The cloud
can drastically reduce the costs of storing information and implementing
applications and is, therefore, a hot topic. However, it is also a
controversial one. The cloud, as a term, is used as if there is a common
understanding of what it means. The National Institute of Standards and
Technology (NIST) defines cloud computing as "a model for enabling ubiquitous,
convenient, on-demand network access to a shared pool of configurable computing
resources (e.g., networks, servers, storage, applications and services) that
can be rapidly provisioned and released with minimal management effort or
service provider interaction." These characteristics add
up to huge potential benefits for customers. Resource pooling across multiple
clients brings economies of scale that lead to lower costs. Elasticity lets
customers scale up without having to add internal IT resources.

Just because the cloud is a hot topic and seems to be
gaining traction, however, does not necessarily mean that it has achieved
mainstream usage in corporations. eDJ Group, a market research and consulting firm focused on information
governance and e-discovery requirements, has found that while the cloud is gaining mindshare, official
usage is evolving slowly. This gives companies the opportunity to get ahead of
the curve on how to conduct eDiscovery on these new sources and types of
information.

eDJ's "The Cloud And
eDiscovery" survey, conducted throughout November and December
of 2011, found that only 26.2% of respondents have adopted cloud-based storage
of enterprise information, while another 18% did not know. Over half of the respondents have not yet adopted cloud-based,
proactive information storage.

This does not mean that cloud-based storage for
information will not become dominant; it simply means that, pragmatically,
companies have to prioritize e-discovery efforts around the information sources
currently in use. If moving to the cloud over time, e-discovery should be part
of the strategic plan. In the meantime, initiatives must be focused on where
the information lives right now.

In addition, while the use of software as a service
(SaaS) for applications like customer
relationship management
(CRM) (e.g., Salesforce.com) and bookkeeping (e.g., Quicken) feels pervasive, half of the respondents indicate that
they are not using SaaS tools for these kinds of applications. Just over 25% of
respondents indicated that they are using SaaS applications for enterprise
processes. As such, these sources of information must be part of the e-discovery
plan.

It is clear that usage of the cloud will grow. In
fact, even President Obama has called for the US Government to begin
investigating a move to managing digital records in the cloud. President Obama's order calls on
government agencies to "improve the management of existing and ongoing records
— including emails and social media communications. Their plans should include
the use of cloud-based services or storage systems for digital recordkeeping." When government agencies begin
adopting technologies and practices, it is common for corporate America to
follow along or at least get over some of the concerns about those solutions; in the case of the cloud
and social media, the primary concerns are security, privacy and control of the
information.

In addition to the cloud usage simply becoming more commonplace,
there is another reason to address these data sources in e-discovery — case law
is emerging that says companies have to. There may not be an overwhelming amount
of case law pertaining to the cloud, but one important case to note is "IN RE NTL, INC. SECURITIES
LITIGATION; GORDON PARTNERS, et al., Plaintiffs, -against- GEORGE S. BLUMENTHAL,
et al., Defendants." The main idea in this case is that if a company has "access to documents to conduct business, it has possession, custody or control
of documents for the purposes of discovery." One
of the keys to the cloud is ubiquitous access to information, essentially putting companies on the hook to be
responsible about e-discovery of that information.

A decade ago, the e-discovery focus was
around a challenging data source known as email. Companies adopted email so
quickly that e-discovery was never correctly planned for; discovery
capabilities were built in after the fact. Many painful lessons were learned,
and yet, the possibility of repeating those mistakes is very real when it comes
to information in the cloud and social media. For the eDJ survey respondents,
e-discovery is very much an afterthought as companies evolve into using these
data sources more and more. Less than
16% of respondents put an e-discovery plan into place before moving data to
the cloud.

---

The maturity level is rising, though. At present, 22.8% of respondents
have put an e-discovery plan in place, while another 19.8% are working on a
plan currently. One must hope that
companies have learned from the past and can avoid the same mistakes.

Getting information stored in the cloud under control
for e-discovery is imperative. Best practices are just beginning to emerge and
the good news is that companies have the opportunity to get ahead of the curve
in ways they were not able to do with data like email. The key is to treat cloud-based sources of data like any
other data source — include it in data maps, have a plan for collecting and
preserving it, know how to manage the chain of custody and understand when to
dispose of the data so that it poses no e-discovery risk.

For any company beginning to plan for e-discovery of
cloud-based information, it is important to work closely with vendors of
cloud-based services. In order to reduce risk, organizations storing data in the
cloud should work out the e-discovery details before rolling out the solution.
eDJ's survey respondents do not tend to know what their cloud vendor's policy
for responding to clients' e-discovery needs is — more than 71% do not
currently know.

In addition, while planning for e-discovery and the cloud,
companies must remember to account for on-premise information as well. While
the long-term trend is that cloud computing will gain more and more traction, in
the short-term, e-discovery professionals need tools for collection and
preservation of content where it lives now — and the location of data now is
very much on-premise. According to eDJ's
survey results, the dominant places that users store data today is on their
local machines or network file shares.

---

---

The saying goes that those
that don't learn from history repeat it. Companies that don't want the e-discovery
nightmares of the last decade, with time wasted and dollars spent corralling
information from distributed and hard-to-access information sources, should
ensure the same fate does not wait in the cloud. Turning a blind eye to the
issue — as many companies are doing now — does not make it go away. Legal teams
continue to get smarter regarding conducting discovery; it is a good bet that
lawyers will target cloud-based sources of information in the hopes of catching
the opponent off guard and unprepared.

---

BARRY MURPHY is a co-founder of eDJ Group, Inc., which offers unbiased information and pragmatic advice based on years of experience and proven industry best practices for e-discovery professionals, and a thought leader in information governance,
e-discovery, records management and content archiving. Previously, Mr. Murphy was director of Product Marketing at Mimosa Systems, a leading content
archiving and e-discovery software. He joined Mimosa after a highly
successful stint as principal analyst for e-discovery, records management and content
archiving at Forrester Research. For more, visit www.edjgroupinc.com.