Conscious Unclouding? A Hard Look at Data Security and the Cloud

The security of data is fast becoming one of the most prominent and visible areas of concern in the selection of eDiscovery software solutions. With public examples of data security failures increasing in regularity and impact, it behooves any discovery solution decision-maker to carefully consider how they manage this important risk factor as they make on and off-premise enterprise software selection decisions.

en flag
nl flag
et flag
fi flag
fr flag
de flag
pt flag
ru flag
es flag

Editor’s Note: As highlighted by Matt Middleton-Leal, General Manager and Chief Security Strategist at Netwrix, a vendor of information security and governance software, many customers are taking a harder look at the cloud services they are using as the promise of off-premise cloud offerings may be offset by considerable security concerns. With enterprise software decisions and data security in mind, the following three article extracts are shared to provide considerations and context that may be helpful to legal, business, and information technology professionals in the eDiscovery ecosystem as they examine on-premise and off-premise offerings through the lens of potential concerns, selection criteria, and market share.

Organizations May ‘Uncloud’ Over Security, Budgetary Concerns

An extract from an article by Matt Middleton-Leal via Dark Reading

While most cloud vendors forecast continued adoption and growth, some customers are taking a harder look at the cloud services they’re using.

With Gartner forecasting cloud revenue to hit $370 billion by 2023, and Microsoft highlighting how cloud has become a core element in enterprise IT, the cloud’s momentum looks unstoppable. But cloud customers are bumping up against some harder realities; according to our most recent cloud data security report, 48% of organizations that store sensitive data in the cloud would consider moving that data back on-premises. It’s a costly and time-consuming proposition, yet organizations are thinking about it. Why?

In most cases, organizations uncloud because they face unexpected issues. Initially, the plurality of organizations migrated to the cloud to cut costs (31%) and ensure availability for remote workers (26%). However, the survey results show that organizations are ready to uncloud due to their inability to ensure the desired level of protection (24%).

About one-third of the organizations would uncloud because they didn’t achieve the initial goals of cloud migration. Among those who moved their data to the cloud to cut costs, 29% are ready to uncloud due to unexpectedly high costs. Among those who moved data to the cloud for security reasons, 27% would uncloud due to considerable security concerns.

Let’s take a closer look at factors that affect the decision to uncloud, as well as possible best practices that could obviate the challenges.

Read the complete article at Organizations May ‘Uncloud’ Over Security, Budgetary Concerns


Avoiding Glittering Generalities in Selecting eDiscovery Software

An extract from an article by Rob Robinson via ComplexDiscovery

Considering Security

“Distrust and caution are the parents of security.” Benjamin Franklin

The security of data is fast becoming one of the most prominent and visible areas of concern in the selection of eDiscovery software solutions. With public examples of data security failures increasing in regularity and impact, it behooves any discovery solution decision-maker to carefully consider how they manage this important risk factor and make decisions based on facts.

Control of data, applications, servers, storage, and network connectivity behind an organization’s firewall has traditionally been viewed as the most secure of available eDiscovery solution deployment options. In this on-premise security approach, an organization has complete control of data and all the elements that might act on the data in the course of eDiscovery. For organizations that have an established security infrastructure, on-premise offerings appear to be a safe approach to eDiscovery security as they minimize security risk through the exercise of the direct control of data.  The on-premise approach also seems highly desirable to many organizations sensitive to data transfer regulations and privacy requirements as it ensures they maintain a direct understanding of the physical location of data and have the ability to act on that data at all times. From an acceptance standpoint, according to a recent eDiscovery industry report from the Aberdeen Group, organizations are 50% more likely to have an on-premise eDiscovery solution than a cloud-based one. With these facts in mind, it seems reasonable to conclude that an on-premise approach to security is a safe method that is and should continue to be used by many organizations as part of their eDiscovery solution even in the face of growing acceptance of off-premise alternatives.

