Category Archives: eDiscovery & Compliance

True Enterprise-Wide eDiscovery Collection is Finally Here

My previous post discussed the inability of any software provider to solve a critical need by delivering a truly scalable eDiscovery preservation and collection solution that can search across thousands of enterprise endpoints in a short period of time. In the absence of such a “holy grail” solution, eDiscovery collection remains dominated by either unsupervised custodian self-collection or manual services, driving up costs while increasing risk and disruption to business operations.

So today, we at X1 are excited to announce the release of X1 Distributed Discovery. X1 Distributed Discovery (X1DD) enables enterprises to quickly and easily search across up to tens of thousands of distributed endpoints and data servers from a central location.  Legal and compliance teams can easily perform unified complex searches across both unstructured content and metadata, obtaining statistical insight into the data in minutes, and full results with completed collection in hours, instead of days or weeks. Built on our award-winning and patented X1 Search technology, X1DD is the first product to offer true and massively scalable distributed data discovery across an organization. X1DD replaces expensive, cumbersome and highly disruptive approaches to meet enterprise discovery, preservation, and collection needs.


Enterprise eDiscovery collection remains a significant pain point, subjecting organizations to both substantial cost and risk. X1DD addresses this challenge by starting to show results from distributed data across global enterprises within minutes instead of today’s standard of weeks, and even months. This game-changing capability vastly reduces costs while greatly mitigating risk and disruption to operations.

Targeted and iterative end point search is a quantum leap in early data assessment, which is critical to legal counsel at the outset of any legal matter. However, under today’s industry standard, the legal team is typically kept in the dark for weeks, if not months, as the manual identification and collection process of distributed, unstructured data runs its expensive and inefficient course.  To illustrate the power and capabilities of X1DD, imagine being able to perform multiple detailed Boolean keyword phrase searches with metadata filters across the targeted end points of your global enterprise. The results start returning in minutes, with granular statistical data about the responsive documents and emails associated with specific custodians or groups of custodians.

Once the legal team is satisfied with a specific search string, after sufficient iteration, the data can then be collected by X1DD by simply hitting the “collect” button. The responsive data is “containerized” at each end point and automatically transmitted to a central location, where all data is seamlessly indexed and ready for further culling and first pass review. Importantly, all results are tied back to a specific custodian, with full chain of custody and preservation of all file metadata.

This effort described above — from iterative distributed search through collection, transmittal to a central location, and indexing of data from thousands of endpoints — can be accomplished in a single day. Using manual consulting services, the same project would require several weeks and hundreds of thousands of dollars in collection costs alone, not to mention significant disruption to business operations. Substantial costs associated with over-collection of data would mount as well.

X1DD operates on-demand where your data currently resides — on desktops, laptops, servers, or even the Cloud — without disruption to business operations and without requiring extensive or complex hardware configurations. Beyond enterprise eDiscovery and investigation functionality, organizations can offer employees the award-winning X1 Search, improving productivity while maintaining compliance.

X1DD will be featured in an April 19 webinar with eDiscovery expert Erik Laykin of Duff & Phelps. Watch a full briefing and technical demo of X1DD and find out for yourself why X1 Distributed Discovery is a game-changing solution. Or please contact us to arrange for a private demo.

Leave a comment

Filed under Best Practices, Corporations, Desktop Search, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, Information Governance, Information Management, Preservation & Collection, X1 Search 8

Enterprise eDiscovery Collection Remains Costly and Inefficient

2016 marks my sixteenth year as a senior executive in the eDiscovery business. I began my career as a co-founder at Guidance Software (EnCase), serving as General Counsel, CEO and then Vice Chairman and Chief Strategy Officer from 1999 through 2009. After becoming the dominant solution for computer forensics in the early part of the last decade, Guidance set out to define a new field — enterprise discovery collection. Despite a good foundational concept, a truly scalable solution that could search across hundreds, or even thousands, of enterprise endpoints in a short period of time never came to fruition. To date, no other eDiscovery vendor has delivered on the promise of such a “holy grail” solution either. As a result, eDiscovery collection remains dominated by either unsupervised custodian self-collection, or manual services.



Organizations employ limited technical approaches in an effort to get by, and thus enterprise eDiscovery collection remains a significant pain point, subjecting organizations to both significant cost and risks. This post is the first of a two part series on the status of the broken enterprise eDiscovery collection process. Part two will outline a proposed solution.

Currently, enterprises employ four general approaches to eDiscovery collection, with two involving mostly manual methodologies, and the other two predominantly technology-based. Each of the four methods are fraught with inefficiencies and challenges.

The first and likely most common approach, is custodian self-collection, where custodians are sent manual instructions to search, review and upload data that they subjectively determine to be responsive to a matter. This method is plagued with severe defensibility concerns, with several courts disapproving of the practice due to poor compliance, modifying metadata, and inconsistency of results. See Geen v. Blitz, 2011 WL 806011, (E.D. Tex. Mar. 1, 2011), Nat’l Day Laborer Org. v. U.S. Immigration and Customs Enforcement Agency, 2012 WL 2878130 (S.D.N.Y. July 13, 2012).

The second approach is manual services, usually performed by eDiscovery consultants. This method is expensive, disruptive and time-consuming as many times an “overkill” method of forensic image collection process is employed. It also often results in over collection, as the collector typically only gets one bite at the apple, thus driving up eDiscovery costs. While attorney review and processing represent the bulk of eDiscovery costs, much of these expenses stem from over-collection, and thus can be mitigated with a smarter and more efficient process.

