my son Michael Ziluck, my boyfriend Thomas Mondak, my parents John W. and Joan R. Hearn, my brother John W. Hearn, Jr. and my sister Barbara Allen- Lyall. Without their patience, understanding and support, academic encouragement, and most of all love, the completion of this work would not have been possible.
6 vi ABSTRACT CLOUD COMPUTING AND THE IMPLICATIONS FOR E-DISCOVERY by Ann Hearn Ziluck American Public University System, January XX, 2012 Charles Town, West Virginia Dr. Novadean Watson-Stone, Thesis Professor E-Discovery poses many challenges to legal and information technology teams who must quickly produce information required for litigation. The extraordinary volumes, types, electronic and manual formats, and repositories of data produced by even small organizations must be quickly searched and analyzed as part of the E-Discovery process. Data created and stored in cloud computing, social media and mobile computing environments intensify the typical complexities of e-discovery since traditional advanced search analytics, digital forensics and E- Discovery techniques are more difficult or in some cases impossible with these technologies. Cloud computing and social media environments often prevent extraction of metadata required for defensible production of information. Digital forensics is impossible in some cloud computing environments, preventing experts from obtaining defensible and reproducible data sets. Legal and information technology teams must carefully consider the use of cloud computing and social media environments and ensure their corporate constituents that they are empowered to perform structured, effective, and scientific e-discovery practices for regulatory and legal compliance.
7 vii Table of Contents COPYRIGHT PAGE...ii DECLARATION... iii ACKNOWLEDGEMENTS... iv DEDICATION... v ABSTRACT... vi Introduction... 1 Problem Statement... 2 Purpose... 3 Significance of the Study... 3 Literature Review... 4 E-Discovery... 4 E-Discovery in the Legal and Technical Communities... 6 E-Discovery Searching and Web E-Discovery and Social Media Challenges in E-Discovery Types of Cloud Environments Emerging Challenges from Cloud Computing Digital Forensics in the Cloud and Applications to E-Discovery Cloud Technology and E-Discovery Methodology Subjects and Setting Data Collection Technique Statistical Analysis Limitations of the Study Review of the Problem or Research Question Summary of Literature Review Recommendations based on the Literature Review Only References... 48
8 Cloud Computing - The Impact on E-Discovery Introduction E-discovery is an emerging and challenging field that combines the efforts of both legal and technology professionals in the production of electronic information required for litigation. Litigants are required to provide electronic information in a commonly agreed upon format often under extraordinary time constraints dictated by the courts. Organizations are required to search for and preserve documents and data, and must take reasonable steps to do so. This includes notifying all parties that might have the ability to destroy, alter, or otherwise compromise relevant information, and monitoring individual data custodians. The task of searching for and preserving the integrity of data is monumental, even when considering the volume of information created by a small organization that must search through all business transactions, paper documents, backup tapes and historical archives, foreign language documents, and any Web 2.0 information (Schuler, Peterson, & Vincze, 2009). Cloud computing is an emerging paradigm that provides organizations with remote, scalable, on-demand network computing resources that require only minimal management effort. It also offers substantial cost savings over traditional datacenter network operations. However, Mell and Grance (2011) from the NIST caution readers that "security, interoperability, and portability" (p. 3) are some of the major considerations or barriers to widespread adoption of these methodologies. Brodkin (2008) from the Gartner Group agrees, and adds, "Data integrity, recovery, privacy and regulatory compliance are key issues to consider" (p. 1). Brodkin (2008) also makes a strong statement that "Investigating inappropriate or illegal activity may be impossible in cloud computing" (p. 2). Cloud hosting providers may not be willing or able to produce network logs due to shared tenancy on internationally dispersed and constantly changing
9 2 servers. Brodkin (2008) continues by quoting Gartner researchers Heiser and Nicolett (2008) who commented that if the cloud vendor cannot not contractually commit their support for specific investigations and e-discovery practices, and demonstrate previous successful instances of discovery compliance, then "the only safe assumption is that investigation and discovery requests will be impossible" (Brodkin, 2008, p. 1; Heiser & Nicholett, 2008, p. 4). Rule 26 of the Federal Rules of Civil Procedure (FRCP) according to Cornell University Law School Staff (n.d.) are explicit with regard to the timely production of documents and information stored in electronic form owned by the disclosing party. Initial production and disclosure of information under the FRCP is generally required within 30 days of the Rule 26 conference between the two litigants. The literature suggests that cloud computing intensifies the common difficulties involved in e-discovery projects, taking them to an exponentially greater level, and may prevent discoverability entirely. Problem Statement Cloud computing environments can be used to host entire enterprise systems to empower a mobile workforce with the added benefits of considerably reducing costs and resources required to maintain a networked computing infrastructure. Cloud computing environments are also linked with social media and Web 2.0 data that plays an important part in the scope of discoverable enterprise data. Cloud computing seems to exacerbate the complexities of the practice of e-discovery making advanced search analytics, digital forensics and e-discovery far more difficult or impossible. Further research could illustrate these complexities and help to educate organizations when making cloud computing choices, and change the contractual assurances that cloud vendors must ultimately provide to empower their customers to perform e- discovery for regulatory and legal compliance.