With the mainstream acceptance of cloud computing, the off-premise approach to delivering eDiscovery software is experiencing increasing in acceptance. This acceptance is based on many attributes, one being the evidence that off-premise offerings delivered via SaaS may be able to satisfactorily address many of the security requirements previously only achievable in on-premise offerings. Reasons for this growing acceptance of cloud-centric eDiscovery solutions as secure on-premise alternatives include but are not limited to the following security elements:

  • Sophisticated Encryption: The ability to encrypt data in various states of movement and rest.
  • Security Experts on Staff: The availability of experts to continuously monitor and address security requirements.
  • First Access to Emerging Technologies: The access to emerging technologies based on the size and centralization of data.

These elements of security are increasingly available in cloud offerings and are helping make the use of off-premise eDiscovery solutions acceptable when viewed through the lens of security.

There are also different types of cloud implementations that may contribute to the overall security of a particular cloud-centric solution. There are pure public clouds that operate exclusively on a public cloud infrastructure and are delivered by companies such as Amazon, Microsoft, and Google. There are also private cloud solutions that combine the economic and access benefits of pure public cloud solutions with the added security of provider-owned resources that allow for determination of the exact physical location of data at any time. This ability to reach out and physically locate client data is a desirable security attribute of private clouds, especially in light of increasing regulatory and legal requirements around the disposition and disposal of personally identifiable information.

Given the current state of security of most public and private cloud eDiscovery offerings, it seems reasonable to suggest that there are many appropriate cloud-based offerings from a solely security-centric perspective.

Regardless of the on-premise or off-premise approach, there are always some areas of security concern that transcend the delivery approach. One example of this type of security concern is the transfer of productions outside of the firewall or cloud-secured environment to requesting parties. However, there are also many ways to mitigate even this risk through the use of secure transfer protocols, encryption, and shared access to secure servers managed with role-based access. In fact, some vendors present this concern of data transfer security argument as a reason not to consider a solution when in fact the real reason the vendor highlights this risk is that getting data out of their system is incredibly time-consuming and they want to direct users to proprietary approaches that mitigate data transfer speed deficiencies. Said differently, when evaluating software provider arguments and objections to differing security concerns, make sure you accurately understand the cause of the concern as it may be more related to performance deficiencies than security deficiencies.

Quick Takeaway: Both on-premise and off-premise offerings may be sufficient to meet organizational security requirements. However, some approaches may mitigate security risk more comprehensively than others, so it is important to understand current and potential future security requirements when selecting eDiscovery software.

Read the complete article at Avoiding Glittering Generalities in Selecting eDiscovery Software


On and Off-Premise eDiscovery Software Spending

An extract from an article from ComplexDiscovery

eDiscovery software market spend is estimated at approximately $3.39B in 2019 (30.19% of the total market) and estimated to grow at a Compound Annual Growth Rate (CAGR) of approximately 13.05% to $6.26B in 2024 (30.36% of the total market).

On and Off-Premise Software Spending

On-Premise software spending is estimated at approximately 46% of worldwide eDiscovery software spending in 2019, with that number decreasing to approximately 36% by 2024. While the percentage of spend is decreasing over time, the actual dollar spend is estimated to increase based on overall software market growth, growing from $1.56B in 2019 to $2.25B in 2024.

Off-Premise software spending is estimated at approximately 54% ($1.83B) of worldwide eDiscovery software spending in 2019, with that number increasing to approximately 64% ($4.01B) by 2024.

The eDiscovery Software Market: An On and Off-Premise Spending Overview

eDiscovery Software Market (2019-2024)

Read the complete article at An eDiscovery Market Size Mashup – 2019-2024 eDiscovery Software and Services Overview


Additional Reading

Source: ComplexDiscovery

ComplexDiscovery combines original industry research with curated expert articles to create an informational resource that helps legal, business, and information technology professionals better understand the business and practice of data discovery and legal discovery.

All contributions are invested to support the development and distribution of ComplexDiscovery content. Contributors can make as many article contributions as they like, but will not be asked to register and pay until their contribution reaches $5.