Category Archives: Cybersecurity

November 13, 2025 · 11:13 AM

X1 Brings “AI In-Place” to the Enterprise—A Major Breakthrough for Secure, Scalable AI Deployment

By John Patzakis

Our latest announcement represents a true inflection point in enterprise AI. With X1 Enterprise’s newly introduced capability for AI in-place, organizations and their service providers will, for the first time, be able to deploy and execute large language models (LLMs) directly where enterprise data lives—without moving or copying that data.

This is more than a product enhancement; it is a fundamental shift in how AI is applied across the enterprise.

The Foundation: Efficient Text Extraction Is Critical for AI
Large language models (LLMs) are the core engines that power today’s AI revolution. These models rely entirely on textual input to perform reasoning, summarization, search, and analysis. That is why text extraction is the critical first step. LLMs can only operate once another process extracts the text from emails, documents and chats. Traditionally, that meant copying or exporting data to external systems hosted by third party vendors, a process fraught with risk, cost, and compliance challenges.

Solving the “Data Movement Problem” for Enterprise AI
So, the key barrier to enterprise AI adoption has been the reluctance to move sensitive corporate data to external AI platforms. Whether for security, governance or cost reasons, most enterprises simply cannot send their data outside their environment.

X1’s innovation solves that problem head-on. Instead of shipping sensitive data out to an AI system, X1 brings the AI to the data. Enterprises can now deploy their own proprietary models or open-source LLMs within the secure perimeter of their existing infrastructure, whether on premises or in the cloud. X1’s index-in-place architecture performs the text extraction and indexing where the data resides. By extending that same principle to AI—forward-deploying LLMs directly to enterprise data sources—X1 now enables AI in-place. The result: organizations can apply the analytical power of LLMs across their data without ever moving it.

Once the LLMs are deployed into the X1 micro-indexes, X1 will then auto-apply AI-informed tags, which a user can query globally from a central console and act upon through targeted data collection or remediation. Imagine petabytes of data on file servers, laptops M365 and other sources all AI-classified and then queried and collected on a highly targeted basis.

This means enterprises can now unlock powerful new use cases no matter the scale—AI-assisted compliance, risk monitoring, GRC audits, eDiscovery, and more—while maintaining full control of their data and eliminating the need for costly, risky data transfers.

Enabling Collaboration Between Enterprises and Their Advisors
William Belt, Managing Director and Consulting Practice Leader at Complete Discovery Source, described the impact succinctly:

“Enabling AI in-place where our corporate client’s data lives is game-changing. We look forward to working with our clients to deploy AI models that are either pre-trained or customized for a specific matter or compliance requirement utilizing the X1 Enterprise platform.”

This capability creates a new bridge between corporations and their professional advisors—consulting firms, law firms, and service providers—who can now collaborate directly with their clients to develop, fine-tune, and deploy customized AI models for specific business or legal needs.

Rather than relying on generic cloud-based AI tools, organizations can now build targeted, matter-specific LLMs that are tuned to their unique data and compliance requirements, all executed securely in-place through the X1 Enterprise Platform.

A New Era for Enterprise AI
With this release, X1 is redefining the architecture of enterprise AI. Its ability to perform distributed micro-indexing and in-place AI analysis across global data sources enables secure, scalable, and cost-effective intelligence—without ever duplicating or relocating sensitive data.

For enterprises and their partners, this represents a new era of possibility: true AI at enterprise scale, in-place.

X1 will host a webinar on Wednesday, December 10, featuring a detailed overview of this new capability and a live demonstration. You can register here.

Leave a comment

Filed under Cloud Data, Corporations, Cybersecurity, eDiscovery, eDiscovery & Compliance, Enterprise AI, Enterprise eDiscovery, Information Governance, m365

Tagged as , , , , , , , , , , ,

July 31, 2025 · 9:58 AM

X1 Achieves Record Growth as Numerous Fortune 500 Companies Standardize on X1 Enterprise

By Larry Gill

X1 Discovery is having a record-breaking year, with dozens of Fortune 500 companies and leading law firms adopting the X1 Enterprise Platform to transform how they approach eDiscovery collection, early case assessment, and information governance. In an era when overcollection and skyrocketing legal costs strain corporate budgets, these organizations are choosing X1 to gain immediate insight into their data, dramatically reduce costs, and ensure defensible, repeatable processes—all while maintaining complete control over their information. This surge in adoption reflects X1’s position as the industry’s trusted solution for modern, efficient, and targeted enterprise eDiscovery.