10 3 Purpose The purpose of this research is to illustrate the complexities or impossibilities of e- discovery in cloud computing environments and determine if this knowledge can empower corporate customers to require discovery and forensic compliance by cloud vendors. Significance of the Study Cloud computing is an emerging paradigm that is experiencing widespread exposure and enormous marketing efforts in the information technology communities. Cloud vendors are working diligently to position themselves to take advantage of the potential market share of this technology. Literature in support of this paradigm promotes the potential for substantial savings in terms of networks and personnel, increased security, scalability, and even reduction of an organizations carbon footprint. What are not discussed in detail are the limitations or impossibility of e-discovery and digital forensic acquisition and investigation of enterprise data in the cloud environment. This paper will include literature reviews of expert commentary on the dangers of cloud computing with regard to e-discovery, and the need for verifiable proof that a cloud-hosting vendor will provide access to the network data required for digital forensics and compliance with e-discovery requests.
11 4 Literature Review E-Discovery Attorneys have performed searches for relevant documents for generations, combing through paper records in file cabinets, ledgers, logs and bank boxes. In many instances, the team producing the documents has "dumped" this information on the opposing party in an attempt to shift the burden of searching through voluminous records. Prior to the widespread use of computer systems, discovery of paper documents was typically possible to complete in the required time and considered an effective and virtually perfect way of producing information for litigation. Searching has always been a monumental task although modern computer systems have compounded these difficulties in staggering ways. Organizations create and store tens of thousands of times as many records as they did just two decades ago and this information is often stored in many places and varying formats. Pass (2011) notes that 487 billion gigabytes of data were created globally in 2008 and that this astounding number will double at least every 18 months. The practice of E-Discovery encompasses not only searching for relevant information using a wide variety of electronic search methods, but also the automation of these processes, manual review of electronically discovered data, as well as accessibility and retention policies and practices (Pass, 2011). Electronically stored information (ESI) is information that is created and stored in digital form and accessible using computer hardware and software. ESI normally includes metadata, which is data about data. When documents, images and many other types of electronic data are created, information is added either to the digital file or in an attached/associated file such as the name, type, size of the file, location and ownership. Digital cameras often record the date and time of image creation and word processing documents contain metadata that often includes the
12 5 author, time and date of creation and the last date modified. Digital audio files contain the album name, song title, date recorded, and artist. Metadata is created and updated automatically by the computer application and may be created by the end user. E-Discovery experts must locate documents and files relevant to their cases, but also the associated metadata that contains valuable evidence about each file (Schuler, Peterson & Vincze, 2009) The practice of digital forensics is also an important aspect of the E-Discovery process, since all information produced for litigation must also be defensible. Defensibility includes the people, search methodologies, collection methods, documentation, and chain of custody involved in the production of electronic data. Opposing counsel may question the methods of searching, producing, and chain of custody of files and documents. E-Discovery experts must therefore adhere to the sound and scientific practices of digital forensics in order to maintain admissibility of information in a court of law (Schuler et al., 2009). The Federal Rules of Civil Procedure (FRCP) that apply to all cases filed in federal court were amended on December 1, 2006 and included details regarding how electronically stored information (ESI) must be handled. Two notorious court cases, Zubulake v. UBS Warburg and Coleman v. Morgan Stanley, are considered catalysts for the FRCP amendment. Judges in these cases determined that data integrity must be forensically sound and that e-discovery responsiveness and diligent examination of evidence are requirements (Schuler et al., 2009). The FRCP amendments included specific guidelines for the early attention and agreement on the types and formats for production of electronically stored data (ESI) as well as the systemized processes required to locate data. Parties are tasked to agree on the search keywords that will produce relevant information for the case, as well as other details including the common format for delivered data (i.e. paper files,.pdf, digital files, or forensic images). Pretrial and discovery
13 6 planning conferences are also requirements for opposing parties as well as strict search and preservation rules once litigation has begun. The FRCP amendments also include the word reasonable with regard to the efforts required for searching. This somewhat ambiguous term is the cause of much discussion in courts and the legal community. It also highlights the need to examine organizational data retention and destruction policies, since it is reasonable to search only data that exists as part of a regular retention policy. Organizations that historically retained backup tapes from old systems no longer in use for many years may reconsider these policies with regard to potential E-Discovery requirements. If an organization only retains backup information for a specific period, it is not reasonable to expect them to search and produce data outside of those retention parameters (Schuler et al., 2009). The Coleman v. Morgan Stanley case in 2004 is an example where sound retention policies may have been critically important. A Morgan Stanley IT executive testified that all relevant records had been provided to the court, when in fact 1600 unsearched backup tapes were discovered that might have contained important information. The court responded by awarding almost $1.8 billion dollars in damages to Coleman and determined that Morgan Stanley had committed fraud. The omission of the old backup tapes may have been an honest oversight or an attempt to conceal digital evidence, but it certainly illustrates the importance of proactively managing data and creating logical retention and destruction policies (Schuler et al., 2009). E-Discovery in the Legal and Technical Communities E-Discovery combines the efforts of the legal, technical, and many other departments in a typical organization. There are significant costs and penalties if litigants violate the Federal Rules of Civil Procedures and organizations are becoming keenly aware of the importance of implementing effective discovery processes. It is important for organizations to be prepared to
14 7 respond to e-discovery requests in a manner that is accurate, reliable, cost-effective, and timely. Technology is now an important part of the E-Discovery process and can be used to reduce the time and effort required to provide documentation for review by the producing organization's legal counsel. A wide range of software systems are commercially available that not only facilitate the search processes, but also provide integrated data retention methodologies and forensically sound capture and segregation features designed specifically for E-Discovery (Schuler et al., 2009). Organizations create, receive, and store information in a wide range of formats and locations. Data relevant to an E-Discovery case may include paper records, , digital telephone, audio and video files, engineering CAD drawings, social media information, and information from database systems. Information may also be stored in countless places and on many types of digital media. Many organizations own and manage their own data centers and regularly backup their data to removable media or offsite storage systems. Relevant data may also be stored in cloud environments, vendor-hosted environments, or on servers owned by social media organizations. Staff in various offices may have company data stored on their desktop computers, personally owned computers, removable media such as flash drives and CD's and even on their own Smartphone's. Information technology staff must maintain a clear and detailed map of where all of their data is stored in the event that these widely distributed repositories must be searched for litigation. Organizations that create record retention policies must consider and map all possible data repositories since the scheduled destruction of information can provide enormous litigation cost savings if properly managed. Companies should avoid the necessity to explain to a court why information outside the retention period exists in some instances, and not others. Some
15 8 organizations are subject to specific retention periods for legal, contractual or other important reasons that must be factored into the overall plan. Mapping data locations and identification of data custodians can be an enormous task, however, if an e-discovery request is received, it is far better to have a documented plan and formal processes in place. The legal, technical, human resource and other departments may form a discovery response team to handle these tasks, with specialists who are responsible for various parts of the process. Litigants who can demonstrate structured policies with clearly defined retention and destruction periods are able to defend these policies in a court of law. If opposing litigants request information that is outside of the normal retention period, the organization cannot reasonably produce this information since it no longer exists (Schuler et al., 2009). The combination of efforts between legal and information technology departments is necessary to determine the E-Discovery readiness for the organization. The legal staff understand the litigation requirements, and the information technology staff know where and how information is stored. Working together these groups can determine the systems that are available or must be implemented to support discovery, and ways that these systems can be leveraged to reduce costs, risk and speed of data production for litigation. It may also be important to investigate available external resources that may help to facilitate and respond defensibly to an E-Discovery request. E-Discovery Searching and Web 2.0 The Federal Rules of Civil Procedure (FRCP) include specific rules regarding pre-trial activities. Rule 16(b) outlines the necessity for a Pretrial Conference where litigants discuss the disclosure provisions and any claims either party may have regarding privileged relevant information. Rule 26(f) of the FRCP mandates discussions regarding information preservation,
