The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/411912
WWW.ILTANET.ORG 89 by Scott M. Giordano, Esq. of Exterro, Inc. Debunking Security and Privacy Concerns of Cloud-Hosted E-Discovery Cloud computing offers legal organizations the opportunity to leverage computing services rapidly and cost effectively while alleviating concerns about ESI security, privacy and portability. However, cloud-hosted e-discovery is associated with several unwarranted security and data privacy myths. Myth: Soware installed behind the firewall is more secure than systems hosted in the cloud. Cloud computing must meet stringent security and auditing standards to be competitive; for global clients, it must also adhere to multinational standards. Key standards for advanced cloud providers like Amazon Web Services, applicable both to on-premise and cloud computing, include the ISO/IEC 27000 series (or ISO 27k), which addresses security management and controls, and Service Organization Controls (SOC) , which address security control auditing. Cloud providers isolate e-discovery soware installations using subnets — collections of computing devices separated by firewalls — and typically also use an encrypted tunnel between an e-discovery application and the client's network. Such isolation creates a secure end-to-end connection. Myth: Electronically stored information (ESI) is safer stored onsite than in the cloud. If both e-discovery soware and ESI are hosted in the cloud, even by different providers, an encrypted tunnel provides the same end-to-end security as that of a connection within a client's network. Myth: The risk to ESI privacy is higher given the use of commingled systems. Cloud computing relies on multi-tenancy, in which multiple tenants (clients) share computing resources. Virtualization techniques make electronic copies of hardware as needed, creating economies of scale. To mitigate the risk of someone else accessing an organization's ESI, cloud providers use isolation techniques that separate the ESI of many tenants while eliminating the danger of accidentally accessing ESI from different tenants. For example, virtual local area networks (VLANs) can ensure each client gets its own network. Tenants can also be provided their own virtualized instances, or copies, of e-discovery soware. For even greater security, each tenant can put in place its own schema, or container, for storing ESI. Myth: Once ESI goes into the cloud, getting it out is all but impossible. Early cloud computing providers typically used proprietary ESI storage formats, leaving in doubt what form the ESI would be in upon retrieval and whether e-discovery soware could ingest it for document review. Today's separate schema approach addresses data accessibility by creating an isolated container that interacts with the e-discovery soware as if it were stored behind the client's firewall.