by Julie Lockner

Electronic discovery, also known as eDiscovery, by definition is the process in which electronically stored information is reviewed, processed and presented for the purposes of litigation or regulatory requests. Electronic information can be stored in databases as structured content, in emails or instant messages as semi-structured content, and in documents or files as unstructured content.

Depending on the type of litigation, eDiscovery may involve some or all types of content. The eDiscovery solutions available in the market focus predominantly on files, documents and eMail. While eDiscovery for databases is equally important, few vendors in the market support structured data as part of an overall comprehensive eDiscovery platform. The challenge posed to IT organizations is how to architect a solution in the data center that will meet all the legal requirements, support all data types, while keeping costs in check.

In order to comply with their discovery responsibilities, legal departments are working closely with IT organizations and technology vendors to find and implement a solution that meets these requirements.

An ideal solution has many characteristics: it preserves and destroys data based on policies; the preservation and destruction process is tamper-proof and complete; the desired information is presented quickly, accurately and efficiently; and all at a justifiable cost. In addition, the solution has to accommodate all data types across disparate sources and systems. The reality is that no one unified system exists in the market that addresses all of these requirements, at least none as of yet.

In order to achieve nirvana with eDiscovery, the required solution combines best practices in archive technology (classification, data migration and data preservation/destruction), search technology (index, discovery, and filtering) and case management (process control and workflow) that works across all data types.

In order to meet market demands, vendors of best-of-breed solutions and technologies are merging or partnering together. For example, Digital Rights Management (DRM) and eMail archiving software vendors are working with Write Once Read Many (WORM) media and Content Addressable Storage (CAS) vendors. WORM and CAS provide tamper-proof storage media. DRM applications add controls to who has access to data and how the content can be used. When integrated with a WORM device or CAS system, policies defined at the document level can be enforced by the WORM or CAS system. Email archiving software archives emails directly from the email servers before reaching the recipient, stored on WORM or CAS, again enforcing data retention and protection policies. Most DRM and eMail archiving applications include features such as a document and eMail metadata repository, full text indexing and search, classification policies, and workflow assisting in case management.

Case Management software vendors are partnering with archive and search vendors to reduce the amount of time it takes to retrieve specific content. Vendors who acquired Content Management and eMail archiving solutions are integrating these technologies leveraging a common metadata repository, addressing cost issues associated with maintaining silos of archived data.

Most eDiscovery applications in the market are focused on solving the challenges associated with files, documents and email. This is because there is a higher growth rate of unstructured data in the data center that is un-managed. More importantly, there are specific regulations on unstructured and semi-structured content that are driving new market requirements. Regulations exist for database data, but due to the technical differences between files and databases, policies are enforced differently. Today, none of the existing solutions for eDiscovery retrieve the information to a legal discovery request, when that information resides in a database.

In many cases, databases store the most highly sensitive and mission-critical information, such as financial data, patient records, clinical trial data, consumer credit card information, employee Social Security Numbers. The regulations that refer to data residing in database applications require process and audit controls to be in place that can be presented in a court of law proving that all necessary measures are being taken to either prevent tampering, or in the event something has been tampered with, prove that the event is traceable.

For information stored in databases, the ability to lock down information and control the usage is dependent on the database vendors' features and how the application built on top of the database deploys these controls. In addition, there are many vendors that provide database auditing solutions to meet regulations for process control. Examples of the types of database auditing solutions available include scraping database log files for changes, appliance-based network sniffing solutions that monitor database traffic, and daemons or agents installed on the database server to monitor specific tables for certain activities.

In cases where the legal discovery process includes information in a database, searching and retrieving the information is much simpler. Structured Query Language

(SQL) searches the database and returns sets of information exactly as specified in the query. However, to prove non-repudiation in a database requires that additional controls and measures are in place. Most production database technologies require that the data in the database is stored in an open file system. Meaning these files are open indefinitely for future insertions and deletions into the database. For these databases, using WORM media or CAS is not an option because these technologies require a closed file that is then either encrypted to prevent access or stamped with a hash algorithm to prove the file has not been modified. Encrypting the database at the file level is not a realistic solution because content inside the database file is constantly changing.

Some database vendors provide features that can lock down information at the table, row, and column level. Some examples include a read-only mode, encryption, and digital certificates. Because these features were designed to secure the information from unauthorized access, they may not be the best solution for proving non-repudiation due to potential application performance degradation. Audit controls need to complement these features to provide an audit trail of who accessed what data and when it was last modified.

Regulations are continually changing and updating. Corporations that are required to present information for litigation need to make sure investments they are making in vendors of eDiscovery technology can adapt to these changes. They should understand the vendor's roadmap for incorporating all data types and how policies can be modified as the regulations change. While selecting technology that solves eDiscovery needs today, customers should make sure to consider the big picture and that all data types are supported before making a commitment.

Julie Lockner is vice president of sales operations for Solix Technologies of Sunnyvale, Calif.

www.solix.com