16 9 discovery of information and a mutually acceptable form of data production. Some litigants require paper copies of all information including relevant metadata for each item. Others may request.pdf formats, or even forensic images of the information. These early conferences and discussions also include the establishment of a list of search terms and date ranges that will be used in the search and discovery processes to locate relevant information. The most critical phase of the E-Discovery process according to Schuler, Peterson and Vincze (2009) is the effective search for data and identification since the requirement to protect, preserve and present relevant and forensically sound data in a court of law may be necessary for any organization. The demonstration that a litigant has made a "good-faith" or reasonable effort to locate and preserve data required for review is a somewhat gray area of the law but Schuler et al. (2009) note that the courts take immediate action if a litigant does not meet their obligations to preserve data. Litigants must provide relevant data including associated metadata in order to present the complete documentation requested. Metadata is both file and system data, which in the example of an would be the header information that contains the sender and recipient addresses, the IP address and other identifications pertinent to the transmission, plus the server logs that show receipt of the transmission (Schuler et al., 2009). Some organizations manage sophisticated fully integrated content and e-discovery management systems used to identify, preserve and manage data and documents used in litigation. These software systems provide advanced tools that allow legal and information technology professional's access to comprehensive search tools with the ability to mark discovered documents for retention. The search capabilities of some of the e-discovery software market leaders are capable of examining data from social networking sites, company database
17 10 and customer relationship management (CRM) applications and also electronic backup archives of and other documents (Schuler et al., 2009). James (2011) documents a webcast where E-Discovery professionals including Craig Ball, attorney and forensic technologist, discuss data mapping as the starting point for effective searching during the e-discovery process. According to James (2011) data mapping is the creation of a data inventory that is a critical element in the process, and is a guide of "where to look" for information that may be relevant to a case including paper, electronic data and documents, and voice mail messages. This process should involve checklists, in-person interviews with key custodians and always remembering to consider paper documents, home computers, and other places where corporate data may reside. Data custodians may forget data and documents that they produce in the course of their work so James (2011) notes that Craig highly recommends asking open ended questions and looking around the physical environment (James, 2011). Searching for information often includes a number of different approaches including basic search techniques of custodian self-collection, and hard drive imaging. Electronic searches include keyword, metadata and Boolean searches. More advanced approaches include analytic technology that allows clustering and categorization, as well as concept and contextual searches. Organizations may have relevant data in their legacy relational database systems, structured and non-structured data warehouses, Web 2.0 sites such as blogs and social media websites and on backup tapes and offsite data repositories used for disaster recovery. Many data warehouse systems allow sophisticated searching for data based on concepts and contextual information and can be very useful for locating information. An unstructured data analytical engine is capable of locating abstract references, where a search for BAS might locate documents that the acronym
18 11 BAS is related to including Basic Allowance for Subsistence', Broadband Access Server, Basic programming language and/or Bulgarian Academy of Sciences, or things such as references to botany in fifteen languages (Inmon et al., 2011). Schuler et al. (2009) caution readers that keyword, date and custodian searching may not be sufficient to provide and preserve relevant ESI since the many different search methods can produce widely varied results. Each software application used in an E-Discovery case should be tested thoroughly for accuracy. Some software systems handle things such as abbreviations and polysemy more effectively than others do. Natural language synonymy also presents problems as do variations of words and names such as "Bob" and "Robert" and the possibility of foreign languages. Schuler et al. (2009) also comment that traditional keyword search engines are unable to discover data on alternate data sources such as video and voice recordings and may result in millions of irrelevant matches (Schuler et al., 2009). Akers, Mason and Mansmann (2011) discuss the concept of analytic searching called "Latent Semantic Analysis" (p. 41). This technique includes production of documents based on both their content and keyword matches and electronically resembles the methods of human deduction from natural language, and which provides a weighting system for the results. The ideal E-Discovery search system according to Akers et al. (2011) would include efficient search capabilities able to analyze the full content of digital files and their metadata with comprehensive capabilities for weighting, analysis, validation and extraction of data. A virtual index stores the content and metadata separately and can grow exponentially while still allowing autonomous searches on either metadata or content. Sophisticated systems must be able to perform virtual indexing to handle the large data sets in use today that may be many terabytes in size (Akers et al., 2011).
