Is Your Most Sensitive Data the Most Dangerously Exposed?


By Bill Tolson, Vice President of Marketing, Archive360 (

Why today’s legal department is likely the most dangerously exposed area of your organization, and must reexamine and update its data storage policies.

Over the past 10 years, corporate eDiscovery data storage procedures have progressed…  a bit….

Years ago, it was not uncommon to receive an email from my employer’s corporate legal department indicating that they wanted me to search my files, email, etc… including local and online data repositories, for potentially relevant content in response to an eDiscovery request, or sometimes, it was in anticipation of a pending legal concern.  In either case, the relevant content would be set aside, until required/requested.  Funny…  I don’t recall any follow-on instructions releasing me from those data hold instructions.

Later, the trend shifted towards my employers’ directing me to email potentially relevant files to a general legal email holding account, or drag-n-drop files to a legal department file share.  In those cases, I was always surprised to see the huge data sets, going back many years, still sitting there without proper access controls (in some cases, I was able to look through the data sets).

More recently, as I became more deeply entrenched in the corporate legal eDiscovery industry, I found that the majority of companies still didn’t have policies on how/when to dispose of old eDiscovery data sets, and consequently, these legal department file shares just kept growing.  And even more concerning – the security around these continuously growing data stores correspondingly lacked an official policy, and were oftentimes left dangerously exposed.

Legal Department Data Security

Today, many organizations are facing issues around the security of their legal department file shares.  Most have only basic levels of security, with little to no access controls, regardless of the fact that highly sensitive corporate and/or personal employee data is being stored for long periods of time, if not indefinitely.  Unfortunately, this isn’t news to cyber-criminals and hackers, making these legal department data stores a prime target.  To combat this growing problem, legal departments must update the way they store, manage and protect this eDiscovery data.

Step number one of this process is to fully understand your organization’s internal governance policies, IT policies (SLAs, etc…), and external compliance regulations.  Next, budget must be a consideration and fully understood.  This will provide the foundation on which all future data storage decisions will be based.

Public Cloud Storage – A More Secure and Affordable Option?

The next critical decision an organization must address is the question of where to store the data – onsite, in the cloud, or in a hybrid scenario (the homework already discussed in the previous paragraph may help make this decision for you).  Years ago, many C-level executives worried that the cloud may be insecure, and in-turn, prevented the storage of corporate data anywhere but onsite.  Today, it is well-understood by most that many of the public cloud vendors can actually deliver greater security than can be achieved in-house, among other key features like:

  • Multi-matter case management
  • Access controls
  • Encryption
  • Document review
  • Custom tagging
  • Retention disposition
  • Granular and bulk legal hold
  • Custom indexing and search
  • Chain of custody reporting
  • External counsel access
  • Data export in choice of formats

Great!  But, the cost…  A new study from the Thomson Reuters Legal Tracker LDO Index stated that corporate legal departments are now looking to reduce, or at least better control their legal spend by adopting a variety of cost cutting approaches including a greater focus on legal operations, effective cost controls on outside counsel, and a greater use of technology to reduce legal costs.  So, if the public cloud can offer better security, as well as improvements across a number of other areas, it must therefore be outrageously expensive.  In fact, the opposite is true.

With the actual fully-loaded costs of on premise storage reaching between $0.20 and $0.30 per GB per month, and the cost of secure cloud storage at just $0.01 and $0.10 per GB per month (depending on the performance level chosen), there are few cases where the cloud doesn’t make financial sense for legal storage. In fact, eDiscovery results sets do not require a high performance disk, so cloud-based archival “cool” storage priced between $0.01 and $0.05 per GB per month is all that’s needed – typically delivering savings of 83% to 95% over on premise file share storage costs.  At this level of savings, a public cloud solution will also allow your corporate legal team to retain eDiscovery data sets for longer periods of time, for reasons of work product reuse in related cases, among other reasons.

Last and absolutely not least…  In your move to a public cloud, don’t forget about the actual move.  A critical factor for whether you look back on this endeavor with pride or growl in frustration, is the solution you use to actually manage the migration of your data from the old storage system(s) to the cloud.  Further, pick a solution that is designed specifically for legal, compliance and long-term data management.  Make sure the solution doesn’t involve your handing over your data to someone else (you are doing this to increase security, after all).  And, the solution should enable your sensitive data to be held in your public cloud vendor subscription, leveraging encryption keys, in its native format, so you never have to pay a ransom to get it back out.

So, if eliminating the headaches and stress from your legal/eDiscovery data storage, while increasing capabilities and lowering costs is your goal – then the public cloud is likely the solution for your legal department.

About the author:

Bill Tolson, Vice President of Marketing, Archive360 (

Bill Tolson has more than 25 years of experience with multinational corporations and technology start-ups, including 15-plus years in the archiving, ECM, information governance, regulations compliance and legal eDiscovery markets. Prior to joining Archive360, Bill held leadership positions at Actiance, Recommind, Hewlett Packard, Iron Mountain, Mimosa Systems, and StorageTek.  Bill is a much sought and frequent speaker at legal, regulatory compliance and information governance industry events and has authored numerous articles and blogs. Bill is the author of two eBooks: “The Know IT All’s Guide to eDiscovery” and “The Bartenders Guide to eDiscovery.” He is also the author of the book “Cloud Archiving for Dummies” and co-author of the book “Email Archiving for Dummies.” Bill holds a Bachelor of Science degree in Business Management from California State University Dominguez Hills.



Your e-mail address will not be published.
Required fields are marked*