Monthly Archives: July 2016

More Data Vendors Means More Data Risk, says EMC

More Data Vendors Means More Data Risk, says EMC

The future is hard to predict, and a new survey by EMC shows that the IT industry is ill-equipped to take on the challenge. According to the Global Data Protection Index, a survey of 2,200 IT professionals and decision makers across 18 countries, businesses are not prepared to tackle the emerging road blocks of data security.More Data Vendors Means More Data Risk, says EMC

Key statistics from the report include:

  • 18 percent of survey respondents predicted that their organization’s data security infrastructure could support future business challenges.
  • 10 percent said the opposite—their organizations were unprepared to handle emerging issues.
  • 34 percent admitted that their organizations could handle “some” future challenges.

The report also detailed the costs associated with unplanned system downtime. On average, a business can expect to lose $550,000 and 22 hours of employee labor during each down period. In addition, the losses compound as more data vendors are involved—businesses with four or more data vendors had to wait an average of 37 hours before all processes were restored.

Complex Data Environments

Why do multiple vendors make things so complicated? According to Michael Wilke, EMC senior director of marketing, Core Technologies, it all comes back to data. He explained that each vendor has its own strategies for deploying solutions and data protection, and as the number of vendors increases, the data environment becomes less transparent and harder to manage.

“Monitoring complex data protection environments becomes extremely difficult, making failed backups harder to detect and rectify,” he said.

Moreover, these backups are necessary for data security—EMC’s report found that hardware failure was the biggest cause of unplanned system downtime, followed by power loss, software failure, and external breaches. As EMC revealed, this downtime can significantly affect a businesses’ productivity and financial security, making it essential that organizations relying on multiple vendors have security solutions in place.

The Cloud Solution

Despite how unprepared many businesses seem, all hope isn’t lost. According to the research, cloud technology was a common and well-regarded solution for data protection. Of those surveyed, the majority utilized cloud recovery in some form:

  • 45 percent used cloud services for archiving and long-term data retention.
  • 33 percent used cloud services as a mobile device backup.
  • 21 percent relied on cloud technology for disaster recovery.

Though most businesses these days rely on the versatility of multiple data vendors, this flexibility comes at a cost. Each data vendor involved places the organization at greater liability. Moving forward, Businesses need to understand the risks inherent to sharing sensitive information, even with reputable data vendors, and try to prevent downtime, create backups, and utilize cloud storage should a problem occur.

Dean Van Dyke iBridge LLC

Written by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

iBridge Newsletter10 Legal eBook CTA

Why We Need to Redefine eDiscovery and Information Governance

Why We Need to Redefine eDiscovery and Information Governance

The relationship between information governance and eDiscovery has been poorly defined in the legal world. Typically, legal firms view eDiscovery as a byproduct of forcible legal action; an individual process only addressed when a party “legally anticipates litigation.”

However, the mindset of viewing eDiscovery in a bubble separate from information governance costs businesses big in the way of inefficiency, over-collection, and disjointed organizational goals.

Defining the Relationship

Past models, such as the EDRM model, have been used to define the relationship between eDiscovery and information governance. EDRM represents information governance as a discipline that feeds into the eDiscovery process—a feature inherently misaligned with the mission of information governance.

The more recent IGRM model comes closer by including legal, compliance, IT, and business perspectives in the equation, but fails to show the full life cycle of information governance and its relationship to eDiscovery. Joining the two by presenting IGRM as the “other half” of the EDRM coin provides a clearer picture of process complexities, but still falls short by depicting eDiscovery as a natural progression of information life cycle.

Big Data Information Life Cycles

To truly define the relationship between information governance and eDiscovery, businesses must use technology to make sense of the noise and offer a clearer view of data life cycles. Organizations must first use this technology to help distinguish which data is transient and which data is necessary for business decision-making.

Why We Need to Redefine eDiscovery and Information Governance

Fortunately, data analytics and machine learning technology have progressed far enough to enhance efficiency of information governance processes, including categorization, improving access to data, and supporting data destruction under retention policies.

These analytic reviews should begin early in the information life cycle. As soon as information is created or received, analytics can automatically classify documents into categories based on content and prepare them for future analytic processing, even at scale. However, analytic technology alone can’t solve every business’s information woes. Analytics can’t be applied en masse to random data sets; processes for applying technology must be efficient and scalable to remain financially viable.

Above all, the long-term impacts of these analytics tools must be assessed, both on the business and individual user levels. Data security and privacy should remain a priority throughout these processes too—sacrificing security for the sake of efficiency is not a viable solution. With new models being devised and new technologies to apply, legal firms are in a good position to tackle the broader problem facing discovery: how to define the relationship between information governance and discovery in a way that leads to better efficiency throughout the data life cycle.

