Editor: Tell us about CaseCentral.
Thimot: CaseCentral is the leader in secure, cloud-based eDiscovery software for corporate counsel and law firms to simplify and take control of eDiscovery. We celebrated our 15th anniversary last March - when we started our business in 1994 email didn't exist as a mainstream business application and a big case had 200 boxes of paper documents or about 500,000 pages. Dial-up via AOL or Netscape was the first delivery mechanism, and a 28.8 bps modem was considered really fast.
Fast forward to 2010, and electronically stored information (ESI as it's now called and defined by the amended 2006 FRCP) accounts for over 95 percent of new information created, whether as emails, spreadsheets, word-processing documents or databases, and the Internet is used as a business-class backbone for just about any type of application you can imagine for most of the largest and most successful companies on the planet. CaseCentral's mission is to transform eDiscovery into what matters for our clients, and we do this by delivering eDiscovery capabilities from processing, ECA, analysis and review, to production via a private cloud that we call the eDiscovery Cloud.
Editor: Cloud computing was a big topic at the recent LegalTech New York event. What's your perspective on this?
Thimot: Before I jump into specifics, I think it is important to consider cloud computing from a high-level perspective. What we call cloud computing today is essentially the notion of utility-based computing power, like the way that you and I receive our electricity from the national grid, or our natural gas from the utility company or our water from the water company or our telephone service from the phone company. Today it would be thought absurd for each of us to consider running our own power generators, drilling for natural gas on our properties, digging water wells in our back yards or building and operating our own telephone exchanges in our basements.
In each of those examples, the service being delivered reached a crossover point where the number of people consuming the resource in question necessitated a centralized, less risky, less costly and more efficient delivery and consumption method. Cloud computing is the same thing - it is a less risky, less costly and more efficient delivery and consumption method for computing and application resources than purchasing, installing and maintaining on-premise software.
Editor: What about the concerns regarding privacy and security?
Thimot: I should define my terms. About a year ago, the electrical engineering and computer sciences department at the University of California at Berkeley published a paper titled, "Above the Clouds: A Berkeley View of Cloud Computing." It defined cloud computing as follows:
Cloud Computing refers to both the applications delivered as services over the Internet and the hardware and systems software in the datacenters that provide those services. The services themselves have long been referred to as Software as a Service (SaaS), so we use that term. The datacenter hardware and software is what we will call a Cloud. When a Cloud is made available in a pay-as-you-go manner to the public, we call it a Public Cloud; the service being sold is Utility Computing. Current examples of public Utility Computing include AmazonWeb Services, Google AppEngine, and Microsoft Azure. We use the term Private Cloud to refer to internal datacenters of a business or other organization that are not made available to the public. Thus, Cloud Computing is the sum of SaaS and Utility Computing, but does not normally include Private Clouds.
The most important point in this definition is that when considering cloud computing, one must consider not only the application being delivered, but also the hardware, systems, data centers and human capital necessary to deliver the application.
Editor: OK, so what about security and privacy and, equally important, control of the data?
Thimot: Security, privacy and control should be the concern of every attorney and litigation support person whether they are using a cloud computing-based application or an on-premise application. I would argue that an enterprise-class private cloud-delivered application provides far better security, privacy and control than the way that most corporations and law firms do it today. An example: let's say you are a mid-sized to large corporation and you receive a threat of a lawsuit. Of course you put a preservation hold on the custodian's data that you can reasonably expect will be impacted by this event. And then you collect what you think is the relevant data, electronic, paper or otherwise. At this point the vast majority of corporate counsel put this collected data on a CD, DVD, hard disk or USB drive and FedEx it to their outside counsel. And, if the matter is multi-jurisdictional or involves multiple outside counsel, the data is copied many times and sent via FedEx to the many outside counsel.
Let's freeze time for a moment: your proprietary and confidential data has just left the confines of your corporation without any security or privacy controls, potentially to multiple recipients who have varying levels of technological sophistication. What security and control do you think you have? On the other hand, if you were using an enterprise-class, cloud-based application, you would have loaded your proprietary and confidential data, via an encrypted file transfer, to your cloud-based eDiscovery application where it would be stored once, and you would set the access controls for one or all of your outside counsel to access this data. A cloud-based application seems like it provides better privacy, security and control to me.
Editor: But what if the system crashes or a disaster strikes?
Thimot: Certainly a crash or natural disaster can impact not only cloud computing providers, but also any corporate enterprise or law firm and, as such, one needs to be prepared. Many will remember the much-publicized news last October when Microsoft lost data for mobile Sidekick phone users. This disaster affected mighty Microsoft, and the reason was that there was no disaster recovery or backup plan. Not all cloud computing providers are equal - at CaseCentral, our Fortune 500 and Am Law 200 clients expect us to keep their data secure and available, and we were the first company to deliver enterprise-class eDiscovery disaster recovery (DR) in 2008 with a SAS-70, replicated datacenter and the first company to deliver enterprise-class business continuity planning (BCP). CaseCentral meets an industry-leading Recovery Point Objective (RPO) of 15 minutes for client data and review work product.