19 12 Although some sophisticated software applications are capable of searching Web 2.0 content, there are difficulties producing the associated metadata from these websites. Web 2.0 interactive collaborative websites such as blogs, social media websites and wiki's will not or cannot provide the complete metadata. However, this information is still being used in American courts, typically in printed or web archive formats, yet does not contain the actual associated metadata that is normally required for defensible data production (Meyer, 2009). There are many different approaches to data identification and searching for relevant data during an e-discovery event. Some organizations employ outside legal and technical resources to assist with what can be an arduous process; others maintain a comprehensive mix of strict data policies and both content management and e-discovery software that is continuously updated and maintained. Regardless of a formal structured policy-based approach or one that is specific to a particular discovery case, the processes must be structured, well documented, and detailed enough to ensure that opposing council cannot claim there is a lack of participation and timely production of defensible data. E-discovery teams may place holds on many different types of data including forensic images, physical documents, and data files containing financial figures, documents, voice messages and even content from company social networking or web sites. The manual approach that some organizations take may seem cumbersome or even prehistoric to others who spend millions of dollars annually preparing for the eventual litigation request, but although the methods may be vastly different, the result of producing defensible, repeatable, and timely data is a necessity (Schuler et al., 2009).
20 13 E-Discovery and Social Media The volume of data that is created on social media websites has reached astronomical proportions and is expected to increase substantially in the coming years. Frazier (2011) reports that Facebook users post over 30 billion individual pieces of digital content each month including comments, links, images, and videos. In 2010, over 25 billion tweets were posted on the popular Twitter website and that same year over 6 trillion text messages were exchanged. The lines between personal and organizational use of social and mobile media are typically very clear; however, many company-owned computers and mobile devices are being used by employees for non-company activities (Frazier, 2011). Some organizations consider regulating employee use of social media yet this does little to stop their staff from engaging in social media discussions and posting updates to these popular websites through the use of their own Smartphone's and computers. Frazier (2011) comments that social and mobile media has been over-dramatized to some degree with regard to e- discovery and that "E-Discovery regulations do not pose an immediate and large threat to large corporations" (p. 1). Frazier (2011) notes that courts and E-Discovery experts distinguish between corporate and individual social media accounts allowing ample time for legal teams to consider a proactive and pragmatic approach to collecting this information. Jaeger (2011) disagrees and provides statistics from an enterprise strategy group that 58 percent of organizational respondents already include social media applications in their E- Discovery collections including data from Facebook, Twitter and LinkedIn. Jaeger (2011) also reports that this same study reveals that cloud-based data "will parallel the expected rise in social media discovery" (p. 1).
Bringing the Cloud into Focus A Whitepaper by CMIT Solutions and Cadence Management Advisors Table Of Contents Introduction: What is The Cloud?.............................. 1 The Cloud Benefits.......................................
Archiving and The Federal Rules of Civil Procedure: Understanding the Issues An ArcMail Technology Research Paper ArcMail Technology, Inc. 401 Edwards Street, Suite 1620 Shreveport, Louisiana 71101 www.arcmailtech.com
ZL UNIFIED ARCHIVE A Project Manager s Guide to E-Discovery ZL TECHNOLOGIES White Paper PAGE 1 A project manager s guide to e-discovery In civil litigation, the parties in a dispute are required to provide
TM GUIDANCE SOFTWARE EnCASE ediscovery EnCase ediscovery Automatically search, identify, collect, preserve, and process electronically stored information across the network. GUIDANCE SOFTWARE EnCASE ediscovery
INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS CLOUD COMPUTING Cloud computing is a model for enabling convenient, ondemand network access to a shared pool of configurable computing
EnCase Enterprise/ ediscovery Strategic Consulting EnCase customers now have a trusted expert advisor to meet their discovery goals. NightOwl Discovery offers complete support for the EnCase Enterprise
Introduction to Cloud Computing Srinath Beldona firstname.lastname@example.org Agenda Pre-requisites Course objectives What you will learn in this tutorial? Brief history Is cloud computing new? Why cloud computing?
MDLA TTS August 23, 2013 ediscovery for DUMMIES LAWYERS Kate Burke Mortensen, Esq. email@example.com Scott Polus, Director of Forensic Services firstname.lastname@example.org 1 Where Do I Start??
