Establishing a sustainable preservation plan is key for compliance and risk management. Onna’s Ish Alaoui outlines five key factors to weigh when looking to preserve data from cloud-based applications.
The number of cloud-based applications and productivity tools used in the workplace is growing by the day. From Slack and GSuite to Dropbox and Office 365, today’s top workplace applications allow organizations to work at an accelerated pace. Although our productivity is skyrocketing, so is our production of data, leaving in-house legal teams scrambling for a scalable preservation plan. Between ever-changing compliance requirements, taking a proactive approach toward risk management is important now more than ever. Here are some key factors to consider when trying to establish a sustainable preservation plan in the cloud.
1. Defensibility
On cloud-based apps, data is extremely ephemeral and easy to modify. Although this may be a convenient aspect in day-to-day operations, it poses a risk when it comes to long-term defensibility. Responsible legal teams know that it’s critical to keep an original, defensible copy of everything in their organization. If ever the day comes for litigation, having access to an original copy might be key for providing evidence – not to mention, knowing when and how certain information was modified is just as important for internal knowledge as it is for external legal compliance. For these reasons, it’s a good idea to look for a solution that offers file versioning or audit logs. This way, your team can maintain a comprehensive trail of all user activities and ensure the utmost defensibility.
2. Scalability
Let’s face it, it’s difficult to predict just how much data storage your organization needs. In our cloud-based world, the proliferation of data can feel so out of control that it’s hard to put your finger on an exact capacity. For these reasons, scalability is your best friend. When shopping around for a preservation plan with multiple vendors, you might ask yourself, “do we really need that much storage?” or “how do we even budget for this?” The answers to those questions, unfortunately, aren’t black and white. For this reason, we can’t stress enough how important it is for legal teams to collaborate with their IT teams to get a baseline for their storage needs. Even then, it’s good to have some flexibility in your plan for the future. Keep an eye out for preservation plans that offer “pay as you go” pricing. This will ensure that you won’t get cut off from storage you didn’t know you needed. Having enough storage is critical to having information readily available for compliance — it’s better to be safe than sorry!
3. Granularity
A defensible and scalable preservation plan is only as good as it is useful — that’s where granularity comes in. Granularity gives legal teams the power to break through data clutter and find exactly what they need. For example, when data is organized based on things like users, folders, channels and dates, legal teams are able to filter through files much faster and keep only what they need. The more data an organization has, the more expensive it gets, so having a granular preservation plan is also extremely cost-effective. Additionally, keeping preserved data granular will aid in risk management, compliance and overall data hygiene.
4. Security
Employing strict security measures in your preservation plan is an absolute must. Doing so will help protect against data privacy threats, external and internal access breaches and misuse or loss of data. When looking for a trusted preservation solution, it’s important to dig into its storage structure. Do their servers operate on a private network? Do they use OAuth 2.0 protocol? Do they encrypt their data? The answer to all of these questions should be a strong “yes.” You should also look out for the proper security certifications such as the EU-US privacy shield, ISO 27001 and Soc 2 Type II, just to name a few. This is another instance where we urge legal teams to connect with their IT teams so they’re asking the right questions and getting the most secure solution possible.
5. Automatic Sync
The last thing you want to worry about is not knowing the last time your data was synced. If the time ever comes for litigation or compliance, you want to feel confident that all of your information, through its many forms and modifications, is there waiting for you. For this reason, we recommend going with a preservation solution that has an auto-sync feature. Having a solution that updates and preserves files in real time is a surefire way of having the information you need in a moment’s notice. After all, compliance is not a one-time event, and treating it as such can cost your organization significant time, money and resources. An automatic sync feature will allow your team to mitigate risk and comply with regulations at a much lower long-term cost.
As cloud collaboration apps continue to dominate the workplace, legal and IT teams dive deeper into a cloud-based world. It’s important to consider these five factors when forming a preservation plan that is compliance-friendly. By doing so, you’ll set your organization up for success for both today and tomorrow.
Ismael (Ish) Alaoui has been leading the technical team at 
