This week I participated in a leadership breakfast hosted by the Cowen Group. The breakfast was attended by lawyers and IT personnel from a variety of industries including media and entertainment, manufacturing, law, electronics, healthcare, utilities and more. The point of the roundtable was to discuss the impact of cloud computing on eDiscovery and included discussion on general legal aspects of the cloud.
I could just brain-dump notes, but that’s lazy. So, here are three key takeaways for me.
Data volumes are increasing exponentially and we have to consider “what’s after ‘what’s next?’?”.
One of the facilitators, who was a Director of Legal IS for a Los Angeles-based law firm, referred to the next decade as a “tsunami of electronic data.” Lawyers are more concerned with data that may be part of a lawsuit vs. all the machine-borne data that is starting to flow into our systems. Nonetheless, they specifically called out audio/visual content (e.g. surveillance) that is growing at enormous rates for their clients. Their research showed that the technology was barely keeping up for storing the exabytes of data being acquired each year. If we assume that massive volumes of data will be the norm (e.g. “what’s next”), how we do we manage eDiscovery after that?
Business clients are still getting their head around the cloud.
I suspect that most of us regularly forget that many of our peers in IT, let alone those on the business-side, are not actively aware of trends in technology. Many of the very smart people in this room were still looking for 100-level information on cloud concepts. One attendee, when talking about Wikileaks, said that if you don’t want your data stolen, don’t put it online. I completely disagree with that perspective, as in the case of Wikileaks and plenty of other cases, data was stolen from the inside. Putting data into internet-accessible locations doesn’t make it inherently less secure. We still have to get past some basic fears before we can make significant progress in these discussions.
“Cost savings” was brought up as a reason to move to the cloud, but it seems that most modern thinking is that if you are moving to the cloud to purely save costs, you could be disappointed. I highlighted speed to market and self-service provisioning as some of the key attractions that I’ve observed. It was also interesting to hear the lawyers discuss how the current generation views privacy and sharing differently and the rules around what data is accessible may be changing.
Another person said that they saw the cloud as a way to consolidate their data more easily. I actually proposed the opposite scenario whereas more choice, and more simplicity of provisioning meant that I now have MORE places to store my data and thus more places for our lawyers to track. Adding new software to internal IT is no simple task so base platforms are likely to be used over and over. With cloud platforms (I’m thinking SaaS here), it’s really easy to go best-of-breed for a given application. That’s a simple perspective, as you certainly CAN standardize on distinct IaaS and SaaS platforms, but I don’t see the cloud ushering in a new era of consolidation.
One attendee mentioned how “cloud” is just another delivery system and that it’s still all just Oracle, SAP or SQL Server underneath. This reflects a simplistic thinking about cloud that compares it more to Application Service Providers and less like multi-tenet, distributed applications. While “cloud” really is just another delivery system, it’s not necessarily an identical one to internal IT.
It’s not all basic thinking about the cloud as these teams are starting to work through sticky issues in the cloud regarding provider contracts that dictate care, custody and control of data in the cloud. Who is accountable for data leaks? How do you do a “hold” on records stored in someone’s cloud? We discussed that the client (data owner) still has responsibility for aspects of security and control and can’t hide behind 3rd parties.
Better communication is needed between IT and legal staff
I’ll admit to often believing in “ask for forgiveness, not permission” and that when it comes to the legal department, they are frequently annoyingly risk-averse and wishy washy. But, that’s also simplistic thinking on my own part and doesn’t give those teams the credit they deserve for trying to protect an organization. The legal community is trying to figure out what the cloud means for data discovery, custody and control and need our help. Likewise, I need an education from my legal team so that I understand which technology capabilities expose us to unnecessary risk. There’s a lot to learn by communicating more openly and not JUST when I need them to approve something or cover my tail.