The X1 Enterprise Platform is an industry-leading eDiscovery and information governance solution that empowers organizations to search, identify, analyze, and act on their data in-place, wherever it resides. X1 uniquely addresses Microsoft 365—including robust Teams support—laptops, file servers, and other cloud and on-premises sources, giving legal and compliance teams unparalleled reach and control. Dozens of major enterprises and AM Law 100 firms have now standardized on X1, recognizing it as the most effective solution for managing M365 content—often outperforming even Purview Premium—while also covering on-premises data sources seamlessly. By enabling a highly targeted, efficient, index-in-place approach, X1 provides immediate, pre-collection visibility, streamlining search, analysis, remediation, and collection workflows like never before.

Here are the top three reasons why leading organizations are adopting X1 Enterprise in record numbers:

  1. Significant Return on Investment
    Corporate legal departments that implement X1 consistently realize up to 90% in “hard” cost savings. X1’s powerful in-place search and pre-collection filtering enable teams to collect only what is needed, achieve true proportionality, and eliminate massive outsourced processing and project management fees. Many organizations are even scaling back or eliminating costly Purview Premium licenses altogether, all while mitigating risk with a defensible and repeatable collection process.
  2. Unmatched Speed and Scalability
    X1 delivers speed and scalability that no other solution can match. It can search across thousands of laptops and multiple terabytes of M365 or file share data within minutes, quickly pinpointing responsive data for precise collection or remediation. All indexed data stays securely behind the corporate firewall or in a private cloud. Unlike legacy tools that overpromise and underdeliver, X1 is proven to work and scale as advertised, backed by real-world case studies and customer success stories.
  3. Multiple Use Cases Beyond eDiscovery
    Beyond eDiscovery, corporate legal and compliance teams leverage X1 to locate and remediate sensitive personal information (PII), defensibly purge redundant or non-compliant data, support due diligence and data separation during M&A transactions, and handle GDPR Data Subject Access Requests (DSARs) and other data privacy obligations—making X1 a true multipurpose platform for enterprise information governance.

In today’s data-driven world, X1 Enterprise is more than a solution—it’s a strategic advantage. For organizations serious about controlling eDiscovery costs, reducing risk, and gaining immediate insight into their data, X1 is the clear choice.

Interested in learning more about how to dramatically reduce your costs and compliance risks? Schedule a briefing today at sales@x1.com or visit www.x1.com/solutions/x1-enterprise-platform.

Leave a comment

Filed under Authentication, Cloud Data, Corporations, Cybersecurity, Data Audit, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, ESI, GDPR, Information Access, Information Governance, m365, MS Teams, OneDrive, Preservation & Collection, SharePoint

Tagged as , , , , , , ,

August 6, 2024 · 10:04 AM

Granting Microsoft 365 Super-Admin Privileges to eDiscovery Service Providers is Very Risky and Unnecessary

By John Patzakis and Chas Meier

In a world where data breaches are not just possible but expected, securing sensitive information becomes paramount. However, in many cases, organizations are unnecessarily handing over the security keys to the kingdom to eDiscovery Service Providers by providing them with very heightened security privileges to their Microsoft 365 tenants. This is because the more manual methods relied on by service providers often involve gaining high-level permissions usually only reserved for senior trusted IT directors and executives within the client organization. Such broad access can lead to unauthorized data access, including creating new accounts for others outside the organization, data overcollection, and unintended data modifications and even deletions. These unnecessary accommodations can cause severe irreversible damage, security breaches and overall complication with compliance efforts.

Clients are often told such high-level security access is absolutely necessary. In truth, service providers only resort to such measures when they fail to utilize best practices technology. In many cases, service providers, once they gain elevated administrative permissions, simply run basic scripts that they position as proprietary, which have little functionality other than the bulk download of M365 data. These scripts only work if very high-level access is granted to the user of the scripts. Once the service provider completes their mass data download from M365, they are off to the races with their traditional highly lucrative eDiscovery workflows of excessive data volumes due to overcollection, extensive processing and project management, and final eventual staging into review, all leading to excessive costs and unnecessarily extended timelines.

In contrast, our customers believe X1’s strategy for M365 Data Access is unique and disruptive to legacy approaches still utilized by many service providers. We designed our approach to maximize security, enhance operational efficiency, and ensure economic advantages for our clients, setting new benchmarks that challenge conventional industry practices.

  1. Uncompromised Security with Read-Only Access
    X1’s approach to accessing client information in a read-only least privileged manner exemplifies our commitment to security. In our approach a client grants read-only permissions to the X1 Enterprise solution licensed and controlled by the client, through an application that also remains under the control of our client and has a built-in expiration. No X1 employee ever needs to have access to or personally utilize the client’s M365 credentials. There is no ability for X1 to create new accounts or even delegate M365 permissions. This approach eliminates the risks associated with more invasive access levels that other eDiscovery providers often require.

