Speaking to many customers considering Microsoft Office365 and its new features for e-discovery leads me to one and only one conclusion: the confusion continues.
Articles published by Microsoft and others that have seen preview of the technology reinforce this point. (See here, referencing a Microsoft webinar where “no specifics were provided”). Hmmm.
Those looking for a simple, straight forward answer as to whether Office365 alone is sufficient to address one’s eDiscovery burdens will be greatly disappointed. No one likes to see a response of “it depends” to a simple RFP question. But, it depends. So, here are 5 simple questions to ask yourselves to determine whether Office365 could be sufficient to address your specific demands.
First, a simple question – do you work for a financial services provider? If yes, stop here. Office 365 and Exchange 2013 do not address requirements outlined by SEC 17a3-4 that outline how data must be stored immutably, or supervisory review requirements under FINRA. You should be engaging with archiving or data storage providers to address these requirements.
1. Do you need to conduct real-time, iterative search against multiple matters concurrently? Office 365 relies upon a batch-based searching process that is not designed for large scale search – nor unlimited search against concurrent matters. IT must break up requests into multiple smaller searches, introducing multiple points of failure and unknown performance. Limits of 2 concurrent searches is difficult if you have (hmmm) 3 time sensitive matters.
2. Do you need to conduct keyword search against an entire enterprise or large department? Again, the number of mailboxes that can be searched is limited (and continues to be changed by Microsoft – is it 50 mailboxes? 500?). Not ideal for investigative purposes where a set of keywords are known, but the custodian scope/scale is not yet defined.
3. Do you need to search against non-Microsoft office content types? On average, organizations deal with 400+ different attachment types within email alone, and must be able to capture and extract text of these file types prior to sending to a storage environment in order to search and retrieve later. Office 365 cannot help you here.
4. Do you have strict retention and enforcement mandates? Within Office365, email is archived only after a configured time period (default is 2 years). Users can delete or otherwise do as they chose beforehand. In fact, per Microsoft’s own documentation: “Important MRM doesn’t guarantee retention of every message. For example, a user can delete or remove a message from their mailbox before the message reaches its retention age; MRM isn't designed to prevent users from deleting their own messages.”
5. Do you need it now? Short term, inflexible discovery demands are challenged when all content sources must be within Exchange 2013 to be useable. And, when Microsoft lacks tools to migrate data from earlier versions of Exchange and third party archives that leverage the accepted industry standard approach of journaling. And, when IT command line tools must be used when tasks exceed the existing features – such as creating and managing multiple retention policies through Microsoft’s rolling hold features. And, when archived data needs to be manually segregated for ethical wall or local data privacy adherence. And, when non-Microsoft content must be manually collected, searched, and processed through other systems.
Like with any other early stage software, it is easy for technologists to give the “yes, it can be done” or “yes, on our roadmap” response question to address functional requirements that today do not exist in the product. But, is this adequate to address the immediate, real-time, and unpredictable nature of eDiscovery that your company faces?
“It depends”, as they say.
Subscribe to the Proofpoint Blog