eDiscovery for structured data.Electronic discovery, also known as eDiscovery, by definition is the process in which electronically stored information is reviewed, processed and presented for the purposes of litigation An action brought in court to enforce a particular right. The act or process of bringing a lawsuit in and of itself; a judicial contest; any dispute. When a person begins a civil lawsuit, the person enters into a process called litigation. or regulatory requests. Electronic information can be stored in databases as structured content, in emails or instant messages as semi-structured content, and in documents or files as unstructured content. Depending on the type of litigation, eDiscovery may involve some or all types of content. The eDiscovery solutions available in the market focus predominantly on files, documents and eMail. While eDiscovery for databases is equally important, few vendors in the market support structured data as part of an overall comprehensive eDiscovery platform. The challenge posed to IT organizations is how to architect a solution in the data center that will meet all the legal requirements, support all data types, while keeping costs in check. In order to comply with their discovery responsibilities, legal departments are working closely with IT organizations and technology vendors to find and implement a solution that meets these requirements. An ideal solution has many characteristics: it preserves and destroys data based on policies; the preservation and destruction process is tamper-proof and complete; the desired information is presented quickly, accurately and efficiently; and all at a justifiable jus·ti·fi·a·ble adj. Having sufficient grounds for justification; possible to justify: justifiable resentment. jus cost. In addition, the solution has to accommodate all data types across disparate sources and systems. The reality is that no one unified system exists in the market that addresses all of these requirements, at least none as of yet. [GRAPHIC OMITTED] In order to achieve nirvana nirvana (nērvä`nə), in Buddhism, Jainism, and Hinduism, a state of supreme liberation and bliss, contrasted to samsara or bondage in the repeating cycle of death and rebirth. with eDiscovery, the required solution combines best practices in archive technology (classification, data migration and data preservation/destruction), search technology (index, discovery, and filtering) and case management (process control and workflow) that works across all data types. In order to meet market demands, vendors of best-of-breed solutions and technologies are merging or partnering together. For example, Digital Rights Management (DRM (1) (Digital Radio Mondiale) A digital audio broadcasting (DAB) system for AM radio in Europe. See HD Radio. (2) (Digital Rights M ) and eMail archiving See e-mail archiving. software vendors are working with Write Once Read Many (WORM) media and Content Addressable Reachable. When something is addressable, it can be identified and manipulated independently of its surroundings. For example, screen pixels and RAM memory are addressable. Each of the screen's picture elements can be individually turned on and off, and each of the memory's bytes can be Storage (CAS) vendors. WORM and CAS provide tamper-proof storage media. DRM applications add controls to who has access to data and how the content can be used. When integrated with a WORM device or CAS system, policies defined at the document level can be enforced by the WORM or CAS system. Email archiving software archives emails directly from the email servers See mail server. before reaching the recipient, stored on WORM or CAS, again enforcing data retention and protection policies. Most DRM and eMail archiving applications include features such as a document and eMail metadata (1) (meta-data) Data that describes other data. The term may refer to detailed compilations such as data dictionaries and repositories that provide a substantial amount of information about each data element. repository, full text indexing and search, classification policies, and workflow assisting in case management. Case Management software vendors are partnering with archive and search vendors to reduce the amount of time it takes to retrieve specific content. Vendors who acquired Content Management and eMail archiving solutions are integrating these technologies leveraging a common metadata repository, addressing cost issues associated with maintaining silos of archived data. Most eDiscovery applications in the market are focused on solving the challenges associated with files, documents and email. This is because there is a higher growth rate of unstructured data Data that does not reside in fixed locations. Free-form text in a word processing document is a typical example. Contrast with structured data. See free-form database. in the data center that is unmanaged. More importantly, there are specific regulations on unstructured and semi-structured content that are driving new market requirements. Regulations exist for database data, but due to the technical differences between files and databases, policies are enforced differently. Today, none of the existing solutions for eDiscovery retrieve the information to a legal discovery request, when that information resides in a database. In many cases, databases store the most highly sensitive Adj. 1. highly sensitive - readily affected by various agents; "a highly sensitive explosive is easily exploded by a shock"; "a sensitive colloid is readily coagulated" and mission-critical information, such as financial data, patient records, clinical trial data, consumer credit card information, employee Social Security Numbers. The regulations that refer to data residing in database applications require process and audit controls to be in place that can be presented in a court of law proving that all necessary measures are being taken to either prevent tampering tampering The adulteration of a thing. See Drug tampering. , or in the event something has been tampered with, prove that the event is traceable. For information stored in databases, the ability to lock down information and control the usage is dependent on the database vendors' features and how the application built on top of the database deploys these controls. In addition, there are many vendors that provide database auditing solutions to meet regulations for process control. Examples of the types of database auditing solutions available include scraping (1) Extracting data from output intended for the screen or printer rather than from original files or databases. For example, Web pages formatted in HTML are often scraped. database log files for changes, appliance-based network sniffing sniff v. sniffed, sniff·ing, sniffs v.intr. 1. a. To inhale a short, audible breath through the nose, as in smelling something. b. To sniffle. 2. solutions that monitor database traffic, and daemons or agents installed on the database server to monitor specific tables for certain activities. In cases where the legal discovery process includes information in a database, searching and retrieving the information is much simpler. Structured Query Language See SQL. Structured Query Language - SQL (SQL SQL in full Structured Query Language. Computer programming language used for retrieving records or parts of records in databases and performing various calculations before displaying the results. ) searches the database and returns sets of information exactly as specified in the query. However, to prove non-repudiation in a database requires that additional controls and measures are in place. Most production database technologies require that the data in the database is stored in an open file system. Meaning these files are open indefinitely in·def·i·nite adj. Not definite, especially: a. Unclear; vague. b. Lacking precise limits: an indefinite leave of absence. c. for future insertions and deletions into the database. For these databases, using WORM media or CAS is not an option because these technologies require a closed file that is then either encrypted en·crypt tr.v. en·crypt·ed, en·crypt·ing, en·crypts 1. To put into code or cipher. 2. Computer Science to prevent access or stamped with a hash algorithm to prove the file has not been modified. Encrypting the database at the file level is not a realistic solution because content inside the database file is constantly changing. [GRAPHIC OMITTED] Some database vendors provide features that can lock down information at the table, row, and column level. Some examples include a read-only mode, encryption The reversible transformation of data from the original (the plaintext) to a difficult-to-interpret format (the ciphertext) as a mechanism for protecting its confidentiality, integrity and sometimes its authenticity. Encryption uses an encryption algorithm and one or more encryption keys. , and digital certificates. Because these features were designed to secure the information from unauthorized access, they may not be the best solution for proving non-repudiation due to potential application performance degradation. Audit controls need to complement these features to provide an audit trail of who accessed what data and when it was last modified. Regulations are continually changing and updating. Corporations that are required to present information for litigation need to make sure investments they are making in vendors of eDiscovery technology can adapt to these changes. They should understand the vendor's roadmap for incorporating all data types and how policies can be modified as the regulations change. While selecting technology that solves eDiscovery needs today, customers should make sure to consider the big picture and that all data types are supported before making a commitment. Julie Lockner is vice president of sales operations for Solix Technologies of Sunnyvale, Calif. www.solix.com |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion