Information governance Q&A

Our webinar last week on information governance went well and generated some interesting questions.  I didn’t get to answer all the questions on the call so I’ll take the opportunity to briefly answer some of them here, including some of the more interesting ones I did answer live.   Most of these topics were covered in much more detail in our recently published report on information governance, which also spawned the webinar. The full recorded webinar is also available online as well.

Q: Can you talk to any trends you see in terms of who in an organization is purchasing governance/e-discovery tools?

This is something covered in some detail in the report itself.  In general, there’s some difference in terms of purchasing between “governance” and “e-discovery.”  If the use case being addressed in a particular procurement process is specifically for reactive e-discovery – meaning, the ability to respond to a specific legal discovery request – then the process is likely to have heavy involvement from the legal department if not full ownership by that team with IT involvement.

Governance is generally broader and is likely to involve more underlying pieces of technology (e.g., archiving, records management, indexing tools for distributed data and e-discovery / early case assessment).  There’s certainly no single approach to governance and most organizations are in the earliest of stages in terms of putting in place some kind of broader governance strategy.  Procurement is still likely to be tied to more tactical requirements and the specifics of those requirements will dictate who’s involved (e.g., e-discovery is more likely to be run by legal, as noted above, while an email archiving decision is more likely to be led by IT with legal involvement).  Generally speaking, hashing out broader governance strategies may well involve IT (email management, storage, ECM and search folks), legal, compliance officers, records managers and security personnel, among others.

Q: What are your thoughts about how far right along EDRM the big ECM vendors will move?

So far, ECM vendors are focusing on the far left of the electronic discovery reference model (EDRM).  This has expanded in the last twelve months or so from a far more limited focus solely on the “information management” process step to greater capabilities for data identification, collection, preservation, and some review and analysis.  This is likely to continue, though I’d be surprised to see ECM vendors move beyond this.  Identification, collection and preservation will be key areas in the short term (EMC’s recent Kazeon buy is a good example of how ECM vendors will look to better handle distributed data).  Review and analysis capabilities are likely to remain in the area of early-case assessment, with the expectation that a winnowed-down set of data is still likely to be turned over to external counsel for further review and analysis. That’s likely to be where most ECM vendors stop, though not all; Autonomy, for example, plays specifically in the legal market as well with iManage and Discovery Mining.

Q: Can you explain a bit more what you mean by “litigation readiness”?   What processes does this cover?

I guess this is a phrase I use a lot when talking about information governance and perhaps I didn’t explain it well enough on the webinar.  Litigation readiness is really just one reason organizations are interested in information governance.  Poor information governance makes it difficult to respond efficiently and cost effectively to e-discovery.  There are a number of processes involved in better preparing for litigation, but ideally, organizations need to have some high-level understanding of what data exists, where it is and who has access to it.  That’s a whole lot easier said than done of course, particularly when you need to include data on desktops, laptops, shared file drives and so forth.  The processes generally need to encompass maintaining some kind of index of what resides on all those devices and how that data will be captured and secured if needed.  That needs to be combined of course with more formalized management of data in archives and records management systems, with some consistency in terms of retention and disposition policies (that are standardized and enforced) across sources.  Few organizations have a very good handle on this sort of thing across repositories and unmanaged devices today, but those that are more often involved in litigation are likely to be more litigation-ready.

Q: Is Information Governance of primary interest in the US or are companies in Europe also concerned? I.e. is there an opportunity for vendors beyond the US?

Information governance as it relates primarily to litigation readiness is of primary interest to those in the US and in parts of Europe that have similar discovery or disclosure requirements for electronic information.  In geographies that don’t yet have as strict requirements for electronic discovery, governance may still be an interest but may be for different reasons.  Compliance with specific regulations (e.g., privacy-related legislation) can be a concern, for example, as can IP protection or other types of security.   So there is certainly opportunity for vendors in specific markets, such as archiving, but the drivers might be different.

That’s probably enough for one blog post.  Again, those interested in the full webinar can find it here.

Let’s talk about info governance

This Thursday I’ll host a short webinar to discuss some of the findings from our recently-published report on the emerging Information Governance market.  This report looks at how archiving, records management and e-discovery technologies are coming together to help organizations get a better handle on internal data for litigation readiness and compliance purposes.

The webinar is free and open to anyone, so please feel free to join if you’re interested in this topic.

During the webinar, I’ll outline some of the trends we uncovered while doing our research for this report, look at the vendor landscape and M&A activity in this area, and briefly discuss some of the technologies that we think will be important in this sector moving forward.

Here’s the info and registration link:

The Rise of Information Governance webinar

Thursday, September 24, 2009

12:00 – 1:00 PM EDT

Register here

Recorded versions of our webcasts are available on our site a short while after the events are over.

Webinar follow-up

By way of follow-up, I wanted to answer the questions that I didn’t get to here, so that everyone can share. I haven’t answered absolutely every one here – I don’t have a figure for market growth rate, for example.

Q: Do law firms, enterprises, etc prefer choosing a service that is on-premise vs. SaaS? Why?

I answered this on the call, but it obviously varies depending on the size of the company involved, the amount of times they’ve done eDiscovery, whether they’re a law firm or not. Bear in mind that the early days of eDiscovery were dominated and to some extent still are – by services companies like Fios and Kroll Ontrack that provide outsources data processing. So the common FUD tactic used by on-premise vendors to knock SaaS, i.e. that customers won’t like their data leaving their premises and ending up on someone else’s server, doesn’t- or at least shouldn’t – really apply here. Sensitive data has been removed from organizations for eDiscovery purposes for more than a decade like that already.

