Tag Archives: Distributed discovery

August 27, 2024 · 10:36 AM

Addressing Critical Information Governance Challenges from Departing Employees

By John Patzakis and Chas Meier

When employees leave an organization, they often leave behind a significant amount of valuable information. This poses major information governance challenges, as companies must decide how to manage litigation holds and retain essential data assets.

A common response to this challenge is to retain departed employees’ laptops, hard drives, or keep their Microsoft 365 or Google Workspace accounts active. However, this approach is both expensive and inefficient. Another often-used method is creating a full disk image of the laptop for archiving. While this preserves data, it is a slow and cumbersome process that can require vast amounts of storage, sometimes reaching petabytes, which becomes both costly and unwieldy. Neither approach offers the ability to gain insights from the data, nor do they allow for intelligent and targeted data extraction, making it difficult to leverage these data assets effectively or comply with legal and regulatory requirements.

To address these challenges, X1 has developed a game-changing workflow utilizing our X1 Enterprise Platform, offering a streamlined and cost-effective solution. With our platform, organizations can process hundreds of laptops and Microsoft 365 accounts in a single day. Leveraging X1’s unique and patented in-place indexing technology, data extraction becomes highly targeted, allowing for efficient responses to litigation holds. This means that each litigation scenario can have a tailored search applied across all relevant data sources simultaneously, enabling precise data extraction.

For example, one company with over two dozen active litigation holds has employed X1’s solution, allowing them to save detailed keyword search routines crafted by their counsel. These searches can be quickly and programmatically applied not only to data on specific laptops but also to archived PSTs and associated Microsoft 365 accounts. Once the targeted data is extracted, the company repurposes the laptops for new employees, resulting in significant cost savings—estimated to be in the millions—and a reduction in storage requirements.

Beyond managing litigation holds, another core benefit of X1’s solution is its ability to extract key data assets from departed employees to retain within the company’s knowledge base. This capability is especially valuable for law firms, consulting firms, and organizations that rely heavily on high-end knowledge professionals. For instance, one law firm uses X1’s workflow to rapidly search large, archived PST files from departed attorneys to identify and separate key data related to ongoing matters. This ensures that crucial information remains accessible to the firm or is appropriately transferred to the attorney’s new firm. Additionally, vital legal and business insights from retained documents and emails are quickly mined and reviewed, enhancing the firm’s overall knowledge management.

Client Example:
Overview: A major pharmaceutical retailer uses X1 within Relativity to perform 50 data collections weekly, covering both Mac and PC environments. The system allows them to repurpose laptops from departed employees within days instead of months, leading to substantial savings.
Integration: The company eliminated the need for traditional eDiscovery tools to remediate laptops, opting instead for X1’s more efficient approach.
Time and Cost Savings: This shift has saved the company millions by:
1. Reducing the reliance on costly traditional eDiscovery tools.
2. Minimizing the risk and cost associated with retaining unnecessary data.
3. Reintroducing millions of dollars’ worth of computer equipment back into circulation.
4. Completing these processes in one-tenth the time it would have traditionally taken, vastly improving operational efficiency.

Conclusion:
In today’s fast-paced and data-driven world, organizations face numerous challenges when it comes to managing and retaining data from departed employees. Traditional methods, such as retaining physical devices or creating full disk images, are not only costly and time-consuming but also fail to provide the flexibility and insight needed to effectively manage information assets. X1’s innovative solutions, particularly its patented in-place indexing technology, offer a modern, scalable, and efficient alternative. By enabling targeted data extraction, streamlining the process for litigation holds, and supporting knowledge retention, X1 empowers organizations to manage data governance with precision and agility.

For companies navigating complex data environments, especially those utilizing BYOD policies, X1 Enterprise Platform ensures compliance while protecting privacy. By implementing X1’s advanced platform, organizations can not only reduce costs and save valuable time but also gain a strategic advantage in managing their information governance needs. We invite you to explore how X1 can transform your data management processes and help you stay ahead in the ever-evolving digital landscape.

Leave a comment

Filed under Uncategorized

Tagged as , , , , , , , , , ,

June 25, 2024 · 11:28 AM

X1 Achieves Unmatched Throughput and Results in Several Recent M365 eDiscovery and Information Governance Engagements

By John Patzakis and Chas Meier

As discussed previously on this blog, X1 and our active enterprise customers believe X1 Enterprise Collect is the best solution available to address M365 data sources as well as on-premises sources such as laptops and file shares. In recent weeks, our customers and partners have executed several projects on a massive scale and have captured and documented X1’s performance metrics.

No other solution in the industry can index data across the enterprise as fast or as scalable as the X1 Enterprise platform, including Microsoft Purview Premium. When compared to Microsoft Purview, with its built-in architectural constraints and throttling limitations, X1 can index nearly eight times the daily volume of Purview or any other competitive “connector” technology can achieve in the market. X1’s distributed index-in-place methodology, combined with horizontal scaling of our index hosts, make X1 the only solution truly capable of handling the rapid indexing, identification, searching and collecting/remediation of mass data sets in the TB’s or PB’s across the modern enterprise. X1 effectively addresses cloud and on-premises data sources in a unified manner, including distributed endpoints, network file shares, M365 data sources including Mail, OneDrive, Teams, and SharePoint, as well as other cloud data sources.

In several recent large-scale eDiscovery and information governance projects, X1 Enterprise Collect, on average, was able to collect and index M365 data (MS Mail [including archived mail and modern attachments] Teams, One Drive and SharePoint) at a rate of approximately 350 GB per day. This is nearly 8 times faster than Microsoft Purview, with its documented throughput limitations at 2GB per hour. X1 can achieve even faster throughput by scaling out virtual cloud computing resources.

Daily indexing volumes for endpoints and on-premises file shares vary due to the performance characteristics of each machine, but X1 indexes and searches endpoints in parallel yielding extremely high aggregate daily indexing and collection throughput.

Detailed documentation on these metrics and a further briefing on these engagements can be provided upon request.

X1 achieves such scalability through a decentralized approach that does not rely on the M365 or Purview search Index, which has known issues with the number of file types supported, consistency of search results, accuracy, and throughput. X1’s approach enables a very scalable, accurate, defensible, and robust indexing and data collection at unmatched speeds.

In addition to greatly reducing risk, X1’s capabilities also enable massive cost savings. X1 Enterprise Collect significantly streamlines the eDiscovery workflow by bringing targeted collection results directly into the review platform, thereby eliminating over collection, over processing, and over importing just to cull. X1 will populate ESI (Electronically Stored Information) straight into Relativity from an X1 collection without multiple hand offs, extensive project management and inefficient data processing.

The ability to collect data directly and transparently from custodian laptops, desktops, M365 and other cloud sources into a RelativityOne/Relativity workspace is a game-changer that enables legal and compliance teams to begin review in hours rather than weeks. As facts become known and collection focus changes, X1 allows teams to pivot and respond in hours. With the ability to efficiently take multiple bites of the apple, X1 enables teams to start fast and stay agile.

For a demonstration of the X1 Enterprise Collect Platform, contact us at sales@x1.com. For more details on this innovative solution, please visit www.x1.com/x1-enterprise-collect-platform.

Leave a comment

Filed under Best Practices, Cloud Data, Corporations, ECA, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, ESI, Information Governance, MS Teams, OneDrive, Preservation & Collection, SharePoint

Tagged as , , , , , , , , , , ,

June 15, 2017 · 8:22 AM

eDiscovery Tech Can Effectively Address Key Cybersecurity Requirements

Organizations spent an estimated 122.45 billion USD in 2016 on cybersecurity defense solutions and services, in a never-ending effort to procure better firewalls, anti-malware tools, and intrusion detection and prevention systems to keep hackers out of their networks. However, recent industry studies clearly demonstrate that threats posed by insiders (whether through malice or negligent conduct) dwarf those from the outside.

In fact, industry experts assert that employees are inadvertently causing corporate data breaches and leaks daily. The Ponemon Institute recently surveyed hundreds of companies in its 2016 Cost of Data Breach Study.  Among 874 incidents, the survey revealed that 568 were caused by employee or contractor negligence; 191 by malicious insiders and only 85 incidents purely attributed to outsiders.

An insider is any individual who has authorized access to corporate networks, systems or data.  This may include employees, contractors, or others with permission to access an organizations’ systems. With the increased volume of data and increased sophistication and determination of attackers looking to exploit unwitting and even recruit malicious insiders, businesses are more susceptible to insider threats than ever before.

The most serious and often devastating cybersecurity incidents are usually related to “spear phishing” attacks, which are comprised of targeted and often highly customized electronic communications sent to specific individuals in a business that appear to come from a trusted individual or business. The targeted insider is often tricked into disclosing their passwords, providing highly sensitive information, or installing malware on their computer. These attacks tend to be successful because they are so customized and are designed to evade traditional cybersecurity defenses.

Much of the evidence and other indications of spear phishing and malicious insider incidents are not found in firewall logs and typically cannot be flagged or blocked by intrusion detection or intrusion prevention systems. Instead, much of that information is found in the emails and locally stored documents of end users spread throughout the enterprise. To detect, identify and effectively respond to insider threats, organizations need to be able to search across this data in an effective and scalable manner. Additionally, proactive search efforts can identify potential security violations such as misplaced sensitive IP, or personal customer data or even password “cheat sheets” stored in local documents.

To date, organizations have employed limited technical approaches to try and identify unstructured distributed data stored across the enterprise, enduring many struggles. For instance, forensic software agent-based crawling methods are commonly attempted but cause repeated high user computer resource utilization for each search initiated and network bandwidth limitations are being pushed to the limits rendering this approach ineffective. So being able to search and audit across at least several hundred distributed end points in a repeatable and quick fashion is effectively impossible under this approach.

What has always been needed is gaining immediate visibility into unstructured distributed data across the enterprise, through the ability to search and report across several thousand endpoints and other unstructured data sources, and return results within minutes instead of days or weeks. None of the traditional approaches come close to meeting this requirement. This requirement, however, can be met by the latest innovations in enterprise eDiscovery software.

X1 Distributed Discovery (X1DD) represents a unique approach, by enabling enterprises to quickly and easily search across multiple distributed endpoints from a central location.  Legal, cybersecurity, and compliance teams can easily perform unified complex searches across both unstructured content and metadata, obtaining statistical insight into the data in minutes, instead of days or weeks. With X1DD, organizations can proactively or reactively search for confidential data leakage and also keyword signatures of customized spear phishing attacks. Built on our award-winning and patented X1 Search technology, X1DD is the first product to offer true and massively scalable distributed searching that is executed in its entirety on the end-node computers for data audits across an organization. This game-changing capability vastly reduces costs and quickens response times while greatly mitigating risk and disruption to operations.

X1DD operates on-demand where your data currently resides — on desktops, laptops, servers, or even the Cloud — without disruption to business operations and without requiring extensive or complex hardware configurations.

Beyond providing enterprise eDiscovery and information governance functionality for an organization, employees benefit from having use of the award-winning X1 Search product to improve their productivity, with the added benefit of allowing the business to address the prevalent cybersecurity gap in addressing spear phishing attacks and other insider threats.

 

Leave a comment

Filed under compliance, Cybersecurity, eDiscovery, eDiscovery & Compliance

Tagged as , , ,

July 21, 2016 · 8:29 AM

Recent Court Decisions, Key Industry Report Reveal Broken eDiscovery Collection Processes

 

While the eDiscovery industry has seen notable advancements and gained efficiencies in widespread adoption of hosted document review and supporting technologies, the same is not yet true for the collection and preservation of Electronically Stored Information (ESI). Leading industry research firm Gartner notes in a recent Market Guide report that eDiscovery collection and preservation process “especially when involving device collection, can be intrusive, time consuming and costly..”  And some recent court decisions imposing sanctions on corporate litigants who failed to meet their ESI preservation obligations are symptomatic of these pain points.

Earlier this year, a Magistrate judge imposed spoliation sanctions for destruction of ESI in a commercial dispute, where the Plaintiff made no effort to preserve such emails — even after it sent a letter to the defendant threatening litigation. (Matthew Enter., Inc. v. Chrysler Grp. LLC, 2016 WL 2957133 (N.D. Cal. May 23, 2016). The court, finding that the defendant suffered substantial prejudice by the loss of potentially relevant ESI, imposed severe evidentiary sanctions under Rule 37(e)(1), including allowing the defense to use the fact of spoliation to rebut testimony from the plaintiff’s witnesses. The court also awarded reasonable attorney’s fees incurred by the defendant in bringing the motion.  And in another case this year,  Internmatch v. Nxtbigthing, LLC, 2016 WL 491483 (N.D. Cal. Feb. 8, 2016), a U.S. District Court imposed similar sanctions based upon the corporate defendant’s suspect preservation efforts.

In her June 30, 2016 “Market Guide for E-Discovery Solutions,” Gartner eDiscovery analyst Jie Zhang notes that “searching across multiple and hybrid data repositories becomes more onerous and leads to overinvestment.” Given that most enterprises’ retention policy efforts are often unenforced or immature, there is often a glut of content to search through. Accordingly, almost every e-discovery request is different and often time pressured, as IT typically handles e-discovery requests in an ad hoc manner.” As such, Jie observes that “In order to guarantee data identification and collection quality, IT tends to err on the side of being overly inclusive in data preservation approach. This could result in too much legal hold or preservation. For example, it is not rare for an organization to put all mailboxes on legal hold or put them on legal hold over time (due to multiple holds and never-released holds). Being put on hold not only adds to IT management overhead and prime storage cost, but also makes any archive or records management difficult.”

The common theme between the cited cases and Zhang’s analysis is a perceived infeasibility of systemized and efficient enterprise eDiscovery collection process, causing legal and IT executives to wring their hands over the resulting disruption and expense of ESI collection. In some situations, the corporate litigant opts to roll the dice with non-compliance — a clearly misguided and faulty cost benefit analysis.

