Got Your Head Up In the Clouds? Additional Concerns Over Cloud Computing

In her January 11, 2010 post about Cloud Computing, Chris Meer exposed three important considerations when evaluating whether or not to manage critical e-discovery data in the Cloud:  1) the level and quality of your Cloud service provider’s Internet security model; 2) the ability to access your e-discovery data and documents on a 24/7 basis if needed; and 3) the subsequent finely crafted contractual and working relationship with your Cloud service provider that is absolutely required in order to facilitate that access.

A very prestigious e-discovery panel led by Deborah Baron and featuring Jason R. Baron, Browning E. Marean, Wayne Matus, Karla Wehbe and Brian Weiss (sitting in for George Tziahanas) discussed this fascinating and timely topic last month at LegalTech New York 2010.  During the session, Wayne Matus offered an official checklist of concerns to be published in the near future, likely through The Sedona Conference.  He echoed Chris’s concerns above, along with highlighting the following additional considerations:   

3) Is there a mechanism to implement a litigation hold across the e-discovery data stored  in your Cloud infrastructure, and if so, how accurate is it (i.e. will it catch all relevant documents) and how fast and easy is it from a user standpoint to apply the Hold?  Is the audit trail reporting easy to understand?

4) Pursuant to FRCP 34(a)(1), should you be asked or required to engage in ESI sampling, what are your plans for responding from within your Cloud?  Even more fundamentally, what are your file format export options for exporting your data, and how difficult or costly might this process be?  Will you be able to meet your production format obligations from the Cloud?

5) Knowing that even the most sophisticated search engines do not yet possess the ability to search simultaneously across all data stores in a single Cloud (due in part to the multiple versus single database indexes involved), how will you manage ED searching from within the Cloud, and how efficient or painful will that searching process be?

6) If required, is metadata preserved throughout the lifecycle of e-discovery data transferred into and out of your Cloud?

7) Will international privacy laws apply to the data, and, if so, what impact will they have on the security and protection of your confidential and privileged data?

8) Is your Cloud service provider sub-contracting various components of the data management and delivery to third parties, and if so, how robust is their security model? 

While the significant cost-savings associated with managing data in the Cloud are admittedly both attractive and greatly needed, I urge you to watch your local weather channel closely and be well informed about any and all impending storm clouds before deciding to migrate your organization’s critical business data into the Cloud.