UNDERSTANDING E DISCOVERY A PRACTICAL GUIDE 1 What is ESI? Information that exists in a medium that can only be read through the use of computers Examples E-mail Word Documents Databases Spreadsheets Multimedia
ACADEMIC AFFAIRS COUNCIL AGENDA ITEM: 8.D DATE: March 15, 2007 ****************************************************************************** SUBJECT: Electronic Records Discovery Electronic records management
Information Security: Cloud Computing Simon Taylor MSc CLAS CISSP CISMP PCIRM Director & Principal Consultant All Rights Reserved. Taylor Baines Limited is a Registered Company in England & Wales. Registration
E-mail Management: A Guide For Harvard Administrators E-mail is information transmitted or exchanged between a sender and a recipient by way of a system of connected computers. Although e-mail is considered
White Paper Why Should You Archive Your Email With a Hosted Service? An Osterman Research White Paper Published January 2008 Executive Summary Email is the primary communication system and file transport
If you have any technical problems with the Webcast or the streaming audio, please contact us via email at: email@example.com Thank You! THIS WEBCAST WILL BEGIN SHORTLY Cloud-Based vs. On-Premise ediscovery
: Discovering What There Is to Discover One of the challenges in electronic discovery is identifying the various sources of electronically stored information (ESI) that could potentially be relevant to
Policy No: 3008 Title of Policy: Preservation and Production of Electronic Records Applies to (check all that apply): Faculty Staff Students Division/Department College _X Topic/Issue: This policy enforces
Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director
Make better decisions, faster March 2008 Integrated email archiving: streamlining compliance and discovery through content and business process management 2 Table of Contents Executive summary.........
PGP White Paper June 2007 Enterprise Data Protection Version 1.0 PGP White Paper Enterprise Data Protection 2 Table of Contents EXECUTIVE SUMMARY...3 PROTECTING DATA EVERYWHERE IT GOES...4 THE EVOLUTION
E-Discovery Quagmires An Ounce of Prevention is Worth a Pound of Cure Rebecca Herold, CISSP, CISA, CISM, FLMI Final Draft for February 2007 CSI Alert While updating the two-day seminar Chris Grillo and
2016 CLM Annual Conference April 6-8, 2016 Orlando, FL Reduce Cost and Risk during Discovery E-DISCOVERY GLOSSARY Understanding e-discovery definitions and concepts is critical to working with vendors,
International Journal of Information Technology and Knowledge Management January-June 2012, Volume 5, No. 1, pp. 27-30 AN OVERVIEW ABOUT CLOUD COMPUTING R. Anandhi 1, and K. Chitra 2 ABSTRACT: This paper
E-PAPER DECEMBER 2014 Guide to Information Governance: A Holistic Approach A comprehensive strategy allows agencies to create more reliable processes for ediscovery, increase stakeholder collaboration,
Symantec Enterprise Vault and Symantec Enterprise Vault.cloud Better store, manage, and discover business-critical information Solution Overview: Archiving Introduction The data explosion that has burdened
ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS Shirley Radack, Editor Computer Security Division Information
White Paper on CLOUD COMPUTING INDEX 1. Introduction 2. Features of Cloud Computing 3. Benefits of Cloud computing 4. Service models of Cloud Computing 5. Deployment models of Cloud Computing 6. Examples
IT@Intel White Paper Intel IT IT Best Practices IT Governance and IT Consumerization June 2012 Successful ediscovery in a Bring Your Own Device Environment Executive Overview Close collaboration between
Security Considerations for Public Mobile Cloud Computing Ronnie D. Caytiles 1 and Sunguk Lee 2* 1 Society of Science and Engineering Research Support, Korea firstname.lastname@example.org 2 Research Institute of
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
This is a sample approach to developing a sound document collection process, referenced at Section II(7)(vi) of the Guidelines on Best Practices for Litigating Cases Before the Court of Chancery. It should
1 Introduction to Cloud Computing CERTIFICATION OBJECTIVES 1.01 Cloud Computing: Common Terms and Definitions 1.02 Cloud Computing and Virtualization 1.03 Early Examples of Cloud Computing 1.04 Cloud Computing
Private Cloud Computing Essentials The 2X Private Cloud Computing Essentials This white paper contains a brief guide to Private Cloud Computing. Contents Introduction.... 3 About Private Cloud Computing....