Dean Van Dyke iBridge LLC

Written by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

iBridge Newsletter10 Legal eBook CTA

Data Security or Data Privacy? The Challenges of Regulating Personal Data

Data Security or Data Privacy? The Challenges of Regulating Personal Data

Data is a company’s greatest asset, but it can also be an Achilles’ heel when regulatory compliance isn’t met.

Though policies for data security are rising due to the increased prevalence of cybercrime, laws dictating how companies can control user data are less regulated. Policies surrounding data privacy have traditionally been under-prioritized, with many legal firms not understanding the distinctions between data security and data privacy. Matters are compounded further when regional variances in data policy come into play.

Defining Data

How data is handled depends on how it is defined—law denotes a distinction between what is considered “sensitive” data and “personal” data.

Personal data is defined as any information that can identify an individual directly or indirectly. Sensitive information is a subset of personal data, defined as information that can only be taken and collected locally if mandated by law. Personal data is more tightly regulated and the focus of most privacy legislature.

Privacy Regulations

Keeping compliant with personal data privacy regulations becomes a significant challenge when international business enters the picture. Legal requirements protect personal data from being collected, used, processed, shared, or transferred in specific global and regional jurisdictions.

Data Security or Data Privacy? The Challenges of Regulating Personal Data

“…If you run legal operations of a company in the U.S., it does not mean you have the right to access data in a foreign jurisdiction.” Said Sheila Fitzpatrick, data privacy expert working with the US government and council of the European Union.

The problem stems from the complexity of data management in each region—local jurisdictions have their own laws that must be adhered to, no matter where the business is conducted. According to Fitzpatrick, transparency is key:

“You need to collect data that you absolutely have to have to run the business … you need to understand what you are using that data for. You need to be very clear about why you are collecting that data and what you plan to do with that data. There is no implied consent.”

Data privacy is subject to several other unique regulations too, chief among them the “Right to be Forgotten” mandate. Part of this legislation denotes how companies have an eventual legal obligation to delete user data unless it has a legal hold protecting it.

Although data security is well-established, data privacy is still undervalued in the legal world. The increasing globalization of e-discovery and the legal world will require more regulations concerning cross-border e-discovery, data ownership, and how to ensure both information security and data privacy for all users.

Dean Van Dyke iBridge LLC

Written by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

iBridge Newsletter10 Legal eBook CTA

Breach Management: The Value of Outsourcing Data Security

Breach Management: The Value of Outsourcing Data Security

According to most legal firms, managing cybersecurity is not a problem.

This mindset, unfortunately, is a much bigger problem.

A Law Department Operations (LDO) survey conducted by LegalTech news in 2015 found that only seven percent of respondents believed their law firms’ cybersecurity strategies could not protect their organization’s data. The consensus was that established cybersecurity policies were enough to handle possible breaches, despite reports from the FBI in 2011 that identified law firms as major targets of cybercrime.Breach Management: The Value of Outsourcing Data Security

One of the survey respondents even laughed at the lack of caution shown by his/her fellow LDOs: “Not only will big law firms be breached, but they have already been breached. They are just not talking about it.”

With cybercrime on the rise and many legal firms feeling overconfident about their cybersecurity policies, how can law firms be sure that they are keeping data safe?

Outsourcing Data Security

If the first step of correcting a problem admits that the problem exists, then legal firms must acknowledge their weaknesses in the areas of cybersecurity and data control. Legal firms are not experts in data security, despite the valuable information sent through legal servers each day. This makes most firms ill-equipped to handle cybersecurity on their own.

Big companies may have dedicated IT security teams, but not all firms enjoy this benefit. If a business lacks in-house expertise, working with third-party security professionals may be necessary. However, not just any security provider will do the trick—the data security team chosen should be able to handle a wide range of issues:

  • Compliance with federal guidelines for data security
  • Hardware security, including desktop computers, cloud storage, external hard drives, and server infrastructure
  • Software security, including updating versions, patching known vulnerabilities, and maintaining malware protection
  • Big data management by way of identifying redundancies, controlling user access to sensitive data, and creating incident response plans

All other considerations aside, there are three primary things to look for when selecting a cybersecurity service provider:

  1. A firm’s ability to monitor a system in real-time to recognize breaches before they happen,
  2. The ability to stop attempting breaches from occurring,
  3. Response strategies in place if a breach occurs.

Firms that have established protocols in these three areas will have a comprehensive system for detecting and responding to cybercrime. In addition, with hackers developing new strategies for data theft every day, legal firms, do not have a second to waste in getting their data security frameworks up and running.

Dean Van Dyke iBridge LLC

Written by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

iBridge Newsletter10 Legal eBook CTA