active risk management through ediscovery and … confidential—internal use only 1 active risk...
TRANSCRIPT
1EMC CONFIDENTIAL—INTERNAL USE ONLY
Active Risk Management through eDiscovery and Information Governance
2EMC CONFIDENTIAL—INTERNAL USE ONLY
Consulting/Implementation Best Practices
RSA Archer eGRC Management Platform
EMC eGRC Strategy
Business Continuity
Management
Information Governance
eGRC Business Solutions
Security Management
4EMC CONFIDENTIAL—INTERNAL USE ONLY
Exponential growth in regulations combined with content growth…
How can organizations interpret/comply with new regulations, audit and report their efforts and stay profitable at the same time?
MoReq CRFB - France
FDA 21 CFR Part II
Sarbanes-Oxley Act
USA Patriot Act
Federal Rules of Civil Procedure
State Regulations
SEC 17a-3, 17a-4
NASD Rules 3010/3110
Gramm, Leach , Bliley Act
SEC Regulation S-P
Privacy Laws and Regulations
ISO 15489-2
21 CFR Part 11
DoD 5015.2
eSign Act
HIPAA
Freedom Of Information Act
FERC Part 125
5EMC CONFIDENTIAL—INTERNAL USE ONLY
Are you still using your email system as a filing cabinet?
Source: Osterman 2010
Users considering themselves “pack rats”
when using email for <120 minutes a day
Users considering themselves “pack rats”
when using email for >120 minutes a day
Business Reality
6EMC CONFIDENTIAL—INTERNAL USE ONLY
0% 5% 10% 15% 20% 25% 30% 35%
Managing emails as records
Dealing with the content chaos in our file-share
Implementing a dedicated ERM system
Agreeing on a corp. classification scheme/fileplan
E-Discovery
Setting agreed corporate retention policies
Long term archive
Enterprise search
Back-conversion of existing paper records
Implementing records management in SharePoint
Managing high-volume application-created records
Integration of multiple repositories
Implementing Manage-in-Place
Managing social media content
Moving to a SaaS or Cloud model
Outsourcing email management
Outsourcing electronic records management
Top Enterprise Records Management Projects“What would you say are the TWO most important ERM issues or current projects for you right now?”
AIIM Survey, N = 550
7EMC CONFIDENTIAL—INTERNAL USE ONLY
Business Reality
Source: IDC 2009
Organizations are committed or will consider
SharePoint for their business
Respondents needed to either customize or buy third-party products to allow SharePoint
to meet their needs
Source: AIIM Market Intelligence Report on SharePoint 2010
8EMC CONFIDENTIAL—INTERNAL USE ONLY
What Policies are we Using to Govern SharePoint?
AIIM Industry Watch: “SharePoint Strategies and Experiences,” July 2010
9EMC CONFIDENTIAL—INTERNAL USE ONLY
Reduce the volume of documents produced =
Reduce the overall cost and risk of eDiscovery
$1.5MAVERAGE COSTPER INCIDENT
$34MAVERAGE ANNUAL
LEGAL COSTS
89%OF COMPANIES
FACE LITIGATION
$24M+COST TO REVIEW
1 TB OF INFO
10EMC CONFIDENTIAL—INTERNAL USE ONLY
A NewOpportunity
Contracts
proposals
orders
Is Information an Asset or a Liability?
Models`
specs
Your LatestInnovation
Your NextLawsuit
memos
RECORDSresearch
11EMC CONFIDENTIAL—INTERNAL USE ONLY
• Skyrocketing costs of collecting information
• Too much dependence on 3rd party solution providers
• Inability to consistently apply and enforce policy on electronically stored information
• High risk and sanctions
• Ubiquitous nature of litigations and internal investigations/audit
• Gap between Legal and IT
Business Challenge: eDiscovery
12EMC CONFIDENTIAL—INTERNAL USE ONLY
Business Challenge: Records and Retention Management
• The process of manually searching through vast sums of content, identifying them as records, and processing them does not scale
• Organizations do not have the resources to keep up with the huge volumes of content
13EMC CONFIDENTIAL—INTERNAL USE ONLY
Business Challenge: Uncontrolled Content Growth
• “Ungoverned” information growing in Microsoft SharePoint, Microsoft Exchange, Lotus Notes and File Shares
• How much is there?
• What is its business value?
• What is it costing us?
• What do we take on the journey to the cloud?
• What is private and confidential ?
16EMC CONFIDENTIAL—INTERNAL USE ONLY
Simplify eDiscovery
Repeatable and streamlined
Early Case Assessment
Enhanced responsiveness that reduces costs
…. Shifts from reactive to proactive
17EMC CONFIDENTIAL—INTERNAL USE ONLY
EMC SourceOne eDiscovery -Kazeon
Respond cost-effectively to eDiscovery requests
Implement a repeatable business process that minimizes eDiscovery and compliance costs
Roll out an accurate and defensible eDiscovery process with complete audit and chain of custody
18EMC CONFIDENTIAL—INTERNAL USE ONLY
Manual eDiscovery cannot keep up with litigation
Poor accuracy and timeliness in meeting requests
Impossible to gather information from globally-distributed sites
EMC SourceOne eDiscovery – Kazeon
Business Drivers
19EMC CONFIDENTIAL—INTERNAL USE ONLY
Results Established automated, repeatable eDiscovery processes
Cut down time-to-response
Thwarted risks and costs of fines
Reduced cost, increased control through in-house eDiscovery
“With EMC’s end-to-end solution, we can conduct early case assessments and internal investigations quickly, accurately and efficiently.”
Trey Cook, IT ManagerSecurity & eDiscovery
Shaw Group
EMC SourceOne eDiscovery – Kazeon
20EMC CONFIDENTIAL—INTERNAL USE ONLY
Manage Risk
Enable litigation readiness
Meet regulatory obligations
Comply with corporate policies
…Ensures consistent retention management
21EMC CONFIDENTIAL—INTERNAL USE ONLY
Time- and event-based retention and disposition
Retention tied to workflows and business processes
Manage physical, electronic and federated records
Provides certified records management
EMC Documentum Records Management
22EMC CONFIDENTIAL—INTERNAL USE ONLY
Use case:Electronic and physical records management of local government documents
Created a central repository for physical and electronic records
Implemented an automated classification and records filing system based on metadata
Provided bulk import of physical box and folder records
EMC Documentum Records Management
23EMC CONFIDENTIAL—INTERNAL USE ONLY
Cut Costs
Effectively manage key applications (SharePoint, email, file systems)
Reduce storage costs up to 50%
Improve application performance up to 60% or more
Eliminate personal archives
…. Preserves seamless user experience
24EMC CONFIDENTIAL—INTERNAL USE ONLY
EMC SourceOne for
Reduce storage requirements by as much as 50% and improve backup operations
Improve performance & scalability by up to 60% and more
Accelerate upgrades and migrations
Consistently apply and enforce retention and disposition policies
Centralize administration; preserve user experience
MSFT SharePoint File Systems Email Management
25EMC CONFIDENTIAL—INTERNAL USE ONLY
Target & classify
Compress content
Index content
Single instance
SharePoint
Messages and PSTs
Windows File Servers
Organize by retention policy
Store in centrally administered
archive
Managing Inactive Content with EMC SourceOne
26EMC CONFIDENTIAL—INTERNAL USE ONLY
Matter identification with secure matter management
Comprehensive collection and preservation
Defensible processing, analysis, and review
Flexible export
EMC SourceOne Discovery Manager
27EMC CONFIDENTIAL—INTERNAL USE ONLY
Council wanted unified approach to information management
Storage cost out of control
Unmanageable SAN storage
File server issues included PST proliferation
Compliance considerations and FOIA requirements for file retention
EMC SourceOne Email ManagementEMC SourceOne for File Systems
Business Drivers
28EMC CONFIDENTIAL—INTERNAL USE ONLY
Eliminated the need for mailbox quotas and PSTs
Reduced document retrieval time from two weeks to a matter of minutes
Released 50% storage capacity for mail system and file system
End user retrieval of data, freeing up valuable IT resources
“EMC has enabled us to take a unified approach to our storage. By archiving our email and office documents into a centralized repository, we can easily manage and search for documents to meet FOIA compliance.”
Carl MoretonEnterprise System Project Analyst
Northampton Borough Council
EMC SourceOne Email ManagementEMC SourceOne for File Systems
Results
29EMC CONFIDENTIAL—INTERNAL USE ONLY
A unique GRC solution that focuses on the legal, regulatory, and audit compliance processes
Minimize risk by providing interdepartmental communications, information and reports
Roll out an accurate and defensible eDiscovery process with complete audit and chain of custody
“Legal GRC”EMC SourceOne eDiscovery + RSA Archer
30EMC CONFIDENTIAL—INTERNAL USE ONLY
Holistic and Modular Information Governance
Content is managed as a record, given retention classes and ownership privileges
3
Content “in the wild” is identified for risk/business value and targeted for archiving and/or disposition
1
Email, files and SharePoint content is indexed, compressed and moved to EMC SourceOne on archive/enhanced storage layer
2
Litigation occurs. Content is identified, culled, reviewed and placed on legal hold in anticipation of court proceedings
4
By combining data from financial and Info Gov sources RSA Archer informs key executives , about the estimated risk associated with litigation in terms of volume of matters, budget and exposure (fines & judgments)
5
36EMC CONFIDENTIAL—INTERNAL USE ONLY
Summary
• eGRC requires a holistic approach spanning multiple technologies and consulting
• Information governance is a foundational element of eGRC that results in organizations gaining visibility, simplifying eDiscovery, managing risk and reducing costs
• Organizations can take a modular approach to eGRC in general and Information Governance in particular with EMC SourceOne
37EMC CONFIDENTIAL—INTERNAL USE ONLY
Next Step and Resources
• Round Table Discussion on Privacy - Back in General Session room
• eDiscovery for Dummies
• Privacy Survey
• eGRC White Paper
• Ovum Research