The larger companies will, on the whole, still prefer eDiscovery to be handled in house in terms of the software they use, though you should remember they almost always engage outside counsel, and the two of them need to be working with compatible systems, so large organizations are starting to have purchasing influence over the technology used by law firms.

One key thing for vendors to remember is that if they’re selling their eDiscovery as something to be used in a reactive eDiscovery process which almost all of them are to one extent or another – it’s hard to sell a reactive product to the enterprise if it isn’t quick to deploy — and that’s where SaaS and appliance have an advantage.

Q: You mentioned IT organization not be capable of pulling together different apps…do you see this a benefiting ECM vendors re: single repository play or is a federation across the data stores more likely?

If ECM vendors can solve a problem of both the legal and IT department simultaneously then it obviously should be good for them. How they do that could be either way. Some of the larger vendors will go all out tp optimize their own repositories so that the full benefits of their particular eDiscovery offering can only be had by putting all the content in their repositories. But others are proving successful with ‘manage in place’ federation architectures too. It’s not a case of one or the other winning overall, we don’t think.

Q: The sector seems quite fragmented do you envision a lot of consolidation? Which vendors do you think could possibly be acquired and how should a buyer consider picking the right vendor?

A: We envisage some consolidation certainly, though a lot has already happened. I’m not going to name names on the blog, beyond what I said on the call, that among acquirers we would expect HP and Symantec to feature, though there are others mentioned in the report. There are also segments and companies mentioned as potential targets in the report too.

As for how a purchaser should pick a vendor – I’m assuming the questioner means in the light of potential consolidation – then you need to do some homework on the stage the company is at, the amount of investment its taken on and has left, profitability or otherwise, the history of the management and so on. At the end of the day, if it gets bought, it then depends which company it gets bought by; if it’s one that just grabs the customers, I’m sure competitors will be offering favorable deals to switch before the ink is dry on the deal.

Q: One of the companies I noticed was not mentioned in the presentation was H5? Is this a company that you follow? How is the business model of this firm different?

Yes, H5 is in the report. It does have a slightly different model from other software or service providers we’ve looked at in that it offers a combination of consulting services and automated review as an alternative to outside attorney review. Plus, it offers up-front scope model, rather than billable hours.

Q: How does eDiscovery tie into other Security tech like Log Managements, or storage of Emails, IM etc? Should eDiscovery be the central control point for Enterprise security?

This is a very interesting question. And one that I’ll deal with in a separate post soon. Watch this space.

Q: How important do you feel legal holds solutions are?

They’re an important part of the preservation stage of the EDRM, but technically not that hard ti implement. Autonomy and Recommind are two vendors that have recently introduced such a function into their eDiscovery offerings.

Q: How do you think demand for eDiscovery solutions will be impacted in tight IT spending environment?

There will be tension between eDiscovery as capital expenditure versus operational expenditure, as there always is, but obviously large scale cap ex spending is something all organizations are trying to avoid right now. It’s hard to see however how in highly litigious industries eDiscovery can be anything other than non-discretionary spending. There will be pricing pressure on some vendors and companies will do whatever they possible can to reduce data volumes if they’re still being charged by the gigabyte. That model will also be called into question by the largest customers.

Q: Could you comment on the kind of data that is fair game in a discovery process? for example, what about IMs or even data that is stored in the cloud like salesforce.com transactions?

A: Anything stored electronically is fair game in an eDiscovery process. With something like data in a Salesforce.com database that’s obviously a lot easier to extract than if some instant messaging systems, And if your organization relies on one of the free pubic IM tools, like AIM, then you could have great difficulty  retrieving it, unless the logs are stored locally on desktops, as it can be quite easily, with iChat on Macs, for example.

Q: Where can I get access to this presentation and report?

The report information is here and the presentation will be emailed to you – drop us a note at this address. The webinar will be available for download very soon too. I’ll put a link up here as soon as I have it.

Q: Why can’t I hear anything?

A: We got this question a few times. So I’d like to apologize and say thanks to all of your that persevered with our audio problems – we couldn’t get he webinar tool’s audio channel to work, despite it having worked perfectly in two prior run-throughs. I have much more sympathy than before now for vendors doing live demos – I feel your pain

eDiscovery Webinar tomorrow

I have been somewhat remiss in promoting this, but I’m presenting a webinar tomorrow, Wednesday about our recently published report on eDiscovery and eDisclosure.

We’ll be going over some of the key findings of the report including our mapping of vendors to stages in the EDRM process.

Registration is here.

Date: January 28, 2009

Time: 9am PT / 12pm ET / 5pm UK

More information on the report itself is here and you can buy it as a one-off report here.

Upcoming webinar on social software adoption

I’ll be doing a short webinar next week covering some of the high-level data we gathered in a survey on social software. The survey is the basis of a new report, The New Social Order, that looks at early adoption trends in social software, drivers for adoption and some early trends in vendor preferences.

The webinar will review:

  • Survey data on the state of adoption of social software
  • The types of initiatives for which organizations are using blogs, wikis, social networking, and social tagging and bookmarking tools
  • How adoption of social networking technologies in the enterprise is further blurring the line between consumer and corporate technologies
  • Vendor preferences of enterprise users for social software.

Webinar will take place on Wednesday the 6th of February from 12:00 to 12:30pm EDT.

Click here to register