    X1’s methodology ensures that the data remains pristine and untouched throughout the eDiscovery process. This approach not only supports stringent compliance with legal and regulatory standards but also shields organizations from the pitfalls of unauthorized data manipulation. It significantly reduces the potential for costly security incidents, reinforcing the trust our clients place in us to handle their most sensitive information.

  2. Index-in-Place: Elevating Data Integrity and Efficiency
    Our “index-in-place” technology stands in stark contrast to the traditional data extraction methods employed by many service providers. These providers often relocate substantial data volumes from clients’ M365 tenants to their environments—a practice driven by the desire to increase hosting volumes and, consequently, revenue. This not only introduces significant security risks but also strains client resources and infrastructure.

    By indexing data directly within its native environment, X1 maintains the integrity and security of the data. This approach significantly reduces the exposure of data to external threats during transfer and storage. It also enhances the speed and accuracy of search and collection processes, enabling quicker responses to legal inquiries and reducing the overall time and cost of eDiscovery.

    Moreover, this method highlights our principle of avoiding the “fox guarding the henhouse” scenario, where providers have incentives that might conflict with client interests. Our clients appreciate the transparency and integrity of keeping their data within their controlled environment, free from unnecessary external manipulation or exposure.

  3. Transparent Pricing Promoting Efficiency and Reuse
    X1’s innovative pricing model stands out by encouraging the efficient reuse of tools without penalizing clients for data volume. This approach directly contrasts with the common industry practice where costs escalate with the volume of data hosted or processed. Our pricing structure is designed to align closely with our clients’ needs for predictable and reasonable costs.

    By not charging based on data volume, we foster a more sustainable and rational use of resources, allowing our clients to plan and budget more effectively. This pricing strategy supports not just cost savings but also promotes a more strategic use of eDiscovery tools, encouraging practices that are both economically and environmentally more sustainable.

Conclusion
X1 is dedicated to setting a higher standard for secure, efficient, and cost-effective data management solutions in Microsoft 365 environments. Our innovative approaches to read-only access, index-in-place technology, and volume-independent pricing ensure that our clients receive unparalleled service that prioritizes their security, operational efficiency, and financial well-being.

We invite you to join us in this transformative journey and experience the peace of mind that comes from knowing your data remains in place until you target a collection to migrate into review. For a demonstration of the X1 Enterprise Platform, contact us at sales@x1.com. For more details on this innovative solution, please visit www.x1.com/x1-enterprise-platform.

Leave a comment

Filed under Best Practices, Cloud Data, compliance, Cybersecurity, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, ESI, Information Access, Information Management, m365

Tagged as , , ,

June 23, 2020 · 9:36 AM

CCPA and GDPR UPDATE: Unstructured Enterprise Data in Scope of Compliance Requirements

An earlier version of this article appeared on Legaltech News

By John Patzakis

A core requirement of both the GDPR and the similar California Consumer Privacy Act (CCPA), which becomes enforceable on July 1, is the ability to demonstrate and prove that personal data is being protected. This requires information governance capabilities that allow companies to efficiently identify and remediate personal data of EU and California residents. For instance, the UK Information Commissioner’s Office (ICO) provides that “The GDPR places a high expectation on you to provide information in response to a SAR (Subject Access Request). Whilst it may be challenging, you should make extensive efforts to find and retrieve the requested information.”CCPA GDPR

However, recent Gartner research notes that approximately 80% of information stored by companies is “dark data” that is in the form of unstructured, distributed data that can pose significant legal and operational risks. With much of the global workforce now working remotely, this is of special concern and nearly all the company data maintained and utilized by remote employees is in the form of unstructured data. Unstructured enterprise data generally refers to searchable data such as emails, spreadsheets and documents on laptops, file servers, and social media.

The GDPR

An organization’s GDPR compliance efforts need to address any personal data contained within unstructured electronic data throughout the enterprise, as well as the structured data found in CRM, ERP and various centralized records management systems. Personal data is defined in the GDPR as: “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

Under the GDPR, there is no distinction between structured versus unstructured electronic data in terms of the regulation’s scope. There is a separate guidance regarding “structured” paper records (more on that below). The key consideration is whether a data controller or processor has control over personal data, regardless of where it is located in the organization. Nonetheless, there is some confusion about the scope of the GDPR’s coverage across structured as well as unstructured electronic data systems.

The UK ICO is a key government regulator that interprets and enforces the GDPR, and has recently issued important draft guidance on the scope of GDPR data subject access rights, including as it relates to unstructured electronic information. Notably, the ICO notes that large data sets, including data analytics outputs and unstructured data volumes, “could make it more difficult for you to meet your obligations under the right of access. However, these are not classed as exemptions, and are not excuses for you to disregard those obligations.”

Additionally the ICO guidance advises that “emails stored on your computer are a form of electronic record to which the general principles (under the GDPR) apply.” In fact, the ICO notes that home computers and personal email accounts of employees are subject to GDPR if they contain personal data originating from the employers networks or processing activities. This is especially notable under the new normal of social distancing, where much of a company’s data (and associated personal information) is being stored on remote employee laptops.

The ICO also provides guidance on several related subjects that shed light on its stance regarding unstructured data:

Archived Data: According to the ICO, data stored in electronic archives is generally subject to the GDPR, noting that there is no “technology exemption” from the right of access. Enterprises “should have procedures in place to find and retrieve personal data that has been electronically archived or backed up.” Further, enterprises “should use the same effort to find information to respond to a SAR as you would to find archived or backed-up data for your own purposes.”

Deleted Data: The ICO’s view on deleted data is that it is generally within the scope of GDPR compliance, provided that there is no intent to, or a systematic ability to readily recover that data. The ICO says it “will not seek to take enforcement action against an organisation that has failed to use extreme measures to recreate previously ‘deleted’ personal data held in electronic form. We do not require organisations to use time and effort reconstituting information that they have deleted as part of their general records management.”

However, under this guidance organizations that invest in and deploy re-purposed computer forensic tools that feature automated un-delete capabilities may be held to a higher standard. Deploying such systems can reflect intent to as well as having the systematic technical ability to recover deleted data.

Paper Records: Paper records that are part of a “structured filing system” are subject to the GDPR. Specifically, if an enterprise holds “information about the requester in non-electronic form (e.g. in paper files or on microfiche records)” then such hard-copy records are considered personal data accessible via the right of access,” if such records are “held in a ‘filing system.” This segment of the guidance reflects that references to “unstructured data” in European parlance usually pertains to paper records. The ICO notes in separate guidance that “the manual processing of unstructured personal data, such as unfiled handwritten notes on paper” are outside the scope of GDPR.

GDPR Article 4 defines a “filing system” as meaning “any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis.” The only form of “unstructured data” that would not be subject to GDPR would be unfiled paper records like handwritten notes or legacy microfiche.

The CCPA  

The California Attorney General (AG) released a second and presumably final round of draft regulations under the California Consumer Privacy Act (CCPA) that reflect how unstructured electronic data will be treated under the Act. The proposed rules outline how the California AG is interpreting and will be enforcing the CCPA. Under § 999.313(d)(2), data from archived or backup systems are—unlike the GDPR—exempt from the CCPA’s scope, unless those archives are restored and become active. Additional guidance from the Attorney General states: “Allowing businesses to delete the consumer’s personal information on archived or backup systems at the time that they are accessed or used balances the interests of consumers with the potentially burdensome costs of deleting information from backup systems that may never be utilized.”

What is very notable is that the only technical exception to the CCPA is unrestored archived and back-up data. Like the GDPR, there is no distinction between unstructured and structured electronic data. In the first round of public comments, an insurance industry lobbying group argued that unstructured data be exempted from the CCPA. As reflected by revised guidance, that suggestion was rejected by the California AG.

For the GDPR, the UK ICO correctly advises that enterprises “should ensure that your information management systems are well-designed and maintained, so you can efficiently locate and extract information requested by the data subjects whose personal data you process and redact third party data where it is deemed necessary.” This is why Forrester Research notes that “Data Discovery and Classification are the foundation for GDPR compliance.”

Establish and Enforce Data Privacy Policies

So to achieve GDPR and CCPA compliance, organizations must first ensure that explicit policies and procedures are in place for handling personal information. Once established, it is important to demonstrate to regulators that such policies and procedures are being followed and operationally enforced. A key first step is to establish a data map of where and how personal data is stored in the enterprise. This exercise is actually required under the GDPR Article 30 documentation provisions.

An operational data audit and discovery capability across unstructured data sources allows enterprises to efficiently map, identify, and remediate personal information in order to respond to regulators and data subject access requests from EU and California citizens. This capability must be able to search and report across several thousand endpoints and other unstructured data sources, and return results within minutes instead of weeks or months as is the case with traditional crawling tools. This includes laptops of employees working from home.

These processes and capabilities are not only required for data privacy compliance but are also needed for broader information governance and security requirements, anti-fraud compliance, and e-discovery.

Implementing these measures proactively, with routine and consistent enforcement using solutions such as X1 Distributed GRC, will go a long way to mitigate risk, respond efficiently to data subject access requests, and improve overall operational effectiveness through such overall information governance improvements.

Leave a comment

Filed under CaCPA, compliance, Corporations, Cyber security, Cybersecurity, Data Audit, GDPR, Information Governance, Information Management, Uncategorized

October 15, 2019 · 9:02 AM

Incident Reporting Requirements Under GDPR and CCPA Require Effective Incident Response

By John Patzakis

The European General Data Protection Regulation (GDPR) is now in effect, but many organizations have not fully implemented compliance programs. For many organizations, one of the top challenges is complying with the GDPR’s tight 72-hour data breach notification window. Under GDPR article 33, breach notification is mandatory where a data breach is likely to “result in a risk for the rights and freedoms of individuals.” This must be done within 72 hours of first having become aware of the breach.  Data processors will also be required to notify their customers, the controllers, “without undue delay” after first becoming aware of a data breach.GDPR-stamp

In order to comply, organizations must accelerate their incident response times to quickly detect and identify a breach within their networks, systems, or applications, and must also improve their overall privacy and security processes. Being able to follow the GDPR’s mandate for data breach reporting is equally important as being able to act quickly when the breach hits. Proper incident response planning and practice are essential for any privacy and security team, but the GDPR’s harsh penalties amplify the need to be prepared.

It is important, however, to note that the GDPR does not mandate reporting for every network security breach. It only requires reporting for breaches impacting the “personal data” of EU subjects. And Article 33 specifically notes that reporting is not required where “the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.”

The California Consumer Privacy Act contains similar provisions. Notification is only required if a California resident’s data is actually compromised.

So after a network breach is identified, determining whether the personal data of an EU or California citizen was actually compromised is critical not only to comply where a breach actually occurred, but also limit unnecessary or over reporting where an effective response analysis can rule out an actual personal data breach.

These breaches are perpetrated by outside hackers, as well as insiders. An insider is any individual who has authorized access to corporate networks, systems or data.  This may include employees, contractors, or others with permission to access an organizations’ systems. With the increased volume of data and the increased sophistication and determination of attackers looking to exploit unwitting insiders or recruit malicious insiders, businesses are more susceptible to insider threats than ever before.

Much of the evidence of the scope of computer security incidents and whether subject personal data was actually compromised are not found in firewall logs and typically cannot be flagged or blocked by intrusion detection or intrusion prevention systems. Instead, much of that information is found in the emails and locally stored documents of end users spread throughout the enterprise on file servers and laptops. To detect, identify and effectively report on data breaches, organizations need to be able to search across this data in an effective and scalable manner. Additionally, proactive search efforts can identify potential security violations such as misplaced sensitive IP, or personal customer data or even password “cheat sheets” stored in local documents.

To date, organizations have employed limited technical approaches to try and identify unstructured distributed data stored across the enterprise, enduring many struggles. For instance, forensic software agent-based crawling methods are commonly attempted but cause repeated high computer resource utilization for each search initiated and network bandwidth limitations are being pushed to the limits rendering this approach ineffective, and preventing any compliance within tight reporting deadlines. So being able to search and audit across at least several hundred distributed end points in a repeatable and expedient fashion is effectively impossible under this approach.

What has always been needed is gaining immediate visibility into unstructured distributed data across the enterprise, through the ability to search and report across several thousand endpoints and other unstructured data sources, and return results within minutes instead of days or weeks. None of the traditional approaches come close to meeting this requirement. This requirement, however, can be met by the latest innovations in enterprise eDiscovery software.

X1 Distributed GRC  represents a unique approach, by enabling enterprises to quickly and easily search across multiple distributed endpoints from a central location.  Legal, cybersecurity, and compliance teams can easily perform unified complex searches across both unstructured content and metadata, and obtain statistical insight into the data in minutes, instead of days or weeks. With X1 Distributed GRC, organizations can proactively or reactively search for confidential data leakage and also keyword signatures of personal data breach attacks, such as customized spear phishing attacks. X1 is the first product to offer true and massively scalable distributed searching that is executed in its entirety on the end-node computers for data audits across an organization. This game-changing capability vastly reduces costs and quickens response times while greatly mitigating risk and disruption to operations.

Leave a comment

Filed under compliance, Corporations, Cyber security, Cybersecurity, Data Audit, GDPR, Information Governance