The cloud
    can drastically reduce the costs of storing information and implementing
    applications and is, therefore, a hot topic. However, it is also a
    controversial one. The cloud, as a term, is used as if there is a common
    understanding of what it means. The National Institute of Standards and
    Technology (NIST)
    defines cloud computing as "a model for enabling ubiquitous,
    convenient, on-demand network access to a shared pool of configurable computing
    resources (e.g., networks, servers, storage, applications and services) that
    can be rapidly provisioned and released with minimal management effort or
    service provider interaction." These characteristics add
    up to huge potential benefits for customers. Resource pooling across multiple
    clients brings economies of scale that lead to lower costs. Elasticity lets
    customers scale up without having to add internal IT resources.


    Just because the cloud is a hot topic and seems to be
    gaining traction, however, does not necessarily mean that it has achieved
    mainstream usage in corporations. eDJ Group, a market research and consulting firm focused on information
    governance and e-discovery requirements, has found that while the cloud is gaining mindshare, official
    usage is evolving slowly. This gives companies the opportunity to get ahead of
    the curve on how to conduct eDiscovery on these new sources and types of
    information.


    eDJ's "The Cloud And
    eDiscovery"
    survey, conducted throughout November and December
    of 2011, found that only 26.2% of respondents have adopted cloud-based storage
    of enterprise information, while another 18% did not know. Over half of the respondents have not yet adopted cloud-based,
    proactive information storage.








    This does not mean that cloud-based storage for
    information will not become dominant; it simply means that, pragmatically,
    companies have to prioritize e-discovery efforts around the information sources
    currently in use. If moving to the cloud over time, e-discovery should be part
    of the strategic plan. In the meantime, initiatives must be focused on where
    the information lives right now.


    In addition, while the use of software as a service
    (SaaS) for applications like customer
    relationship management
    (CRM) (e.g., Salesforce.com) and bookkeeping (e.g., Quicken) feels pervasive, half of the respondents indicate that
    they are not using SaaS tools for these kinds of applications. Just over 25% of
    respondents indicated that they are using SaaS applications for enterprise
    processes. As such, these sources of information must be part of the e-discovery
    plan.







    It is clear that usage of the cloud will grow. In
    fact, even President Obama has called for the US Government to begin
    investigating a move to managing digital records in the cloud. President Obama's order calls on
    government agencies to
    "improve the management of existing and ongoing records
    — including emails and social media communications. Their plans should include
    the use of cloud-based services or storage systems for digital recordkeeping." When government agencies begin
    adopting technologies and practices, it is common for corporate America to
    follow along or at least get over some of the concerns about those solutions; in the case of the cloud
    and social media, the primary concerns are security, privacy and control of the
    information.


    In addition to the cloud usage simply becoming more commonplace,
    there is another reason to address these data sources in e-discovery — case law
    is emerging that says companies have to. There may not be an overwhelming amount
    of case law pertaining to the cloud, but one important case to note is "IN RE NTL, INC. SECURITIES
    LITIGATION; GORDON PARTNERS, et al., Plaintiffs, -against- GEORGE S. BLUMENTHAL,
    et al., Defendants." The main idea in this case is that if a company has "access to documents to conduct business, it has possession, custody or control
    of documents for the purposes of discovery." One
    of the keys to the cloud is ubiquitous access to information, essentially putting companies on the hook to be
    responsible about e-discovery of that information.


    A decade ago, the e-discovery focus was
    around a challenging data source known as email. Companies adopted email so
    quickly that e-discovery was never correctly planned for; discovery
    capabilities were built in after the fact. Many painful lessons were learned,
    and yet, the possibility of repeating those mistakes is very real when it comes
    to information in the cloud and social media. For the eDJ survey respondents,
    e-discovery is very much an afterthought as companies evolve into using these
    data sources more and more. Less than
    16%
    of respondents put an e-discovery plan into place before moving data to
    the cloud.








    The maturity level is rising, though. At present, 22.8% of respondents
    have put an e-discovery plan in place, while another 19.8% are working on a
    plan currently. One must hope that
    companies have learned from the past and can avoid the same mistakes.


    Getting information stored in the cloud under control
    for e-discovery is imperative. Best practices are just beginning to emerge and
    the good news is that companies have the opportunity to get ahead of the curve
    in ways they were not able to do with data like email. The key is to treat cloud-based sources of data like any
    other data source
    — include it in data maps, have a plan for collecting and
    preserving it, know how to manage the chain of custody and understand when to
    dispose of the data so that it poses no e-discovery risk.


    For any company beginning to plan for e-discovery of
    cloud-based information, it is important to work closely with vendors of
    cloud-based services. In order to reduce risk, organizations storing data in the
    cloud should work out the e-discovery details before rolling out the solution.
    eDJ's survey respondents do not tend to know what their cloud vendor's policy
    for responding to clients' e-discovery needs is — more than 71% do not
    currently know.


    In addition, while planning for e-discovery and the cloud,
    companies must remember to account for on-premise information as well. While
    the long-term trend is that cloud computing will gain more and more traction, in
    the short-term, e-discovery professionals need tools for collection and
    preservation of content where it lives now — and the location of data now is
    very much on-premise. According to eDJ's
    survey results, the dominant places that users store data today is on their
    local machines or network file shares.








    The saying goes that those
    that don't learn from history repeat it. Companies that don't want the e-discovery
    nightmares of the last decade, with time wasted and dollars spent corralling
    information from distributed and hard-to-access information sources, should
    ensure the same fate does not wait in the cloud. Turning a blind eye to the
    issue — as many companies are doing now — does not make it go away. Legal teams
    continue to get smarter regarding conducting discovery; it is a good bet that
    lawyers will target cloud-based sources of information in the hopes of catching
    the opponent off guard and unprepared.




    BARRY MURPHY is a co-founder of eDJ Group, Inc., which offers unbiased information and pragmatic advice based on years of experience and proven industry best practices for e-discovery professionals, and a thought leader in information governance,
    e-discovery, records management and content archiving. Previously, Mr. Murphy was director of Product Marketing at Mimosa Systems, a leading content
    archiving and e-discovery software. He joined Mimosa after a highly
    successful stint as principal analyst for e-discovery, records management and content
    archiving at Forrester Research. For more, visit www.edjgroupinc.com.