Kent State University s Cloud Strategy Table of Contents Item Page 1. From the CIO 3 2. Strategic Direction for Cloud Computing at Kent State 4 3. Cloud Computing at Kent State University 5 4. Methodology
The Sumo Logic Solution: Security and Compliance Introduction With the number of security threats on the rise and the sophistication of attacks evolving, the inability to analyze terabytes of logs using
E-Discovery Basics For the RIM Professional By: Andy Sokol, CEDS, CSDS Adding A New Service Offering For Your Legal & Corporate Clients Learning Objectives What is Electronic Discovery? How Does E-Discovery
Protecting Data with a Unified Platform The Essentials Series sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor For several years now, Realtime has produced dozens and dozens
Secure Cloud Computing through IT Auditing 75 Navita Agarwal Department of CSIT Moradabad Institute of Technology, Moradabad, U.P., INDIA Email: email@example.com ABSTRACT In this paper we discuss the
Harnessing the Power of Big Data for Real-Time IT: Sumo Logic Log Management and Analytics Service A Sumo Logic White Paper Introduction Managing and analyzing today s huge volume of machine data has never
Assessing Risks in the Cloud Jim Reavis Executive Director Cloud Security Alliance Agenda Definitions of Cloud & Cloud Usage Key Cloud Risks About CSA CSA Guidance approach to Addressing Risks Research
Information Governance in the Cloud TABLE OF CONTENTS Executive Summary...3 Information Governance: Building a Trusted Foundation for Business Content...5 The Challenge...5 The Solution....5 Content and
Quick guide: Using the Cloud to support your business This Quick Guide is one of a series of information products targeted at small to medium sized enterprises (SMEs). It is designed to help businesses
Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where
Legal Arguments & Response Strategies for E-Discovery The tools to craft strategic discovery requests & mitigate the risks and burdens of production. Discussion Outline Part I Strategies for Requesting
University of California, Merced Measures Regarding Litigation Holds and Preservation of Electronically Stored Information (ESI) Responsible Officials: Executive Vice Chancellor and Provost Vice Chancellor
Who moved my cloud? Part I: Introduction to Private, Public and Hybrid clouds and smooth migration Part I of an ebook series of cloud infrastructure and platform fundamentals not to be avoided when preparing
John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management
How cloud computing can transform your business landscape Introduction It seems like everyone is talking about the cloud. Cloud computing and cloud services are the new buzz words for what s really a not
Realizing the Value Proposition of Cloud Computing CIO s Enterprise IT Strategy for Cloud Jitendra Pal Thethi Abstract Cloud Computing is a model for provisioning and consuming IT capabilities on a need
Deploying PRESENTATION Public, TITLE Private, GOES HERE and Hybrid Storage Clouds Enterprise Architecture and the Cloud Author and Presenter: Marty Stogsdill, Oracle SNIA Legal Notice The material contained
1 Purpose and Scope The purpose of this policy is to: Identify the types of College-related electronic information, including the location of the information; Identify what departments or individuals are
102 ediscovery Shakedown: Lowering your Risk Long-Term Care Session HCCA Compliance Institute April 27, 2009 Las Vegas, Nevada Presented by: Diane Kissel, Manager IS Risk & Compliance Kindred Healthcare,
IJCSIT, Volume 1, Issue 5 (October, 2014) e-issn: 1694-2329 p-issn: 1694-2345 A STUDY OF CLOUD COMPUTING MODELS AND ITS FUTURE Tamanna Roy Rayat & Bahra Institute of Engineering & Technology, Punjab, India
Cloud, Community and Collaboration Airline benefits of using the Amadeus community cloud Index Index... 2 Overview... 3 What is cloud computing?... 3 The benefit to businesses... 4 The downsides of public
Lowering E-Discovery Costs Through Enterprise Records and Retention Management An Oracle White Paper March 2007 Lowering E-Discovery Costs Through Enterprise Records and Retention Management Exponential
Kroll Ontrack VMware Forum Survey and Report Contents I. Defining Cloud and Adoption 4 II. Risks 6 III. Challenging Recoveries with Loss 7 IV. Questions to Ask Prior to Engaging in Cloud storage Solutions
Director, Value Engineering April 25 th, 2012 Copyright OpenText Corporation. All rights reserved. This publication represents proprietary, confidential information pertaining to OpenText product, software
BEYOND THE HYPE: UNDERSTANDING THE REAL IMPLICATIONS OF THE AMENDED FRCP PA G E : 1 BEYOND THE HYPE: Understanding the Real Implications of the Amended Federal Rules of Civil Procedure A Clearwell Systems
Questionnaire on Electronically Stored Information (March 17, 2011) I. Definitions and Instructions A. ESI means electronically stored information as the term is used in the Federal Rules of Civil Procedure.
