Benefits of using Microsoft's eDiscovery for non-Office 365 data sources

Issued by Cloud Essentials
Johannesburg, Mar 5, 2019

When it comes to eDiscovery, most discussions tend to focus on the right-hand side of the eDiscovery Reference Model (EDRM); the review, production and presentation processes that legal teams typically perform with the help of heavy-duty, dedicated review tools such as Relativity, Logicull and EDT.

What people seem to forget, however, is that no matter how great your review tools are, you're never going to get the results you need if you don't have the right set of data to work with in the first place.

That's where the preliminary, 'stage-setting' processes on the left-hand side of the EDRM come in, and where the eDiscovery capabilities in Office 365 might be more helpful than you think.

Office 365's pre-review eDiscovery capabilities

No matter which way you slice things, it's the left-hand side of the EDRM (information management, identification, preservation and collection) that forms the foundation of any eDiscovery project.

It may not be glamorous, but if the initial stages involved in 'sorting the wheat from the chaff' are carried out well, the review process will be faster, cheaper and more effective. If it's done poorly, the integrity of an entire case can be compromised.

Recognising the importance of this, Microsoft has built some pretty nifty eDiscovery capabilities into its Office 365 E3 and E5 licences. As a result, law firms and other businesses with eDiscovery requirements can now effectively handle that all-important left-hand side of the EDRM as an in-house (and therefore lower-cost) activity.

If you have Office 365 Advanced eDiscovery (included in E5 licences), you can also run preliminary analysis, threading and near-duplicates to reduce the overall amount of data that gets passed into the very expensive right-hand side of the EDRM, when your legal firm's clock is ticking.

This can result in massive savings.

However, as more and more firms dig into the potential time- and cost-savings of using Office 365's eDiscovery tools, a lot of questions are being raised about how to deal with data that lives outside of the Office 365 environment.

Can you import non-Office 365 content for Advanced eDiscovery Analysis?

It's a rare eDiscovery case that doesn't include data from at least one or two disparate, external sources.

The good news is that almost all on-premises data can be ingested into the Office 365 environment: either via manual PST uploads or using third-party tools to ingest content directly from a range of platforms, including CRM systems and archives such as Enterprise Vault.

You just need to be sure you're in operating in accordance with Microsoft licensing agreements and that access rights and preservation policies are properly configured.

Challenges of importing third-party data into Office 365 for eDiscovery

While there is value in being able to ingest external data into Office 365 for eDiscovery, the process isn't without its challenges. These are the main ones that tend to trip people up:

1. Limited in-situ preservation capabilities

Information governance and preservation are just as important as identification and collection in the preliminary stages of eDiscovery.

Unfortunately, since external data sources don't reside within the Office 365 ecosystem, they can't be protected in-situ by Office 365's governance and retention policies. Any copies uploaded to Office 365 can be brought under your information governance policies, but while the originals remain in place, they will be at the mercy of whatever local protection policies are in force and could be subject to spoliation and further eDiscovery.

To address this challenge, many companies choose to migrate their historic on-premises e-mail archives and journals 'lock, stock and barrel' into Office 365 for subsequent management and eDiscovery.

As part of this move, it is vital to ensure complete auditing and chain-of-custody, along with replication of any pre-existing litigation holds and retention policies. Due diligence in these respects is the only way that the original on-premises repository (and any backups thereof) can be defensibly deleted (and therefore excluded from future eDiscovery).

Creative use of Azure Information Protection Policies and labelling can also be used to achieve some level of on-premises file protection, but the simple truth is that only data within Microsoft's cloud can be easily and effectively preserved in-place during Office 365 eDiscovery.

2. No filtering on extraction

When you're pulling data from different sources into Office 365 in response to a specific eDiscovery case, it should ideally be possible to target and then extract relevant content according to custodians, date ranges and keywords or phrases. This will minimise the amount of time for upload and the subsequent search time in Office 365.

The external data sources you are working with, however, may not offer this option.

PST files, for example, will need to be uploaded as a 'job lot', and then searched within Office 365, as their content cannot be filtered without special tools.

3. Double the data moves

Another challenge of ingesting external data into Office 365 for eDiscovery is that it means moving that data twice, once into Office 365, and then again into your 'heavy-duty' review platform once you've performed the preliminary discovery processes.

Ideally, by the second move the data set should be far more concise, but if the initial volume of external data is large, this two-step process may still prove impractical.

If that's the case, it might be better to move external data directly to a third-party eDiscovery and review platform, and reserve Office 365's eDiscovery capabilities for pre-processing internal data only.

For example, if you have a very large on-premises e-mail journal, you might be better off with an 'age-in-place' strategy and performing ad-hoc, targeted extractions that go directly to review, versus the option of (pre-emptively) migrating the entire journal into Office 365.

Weigh up your options

Depending on the situation, the volume and type of data you're dealing with, and how much you're likely to be able to achieve with that data once inside your Office 365 eDiscovery environment, ingesting external data into Office 365, either permanently or on-demand, could be a real cost-saving asset. Or it could be more time-consuming than it's worth.

Just remember to weigh the logistical complexities and costs against the potential cost savings of the bloat-reduction capabilities of Office 365's Advanced eDiscovery. Don't forget to factor in the costs of maintaining legacy data on-premises, sitting on expensive storage or in unmaintained archives.

Future potential for Azure eDiscovery?

While nothing has been announced as yet, we have a sneaking suspicion that Microsoft will be introducing the ability to apply eDiscovery to Azure workloads directly in the future. This would be a major win for firms performing discovery on large-volume workloads that aren't suitable for Office 365, and would certainly help address the double-move issue that makes working with certain external data sources unwieldy at present.

In the meantime, if you want to realise the full value of in-house eDiscovery capabilities or explore best strategies given your unique set of data and litigation readiness challenges, get in touch with Cloud Essentials' eDiscovery team.