What is needed is an effective, scalable and systemized ESI collection process that makes enterprise eDiscovery collection much more feasible. More advanced enterprise class technology, such as X1 Distributed Discovery, can accomplish system-wide searches that are narrowly tailored to collect only potentially relevant information in a legally defensible manner. This process is better, faster and dramatically less expensive than other methods currently employed.

With X1 Distributed Discovery (X1DD), parties can perform targeted search and collection of the ESI of thousands of endpoints over the internal network without disrupting operations. The search results are returned in minutes, not weeks, and thus can be highly granular and iterative, based upon multiple keywords, date ranges, file types, or other parameters. This approach typically reduces the eDiscovery collection and processing costs by at least one order of magnitude (90%), thereby bringing much needed feasibility to enterprise-wide eDiscovery collection that can save organizations millions while improving compliance.

1 Comment

Filed under eDiscovery

Tagged as , , , , ,

May 19, 2016 · 8:43 AM

Changing the Game for Rule 26(f) Meet and Confer Efforts with Pre-Collection Early Data Assessment

One of the most important provisions of the Federal Rules of Civil Procedure that impact eDiscovery is Rule 26(f), which requires the parties’ counsel to “meet and confer” in Meet and Conferadvance of the pre-trial scheduling conference on key discovery matters, including the preservation, disclosure and exchange of potentially relevant electronically stored information (ESI).  With the risks and costs associated with eDiscovery, this early meeting of counsel is a critically important means to manage and control the cost of eDiscovery, and to prevent the failure to preserve relevant ESI.

A key authority on the Rule 26(f) eDiscovery topics to be addressed is the “Suggested Protocol for Discovery of Electronically Stored Information,” provided by Magistrate Judge Paul W. Grimm and his joint bar-court committee. Under Section 8 of the Model Protocol, the topics to be discussed at the Rule 26(f) conference include: “Search methodologies for retrieving or reviewing ESI such as identification of the systems to be searched;” and “the use of key word searches, with an agreement on the words or terms to be searched” and “limitations on the time frame of ESI to be searched; limitations on the fields or document types to be searched.”

However, Rule 26(f) conferences occur early on in the litigation, typically within weeks of the case’s filing. As such, attorneys representing enterprises are essentially flying blind at this pre-collection stage, without any real visibility into the potentially relevant ESI across an organization. This is especially true in regard to unstructured, distributed data, which is invariably the majority of ESI that is ultimately collected in a given matter.

Ideally, an effective early data assessment (EDA) capability can enable counsel to set reasonable discovery limits and ultimately process, host, review and produce less ESI.  Counsel can further use EDA to gather key information, develop a litigation budget, and better manage litigation deadlines. EDA also can foster cooperation and proportionality in discovery by informing the parties early in the process about where relevant ESI is located and what ESI is significant to the case.

The problem is any keyword protocols are mostly guesswork at the early stage of litigation, as under current eDiscovery practices, the costly and time consuming step of actual data collection must occur before pre-processing EDA can take place. When you hear eDiscovery practitioners talk about EDA, they are invariably speaking of a post-collection, pre-review process. But without requisite pre-collection visibility into distributed ESI, counsel typically resort to directing broad collection efforts, resulting in much greater costs, burden and delays.

What is clearly needed is the ability to perform pre-collection early data assessment, instead of EDA after the costly, time consuming and disruptive collection phase.  X1 Distributed Discovery (X1DD) offers a game-changing new approach to the traditional eDiscovery model.  X1DD enables enterprises to quickly and easily search across thousands of distributed endpoints from a central location.  This allows organizations to easily perform unified complex searches across content, metadata, or both and obtain full results in minutes, enabling true pre-collection EDA with live keyword analysis and distributed processing and collection in parallel at the custodian level. This dramatically shortens the identification/collection process by weeks if not months, curtails processing and review costs from not over-collecting data, and provides confidence to the legal team with a highly transparent, consistent and systemized process.

A recent webinar featuring Duff & Phelps Managing Director and 20-year eDiscovery and computer forensics veteran Erik Laykin included a live demonstration of X1DD searching across 20 distributed endpoints in a manner of seconds. In reaction to this demonstration, Laykin commented “the ability to instantaneously search for keywords across the enterprise for a small or large group of custodians is in its own right a killer application. This particular feature gives you instantaneous answers to one of the key questions folks have been wrestling with for quite some time.”

You can now view a recording of last month’s webinar: eDiscovery Collection: Existing Challenges and a Game Changing Solution, which features an overview of the existing broken state of enterprise eDiscovery collection, culminating with a demonstration of X1 Distributed Discovery. The recorded demo will help illustrate how pre-collection EDA can greatly strengthen counsel’s approach to eDiscovery collection and meet and confer processes.

Leave a comment

Filed under eDiscovery, Preservation & Collection

Tagged as , , , , , ,