In Search Of The Holy Grail To Information Governance
By Simon Taylor, Sr. Director of Information Access Management, CommVault
I'd like to propose a question given the latest 2009 eDiscovery market & vendor positioning from a leading industry analyst. Are Compliance and eDiscovery separate IT challenges or are they inextricably connected?
Current analyst thinking looks at both the eDiscovery and Compliance markets as being fulfilled by forms of archiving solutions. The rationale for this is simple: to discover electronic evidence and preserve its integrity, the preference of traditional solutions is to move or take a copy of data and store it in an "archive" silo. This is perfect until you need to discover data from diverse structured and unstructured data sources and then the amount of copied data that has to be consumed to fit this strategy is colossal. There is also the potential for significant legal costs for the processing of this data.
To make sense of this, analysts have conveniently segmented the eDiscovery market into lower end and upper end solutions depending on eDiscovery capability and onsite or hosted (cloud) focus. Specifically, lower end solutions are about identification, collection and preservation while upper end solutions are focused on processing, review, analysis and production.
The compliance market on the other hand, is about retention and supervision. If we use archiving solutions for compliance, we end up storing data in yet another silo so it can be indexed, searched and sampled. Are these really separate use cases that ultimately drive the need for separate silos of data or is it more of a business-driven perspective? The answer to this really depends on how businesses view information risk and more importantly how data is accessed across the enterprise.
We know Compliance and eDiscovery business requirements are driven by the need to manage different types of information risk – the risk of not being able to find evidence during litigation and the risk of not retaining records in compliance with specific legislation, or in other words an inability to access or organize relevant information. After all, why retain data if you can't search or organize it?
Enter the "archive", which is used to copy or move information into a repository so you can index it for access. The trouble is for an archive to be effective for either litigation or compliance, ALL of the data that you anticipate needing to access must be in the archive so it can be indexed, searched and sampled. Is this realistic or practical? Can a single archive possibly contain all of the unstructured and structured information you need across the enterprise, given the scope and search criteria applied to potential data sources, e.g. email systems, file systems, document repositories, laptops, desktops, databases, and backups. The answer is, for all intents and purposes, an unquestionable NO; never mind the associated IT cost burden caused by segmenting and securing data in this way.
The bottom line: the "archive" paradigm is outdated. Solutions that need to archive for eDiscovery or Compliance do this because they can't proactively reach all sources of information in either an "active" or "passive" sense so they move or take a copy of what they can. Offline or backup copies of information also are ignored but are just as important from a risk management perspective.
The Office of Federal Housing Enterprise thought so when it was subpoenaed for documents in litigation and discovered that its IT department had overlooked disaster-recovery backup data that was stored off-site. How many Gartner ranked eDiscovery and Compliance market leaders have the complete capability to intuitively access all "active" and "passive", "online" and "offline" data quickly, whilst also keeping a watchful eye on what is potentially evidence, and at the same time ensuring that data is correctly aligned to retention and disposition policies and, in turn, defined repositories for compliance?
From our perspective, the answer is not many, and CommVault Simpana software is the only unified solution that can do this. Our position is that archiving has a place in the software model for the lifecycle retention of information as it ages and moves from an "active" to a "passive" state. CommVault Simpana software also uses archiving for federated legal hold and preservation, but not to separate or silo data. This is because its singular information management solution can index and access all the data it touches.
Companies like CommVault are blurring the lines between Compliance and eDiscovery to break down the barriers between managing and accessing all information, merging the traditional lower end and upper end category boundaries for true end-to-end eDiscovery efficiency. Lawyers I've spoken to over the last four months at various eDiscovery forums concur and reiterate the same need – to proactively manage information to ease eDiscovery while ensuring efficiency and cost management. What they and compliance officers are calling for is the proactive management of information assets (structured and unstructured) for the primary purpose of organizing and securing retention (Compliance), ease of workflow and access (Discovery), and best in class efficiency and deduplication (Cost Reduction). In my view, this is what Information Governance is about in practical terms and is an approach that many CommVault customers have adopted.
If you still have not made the connection yet, consider just two things:
- Compliance requirements now require the organization and classification of enterprise information for specific retention, disposition and security.
- eDiscovery early case assessments or FOIA (Freedom of Information Act) requests require efficient enterprise level data mining to discover potential evidence from forms of retained and previously classified information.
The key points – access to all enterprise data, classified holistically, retained and stored consistently and securely. The inter-relevancy between Compliance and eDiscovery should now be more obvious and broader than a single archiving silo or eDiscovery use case. Is this enough for analysts to think differently and also look at the market differently? Time will tell. I can only hope that industry analysts broaden their thinking on Information Governance that encompasses both the Compliance and eDiscovery markets. Managing information is as much about the way we organize, retain, and access information across the enterprise as it is about the way we optimize and store it during its lifecycle. This is made possible through the unification of both backup and archiving technologies, on customer sites and into the cloud services world.
SOURCE: CommVault Systems