I recently moderated a panel at The Lawyer's General Counsel Strategy Summit in Alicante and spoke on a panel at the Banking Litigation and Regulations Forum in London. Both sessions had a central theme, the Cloud and how in-house lawyers should be aware of the implications of their companies moving to the Cloud. The fact that this topic was included in both events in quick succession is telling in terms of the increasing focus on the legal implications, rather than operational considerations, within organisations.
Setting the Stage
The Cloud is familiar to most people thanks to the way we store photos and save emails. However, the impact of the Cloud in such a short space of time, even for personal users, is remarkable. Google now gives away cloud storage space worth around $15,000 per person at 1995 prices to its users (of which there are approximately 1 billion). In other words, what would have cost a combined $15 trillion just 24 years ago is now being offered for free (Goldin and Kutarna. Age of Discovery. 1990. Print.).
The common response to the question of moving a companies' data to the Cloud, as was true of the audiences in the panel sessions judging by straw polls, questionnaires, and questions raised is to address the issues of both cost and security. Both of these topics are fundamental but are limited in scope when considering the wide-ranging potential of enterprise cloud technology from the perspective of data governance, compliance, and ediscovery.
Reducing or eliminating IT spend on building and maintaining infrastructure is a driving force for companies to move to the Cloud. Another is the need to provide employees with the tools they need to not only continue their everyday tasks but also to adapt and innovate. Microsoft recently quoted that, “97% of Fortune 500 and 95% of Fortune 1000 companies have Office 365 to benefit from streamlined infrastructure, data management, and collaborative technology opportunities.” They have discovered that cloud-based productivity has moved far beyond just standard applications like Word or Excel. Networked applications fuel employee innovation. According to a study by Vanson Bourne, “companies leveraging cloud services increased their time to market by 20.7%. At the same time, IT spending decreased by 15.1%, and, as for employees, productivity jumped 18.8%.”
When compared to cost savings and data security, data governance, compliance, and ediscovery often get less consideration. This is because a transition to the cloud is a core business decision, taken on at an enterprise-wide level to streamline the company and provide business-critical tools to employees. The legal capabilities of the technology may seem peripheral to the IT teams focusing on transitioning from on-premise infrastructure to cloud-based data centres. However, when you consider the variety of ways in which data is generated and the volume of this data, legal needs to lead the way in managing risk and adding value to how collaboration is managed across the company.
Driving Home the Point
Ironically, cloud-based technologies like Office 365 make it even easier to generate ever-larger amounts of data. It is, therefore, no surprise that the same technology can (and should) be used to govern this data. Legal needs to consider how to take ownership of the companies' data for risk management purposes if nothing else.
An example of this is persistent chat using Skype, Teams, Yammer, etc. Legal rather than IT needs to drive the key questions. Is this functionality available to everyone? How long is chat data stored? Does the company utilise more than one chat solution and do they interact with each other? Is the data discoverable if necessary and can it be searched? Can a legal hold be placed on this content? When deleted, does that fit with the overall data retention policy and is that consistent across multiple locations?
Just one aspect of data governance that, of data retention and associated policies and logistics, can be overwhelming. Every organisation has many applications that employees use. A switch to a cloud-based environment doesn’t just mean the data is stored somewhere else. It means that tools are probably available for employees to work more intelligently and collaboratively. This is a positive thing for both efficiency and most likely profitability. It is also positive in terms of data governance and compliance. Policies such as data retention and categorisation can be refreshed so that they are not written and ignored. They can be hardwired into the very applications that generate the bulk of a company's data, from email and business documents to persistent chat applications, financial data, and internal social media.
Cloud-based technology such as Office 365 can be utilised to manage contentious matters more effectively and proportionally (crucial for Subject Access Requests), without the need for large-scale intervention from third parties who deploy forensic data collection experts to ship large volumes of data elsewhere for ediscovery purposes.
Furthermore, failure to provide modern workplace technology often means that a shadow IT environment develops within a company, a phenomenon that makes governance and compliance even more difficult than it already is. Employees will use whatever technology they can to make their job easier, regardless of policy. Again, legal, not IT, can lead the way in aligning policies with the use of modern workplace tools.
Fortunately, security concerns have done little to hold back the tide of progress to cloud-based infrastructure. Microsoft may be a company that has the most attempted external hacks, but it also has a budget of over $1 billion annually to ensure the data it holds is secure. Other cloud-based providers also understand the value of managing their clients’ data and have similar impressive ways and large budgets to protect it. Microsoft's share price demonstrates what shareholders think of their focus on the cloud over the last five years. Windows is not discussed as widely these days compared to Office 365.
IT and security may be the departments responsible for a transition to the Cloud but legal and compliance are the departments that should take ownership of the generation and governance of the data. This should not be seen as a burden, but a welcome change in how to align a modern workplace with a comprehensive framework to manage risks inherent in big data.
If you would like to discuss this topic further, please feel free to reach out to me at MBrown@lighthouseglobal.com.