Given all the hype for Cloud Computing these days, it’s nice to read a counter-perspective.
Key deployment blockers highlighted in Part 1 include:
- Current enterprise apps can't be migrated conveniently
- Risk: Legal, regulatory, and business
- Difficulty of managing cloud applications
- Lack of SLA
- Lack of cost advantage for cloud computing
If you have time to read all the parts of this article, it’s worth a ready.
Title says it all. “IT And Legal Make A Great Team. Yeah, Right.”
Prince, Kevin. Top 9 IT Security Threats and Solutions. Sarbanes-Oxley Compliance Journal. Feb. 16, 2009.
Some highlights out of the Top 9 IT Security Threats and Solutions relative to Sarbanes-Oxley mentioned in this article:
Threat #4 … with social engineering you compromise a human by tricking him/her into supplying personal information and passwords. Any method of communication will be used to perpetrate this fraud including telephones, mobile phones, text messaging, instant messaging, impersonation of support/vendor staff and social networking sites …. (emphasis mine)
McAllister, Neil. The 25 greatest blunders in tech history (IMO). New Zealand PCWorld. Feb. 23, 2009.
Listed as a part of the #1 greatest blunder in tech history, e-mail and instant messaging data leaks and security are a considered major problem. A quote:
The web, email, and instant messaging have given criminals unprecedented opportunities for fraud, scams, and electronic spying. In 2007, corporations lost customer data to cyberthieves like never before. And today's vast digital repositories make for very juicy targets that can be copied onto a few DVDs slipped unnoticed in a jacket pocket.
More reason to control those leak apps, notably e-mail and instant messaging, be it OCS, SameTime, Jabber or all of the public and financial IM solutions.
Kincaid, Jason. The AP Reveals Details of Facebook/ConnectU Settlement With Greatest Hack Ever. TechCrunch. Feb. 11, 2009.
For the past four years I have been talking at various conferences about this method of ‘unredacting’ improperly-redacted PDF documents by simply copying them and pasting into a new document.
Facebook/ConnectU just got stung, and this technique is getting a lot of publicity as a result.
It will only be a matter of time before someone takes the time to start searching other publicly-posted “redacted” documents to see which ones are similarly improperly redacted. When I first started talking about this method, I ran some tests against documents I found on websites of companies that are household names … I was shocked to see how many of them used this method of redacting.
What it boils down to is you can either:
- 1. Cover the data you want to redact with a black square or set of squares (which leaves you open to the copy/paste technique)
- 2. Replace the data you want to redact with black squares or [REDACTED] placeholder text
Obviously companies should be using the 2nd method.
Ignorance is no excuse.
Mary Mack recently posted her Top 10 e-Discovery Cases in 2008. This is an important read if you care about e-discovery.
Instant Messaging usage is growing relative to e-mail usage, and instant messages are discoverable for legal investigations, etc. Here’s a great quote from the article on Mary Mack’s blog over at the Discovery Resources website:
The State relied heavily on the IM messages between the Defendant and the child’s mother to prove their case. Based on the IM evidence and other circumstantial evidence, the jury “reasonably conclude[d] that Defendant had incited [the child’s mom] to use her daughter in a sexual performance . . . and/or to consent to her daughter’s participation in a sexual performance violation.”
There are currently a handful of vendor solutions who provide solutions in this area, Quest Policy Authority for Unified Communications, Symantec, and FaceTime.
Quest Software Policy Authority for Instant Messaging (OCS, Sametime, Jabber, etc.) Archiving, Compliance and DLP. Feb. 22, 2009.
Quest Software’s Policy Authority solution is an ideal solution for archiving, compliance and data leak protection (DLP) of Instant Messaging (IM) protocols including Office Communications Server 2007 R2, Lotus SameTime, Cisco Jabber, Reuters, Bloomberg, MSN, Yahoo, AOL and other IM protocols. Quest Policy Authority also supports archiving of BlackBerry PIN-to-PIN and BlackBerry call logs for compliance or tracking purposes. The solution is available in either software-only or appliance options, and is deployed in customers around the globe. In a manner of speaking, since MSN, Yahoo, AOL and BlackBerry all have Cloud Computing elements, Quest Policy Authority is an example of a customer-premises management solution being used to manage hybrid on-premises plus Software as a Service components.
Cloud computing brings new challenges to e-discovery, as suggested by this InformationWeek article.
Having data spread across various public and private clouds – including some virtual ones – will only increase the costs and complexity associated with e-discovery.
Great article on electronic document retention. Some great tips from the article:
Practical Considerations for Electronic Document Retention
1. Keep document retention policies simple.
2. Do not let people with laptops become amateur transcribers. Ensure employees only use their company-issued computers for work-related documents.
3. Be careful of all informal notes.
4. Limit notes and board minutes to agreed actions items.
5. Do not engage in debates via email.
6. Never email sensitive material.
7. Monitor what people say via email, instant messaging and blogging.
8. Consider banning instant messaging and blogging.
9. Be careful of mobile email and text messaging. PDAs, BlackBerrys and other smart phone devices now serve as another location of potentially sensitive information.
10. Be careful of attorney-client privilege, or lack of privilege, especially when working outside the U.S.
11. Be sensitive when in-house legal counsel has dual roles of attorney and manager. Be aware of effect on privileged communications.
12. Be careful of outside service providers or web-based hosts such as AOL, Yahoo, etc.
From an instant messaging (IM) perspective, Quest Software’s Policy Authority solution (software-only or appliance options available) is ideally suited for monitoring, archiving and controlling communications.
- “The investigation of Bernie Madoff may literally support a portion of the [e-discovery] market for the next couple of years” (quoting ESG sr. analyst Brian Babineau)
- “ESG has studied the value of e-discovery technologies and found that content archiving (e-mail, files, and so on) generates a fast payback because it centralizes data for easy identification and collection, and companies can also use it to enforce legal holds.”
Also mention of Procedo coming out of stealth mode … any-to-any data archive migration focus.
Bit of a black eye for Guidance Software. Too bad they couldn’t find what they were looking for on their own network … presumably they do better for their customers.
Great article on social networking sites … it always amazes me just how much I can discover about a person by Googling them for awhile. Scary.
This article suggests that e-discovery lawyers will need to turn their attention to social networking sites as part of their investigations.
- ▼ November (2)
- Golden, Bernard. The Case Against Cloud Computing....
- Thompson Reuters launches instant messaging hub. H...
- Conry-Murray, Andrew. IT and Legal Make A Great Te...
- Prince, Kevin. Top 9 IT Security Threats and Solut...
- McAllister, Neil. The 25 greatest blunders in tech...
- Kincaid, Jason. The AP Reveals Details of Facebook...
- Mack, Mary. Top 10 e-Discovery Cases in 2008. Disc...
- Basu, Tanya. Instant Messaging to Instant Jail. Di...
- Quest Software Policy Authority for Instant Messag...
- Smith, Roger. Sun Cloud CTO: "Your Data Center is ...
- CIO Today. Electronic Document Retention: What You...
- Shread, Paul. E-Discovery Thrives in Tough Times. ...
- Mintz, Jessica. Electronic Evidence Firm Grilled O...
- Wall, Ethan J. Social Networking Sites Look Like P...
- ► 2006 (41)
- ► 2005 (92)