Litigation may be the last thing on IT's mind as it evaluates software-as-a-service options for the enterprise. Unfortunately, litigation and e-discovery--the act of finding, preserving, and analyzing electronic information--are facts of life. If your company gets dragged into a lawsuit and relevant information is stored inside a provider's cloud, you need to know that information is available on demand.
That's why IT should add e-discovery criteria to its list of considerations when evaluating SaaS providers, particularly when looking at services such as hosted e-mail and e-mail archiving, PC and file-share backups, and other information sources that create a legal data trail. No company wants to find that a SaaS application it purchased to streamline operations suddenly has become a major hurdle to its e-discovery obligations.
Fortunately, many of the criteria, including storage and performance, that IT already uses to evaluate SaaS providers can be applied to e-discovery. However, there also are e-discovery-specific requirements that must be considered, such as fine-grained control over retention and disposition of data, and the ability to quickly retrieve information from the service provider's system.
We'll examine how e-discovery issues align with--and depart from--common SaaS requirements, and outline contractual issues SaaS buyers must consider to ensure they can meet their e-discovery obligations.
IT expects good service availability levels and robust, secure data storage capabilities from SaaS providers. Availability and storage also make sense for e-discovery. After all, for any company to conduct a thorough e-discovery exercise, it must have regular and reliable access to its data and be assured the provider is protecting that data.
But when it comes to e-discovery, IT should look beyond basic storage to consider more fine-grained controls over information stored in a provider's facilities.
That's because archive processes, data retention policies, and e-discovery form a virtual Gordian knot of entwined requirements and implementation details: Change one element and you invariably affect the other two. Nowhere is this more apparent than when storing data in the cloud, where a company's most carefully considered document retention strategy could be sabotaged by sloppy operational processes. When using SaaS, it's imperative that the provider be able to enforce your internal retention policies.
Download the March 2010 issue of InformationWeek