Privacy in the Cloud Computing Era A Microsoft Perspective November 2009 The information contained in this document represents the current view of Microsoft Corp. on the issues discussed as of the date
Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH White Paper February 2010 www.alvandsolutions.com Overview Today s increasing security threats and regulatory
WRITTEN TESTIMONY OF NICKLOUS COMBS CHIEF TECHNOLOGY OFFICER, EMC FEDERAL ON CLOUD COMPUTING: BENEFITS AND RISKS MOVING FEDERAL IT INTO THE CLOUD BEFORE THE COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM
Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer
Questionnaire on Electronically Stored Information (May 2014) Comment The Questionnaire is intended to be a comprehensive set of questions about a company s computer systems. The extent to which you should
Computing in a Regulated Environment White Paper by David Stephenson CTG Regulatory Compliance Subject Matter Expert February 2014 CTG (UK) Limited, 11 Beacontree Plaza, Gillette Way, READING, Berks RG2
Cloud Enabled Business Transformation Carl Rönnerstam March 14 th 2012 Carl Rönnerstam Head of IT Strategy & Transformation KPMG Advisory Sweden Management Consulting Telephone +46 766 312 590 firstname.lastname@example.org
IMPACT: International Journal of Research in Engineering & Technology (IMPACT: IJRET) ISSN(E): 2321-8843; ISSN(P): 2347-4599 Vol. 2, Issue 3, Mar 2014, 101-106 Impact Journals SECURITY THREATS TO CLOUD
Datosphere Platform Product Brief No organization is immune to the explosive growth in the volume of electronically stored information (ESI). The rapid growth of ESI is having a tangible impact upon organizations
Right-Sizing Electronic Discovery: The Case For Managed Services A White Paper 1 2 Table of Contents Introduction....4 An Overview of the Options...4 Insourcing: Bringing E-Discovery Processes In-House....4
RESEARCH PAPER Email archives: no longer fit for purpose? Most organisations are using email archiving systems designed in the 1990s: inflexible, non-compliant and expensive May 2013 Sponsored by Contents
Effective Practices for Cloud Security Effective Security Practices Series Moving some internal processes to the cloud initially looks appealing: lower capital costs, more centralized management and control,
A UBM TECH WHITE PAPER MAY 2013 Communications in the Cloud: Why It Makes Sense for Today s Business Unified communications delivered in the cloud can help businesses of all sizes address many collaboration
Contact Information: February 2011 zimory scale White Paper Relational Databases in the Cloud Target audience CIO/CTOs/Architects with medium to large IT installations looking to reduce IT costs by creating
Using On-Demand Technology and Workflows to Speed Discovery and Reduce Expenditure June 11, 2015 Stu Van Dusen Lexbe LC ediscovery Webinar Series Info Future Takes Place Monthly Cover a Variety of Relevant
1 The following is merely a collection of notes taken during works, study and just-for-fun activities No copyright infringements intended: all sources are duly listed at the end of the document This work
Leveraging the Cloud for Your Business by CornerStone Telephone Company 2 Third Street Troy, NY 12180 As consumers, we enjoy the benefits of cloud services from companies like Amazon, Google, Apple and
The Cloud: Why it makes sense for your business TABLE OF CONTENTS THE CLOUD: WHY IT MAKES SENSE FOR YOUR BUSINESS INTRODUCTION CHAPTER 1 CHAPTER 2 CHAPTER 3 CONCLUSION PAGE 3 PAGE 5 PAGE 9 PAGE 12 PAGE
Electronic Discovery How can I be prepared? September 2010 Presented by Brian Wilkinson, Director of ediscovery & Computer Forensics email@example.com 410-659-3473 Table of Contents Page 1 Electronic
What Every User Needs To Know Before Moving To The Cloud LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud 1 What is meant by Cloud Computing, or Going To The Cloud? A model
International Journal Of Scientific Research And Education Volume 2 Issue 10 Pages-2109-2115 October-2014 ISSN (e): 2321-7545 Website: http://ijsae.in ABSTRACT: Database Management System as a Cloud Computing
Cloud Strategy Information Systems and Technology Bruce Campbell What is the Cloud? From http://csrc.nist.gov/publications/nistpubs/800-145/sp800-145.pdf Cloud computing is a model for enabling ubiquitous,
Allison Stanton, Director of E-Discovery U.S. Department of Justice, Civil Division Benjamin Young, Assistant General Counsel U.S. Department of Agriculture 1 Disclaimer The views expressed in this presentation
A Practical Guide to Understanding ediscovery for Insurance Claims Professionals ediscovery Defined and its Relationship to an Insurance Claim Simply put, ediscovery (or Electronic Discovery) refers to
Implementing Hybrid Cloud at Microsoft Published September 2013 The following content may no longer reflect Microsoft s current position or infrastructure. This content should be viewed as reference documentation
Cloud Computing and Big Data. What s the Big Deal? Arlene Minkiewicz, Chief Scientist PRICE Systems, LLC firstname.lastname@example.org 2013 PRICE Systems, LLC All Rights Reserved Decades of Cost Management