CaseCentral also subscribes to an aggressive and industry-leading Recovery Time Objective (RTO) of 90 minutes for client access to CaseCentral applications and systems - we provide a better SLA than the IT departments of some of our clients. Our datacenter facilities are enterprise-grade, and I believe only two companies in our market, one being CaseCentral, have made this kind of investment to safeguard client data. This is a question that every buyer should ask their application and service provider, and if the provider does not offer DR and BCP, you should look elsewhere.
Editor: Is cloud computing a good choice for any stage of the discovery process?
Thimot: I'd like to use the Electronic Discovery Reference Model (www.edrm.net) created by George Socha and Tom Gelbmann as the framework for my answer. The "left side" of the EDRM, which includes information management, identification, preservation and collection, typically makes sense to perform with on-premise software because that is typically where the custodians and data reside. An exception to this might be archiving and preservation, since some archives are maintained "in the cloud." The "right side" of the EDRM, which includes processing, analysis, review, production and presentation, typically makes sense to perform with cloud-based software. Why? Because at the point that you are doing analysis, review and production, you are often involving multiple resources in multiple locations both inside and outside your firewall and company.
A collaborative, cloud-based application is the best way to provide a centralized, secure environment for multiple, geographically dispersed parties if you want to store only one copy of your confidential data, if you want to control the eDiscovery business process, and if you do not want to petition your IT department to punch holes through your corporate firewall to allow outside parties directly onto your corporate network. For these reasons a recent Gartner, Inc., report, Predicts 2010: Regulatory Changes and Business Demands Will Drive the Long-Delayed Adoption of Legal Discovery Technology, published November 17, 2009, states, "Application service providers, software-as-a-service delivery models and cloud solutions will dominate the review and analysis phases of e-discovery."
Editor: I've been hearing a lot about bringing eDiscovery in-house. Doesn't that mean installing software on my corporate network?
Thimot: No, that's a misconception propagated by clever marketing. The vast majority of corporations and law firms who talk about bringing eDiscovery in-house are really thinking of defining and taking control of the processes by which they perform eDiscovery. As I stated earlier, if you are trying to define and take control of your eDiscovery processes for processing, analysis, review and production, then it is far more risk and cost-effective to bring eDiscovery in-house via the cloud.
Editor: You've mentioned both public and private clouds. What is the difference and why is this important?
Thimot: The difference between public and private clouds is very important for those performing eDiscovery. A public cloud uses shared hardware, software and applications that are available to the public. Examples include Amazon EC2 and AWS and Google Apps. This approach is very effective when used for consumer-based applications or business applications that do not have the same security and access control requirements or the level of scrutiny that eDiscovery has.
A private cloud, whether deployed by a company behind the firewall or deployed by a provider like CaseCentral, uses hardware, software and applications only for the subscribing users. A private cloud like CaseCentral's has many advantages over a public cloud for eDiscovery: With a public cloud you don't know where (including what country) your files are stored, and you don't know if you can really control document retention and destruction. And, as previously mentioned, you may not be receiving the level of disaster recovery and business continuity that is required. As a client, you need to know that you are completely in control of your data, and a private cloud is the only way to do that. It is for these reasons that CaseCentral invented its eDiscovery Cloud.
Editor: How do private clouds help save time and money?
Thimot: The adoption of cloud computing-based software continues to rapidly increase as corporations and law firms have awoken to utilizing reliable and proven cloud-based systems for eDiscovery to drastically reduce application deployment time and receive instant-on availability for new matters.
Initial cloud computing application deployment and ongoing maintenance costs are also proven to be much less than traditional on-premise software deployments. And, using the cloud provides virtually unlimited and elastic storage of data.
Equally important to these savings is the notion of predictability. When you subscribe to cloud-based applications you minimize or eliminate the expense spikes that are typical of deploying on-premise software, hardware and human capital. A recent example is CaseCentral's announcement of its eDiscovery Connector for Symantec Enterprise Vault Discovery Accelerator. The integration between these two solutions eliminates the need for IT and legal departments to manually export and upload large amounts of data for legal review and reclaims the days and weeks spent processing data. Clients using the new connector will bypass EDD processing fees for data moved into CaseCentral from Enterprise Vault and simplify the handoff process, removing risk by eliminating the opportunity for error. For some of our clients, this could mean saving millions of dollars per year on processing.
Published March 2, 2010.