SaaS And E-Discovery Dangers
Here's how to meet your legal obligations when your data lives in the cloud.
Download the entire Mar. 7, 2011 issue of InformationWeek, distributed in an all-digital format as part of our Green Initiative
(Registration required.)
We will plant a tree for each of the first 5,000 downloads.
SaaS and E-Discovery Dangers
Litigation may be the last thing on IT's mind as it evaluates software-as-a-service options for the enterprise. Unfortunately, litigation and e-discovery--the act of finding, preserving, and analyzing electronic information--are facts of life. If your company gets dragged into a lawsuit and relevant information is stored inside a provider's cloud, you need to know that information is available on demand.
That's why IT should add e-discovery criteria to its list of considerations when evaluating SaaS providers, particularly when looking at services such as hosted e-mail and e-mail archiving, PC and file-share backups, and other information sources that create a legal data trail. No company wants to find that a SaaS application it purchased to streamline operations suddenly has become a major hurdle to its e-discovery obligations.
Fortunately, many of the criteria, including storage and performance, that IT already uses to evaluate SaaS providers can be applied to e-discovery. However, there also are e-discovery-specific requirements that must be considered, such as fine-grained control over retention and disposition of data, and the ability to quickly retrieve information from the service provider's system.
We'll examine how e-discovery issues align with--and depart from--common SaaS requirements, and outline contractual issues SaaS buyers must consider to ensure they can meet their e-discovery obligations.
Beyond Storage
IT expects good service availability levels and robust, secure data storage capabilities from SaaS providers. Availability and storage also make sense for e-discovery. After all, for any company to conduct a thorough e-discovery exercise, it must have regular and reliable access to its data and be assured the provider is protecting that data.
But when it comes to e-discovery, IT should look beyond basic storage to consider more fine-grained controls over information stored in a provider's facilities.
That's because archive processes, data retention policies, and e-discovery form a virtual Gordian knot of entwined requirements and implementation details: Change one element and you invariably affect the other two. Nowhere is this more apparent than when storing data in the cloud, where a company's most carefully considered document retention strategy could be sabotaged by sloppy operational processes. When using SaaS, it's imperative that the provider be able to enforce your internal retention policies.
To read the rest of the article,
Download the March 2010 issue of InformationWeek
Navigating Complex Waters SaaS And E-Discovery
Become an InformationWeek Analytics subscriber and get our full report "SaaS And E-Discovery: Navigating Complex Waters."
This report includes 19 pages of action-oriented analysis illustrated with multiple charts. What you'll find: E-discovery requirements for SaaS apps Guidelines for SLAs and contracts An e-discovery primer for IT Get This And All Our Reports
About the Author(s)
You May Also Like
How to Amplify DevOps with DevSecOps
May 22, 2024Generative AI: Use Cases and Risks in 2024
May 29, 2024Smart Service Management
June 4, 2024