When it comes to technical approaches, endpoint forensic crawling methods are employed on a limited basis. While this can be feasible for a small number of custodians, network bandwidth constraints coupled with the requirement to migrate all endpoint data back to the forensic crawling tool renders the approach ineffective. For example, to search a custodian’s laptop with 10 gigabytes of email and documents, all 10 gigabytes must be copied and transmitted over the network, where it is then searched, all of which takes at least several hours per computer. So, most organizations choose to force collect all 10 gigabytes. The case of U.S. ex rel. McBride v. Halliburton Co.  272 F.R.D. 235 (2011), Illustrates this specific pain point well. In McBride, Magistrate Judge John Facciola’s instructive opinion outlines Halliburton’s eDiscovery struggles to collect and process data from remote locations:

“Since the defendants employ persons overseas, this data collection may have to be shipped to the United States, or sent by network connections with finite capacity, which may require several days just to copy and transmit the data from a single custodian . . . (Halliburton) estimates that each custodian averages 15–20 gigabytes of data, and collection can take two to ten days per custodian. The data must then be processed to be rendered searchable by the review tool being used, a process that can overwhelm the computer’s capacity and require that the data be processed by batch, as opposed to all at once.”

Halliburton represented to the court that they spent hundreds of thousands of dollars on eDiscovery for only a few dozen remotely located custodians. The need to force-collect the remote custodians’ entire set of data and then sort it out through the expensive eDiscovery processing phase, instead of culling, filtering and searching the data at the point of collection drove up the costs.

And finally, another tactic attempted by some CIOs to attempt to address this daunting challenge is to periodically migrate disparate data from around the global enterprise into a central location. This Quixotic endeavor is perceived necessary as traditional information management and electronic discovery tools are not architected and not suited to address large and disparate volumes of data located in hundreds of offices and work sites across the globe.  But, boiling the ocean through data migration and centralization is extremely expensive, disruptive and frankly unworkable.

What has always been needed is gaining immediate visibility into unstructured distributed data across the enterprise, through the ability to search and collect across several hundred endpoints and other unstructured data sources such as file shares and SharePoint, and return results within minutes instead of days or weeks. None of the four approaches outlined above come close to meeting this requirement and in fact actually perpetuate eDiscovery pain.

Is there a fifth option? Stay tuned for my next post coming soon.

Leave a comment

Filed under Best Practices, Case Law, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, Information Governance, Information Management, Preservation & Collection

Amazon Re:Invent – With the Cloud, Avoid Mistakes of the Past

Last week, I had the opportunity to attend the Amazon Re:Invent conference in Las Vegas. Over 13,000 people took over the Palazzo for deep dive technical sessions to learn how to harness the power of Amazon Web Services (AWS). reinventThis show had a much different energy than other enterprise software conferences, such as VMworld.  Whereas most conferences feature a great deal of selling and marketing by the host, Amazon Re:Invent was truly more of a training show. Cloud architects spent a lot of time in technical bootcamps learning how AWS works and getting certified as administrators.

That is not to say that there was no selling or marketing going on; the exhibition hall featured myriad vendors that augment or assist with AWS deployments and solutions. The focus on the deep technical details, though, does point out the fact that we are still in the very early days of the cloud. Most of the focus of the keynotes was about getting compute workloads to the cloud – there was not a lot of mention of moving actual data to the cloud, even though that is certainly beginning to happen.  But, that is how the evolution goes. IT departments need to be comfortable moving workloads to the cloud as they begin to leverage the cloud. Building this foundation is also important to Amazon – the goal would be for many companies to completely outsource the IT data center.

It is important, however, to proactive plan for information management as more workloads and, importantly, data move to the cloud.  As the internet first emerged, companies dove into new technologies like email and network file shares only to create eDiscovery nightmares and make it virtually impossible to find information within digital landfills. It is key to learn from those mistakes rather than to repeat them when leveraging cloud-based technologies. In order to ensure both that end-users are happy with search experiences on data in the cloud and that Legal can do what they need to do from an eDiscovery standpoint. This means providing business workers with unified access to email, files, and SharePoint information regardless of where the data lives. It also means giving Legal teams fast search queries and collections. But, Cloud search is slow, as indexes live far from the information. This results in frustrated workers and Legal teams afraid that eDiscovery cannot be completed in time.

If a customer wanted to speed up search, it would have to essentially attach an appliance to a hot-air balloon and send it up to the Cloud provider so that the customer’s index could live on that appliance (or farm of appliances) in the Cloud providers data center, physically near the data. There are many reasons, however, that a Cloud provider would not allow a customer to do that:

  • Long install process
  • Challenging Pre-requisites
  • 3rd party installation concerns
  • Physical access
  • Specific hardware requirements
  • They only scale vertically

The solution to a faster search is a cloud-deployable search application, such as X1 Rapid Discovery. This creates a win-win for Cloud providers and customers alike. As enterprises move more and more information to the Cloud, it will be important to think about workers’ experiences with Cloud systems – and search is one of those user experiences that, if it is a bad one, can really negatively affect a project and cause user revolt. eDiscovery is also a major concern – I’ve worked with organizations that moved data to the cloud before planning how they would handle eDiscovery. That left Legal teams to clean up messes, or more realistically, just deal with the messes. By thinking about these issues before moving data to the cloud, it is possible to avoid these painful occurrences and leverage the cloud without headaches. At X1, we look forward to working closely with Amazon to help customers have the search and eDiscovery solutions they need as more and more data goes to AWS.

Leave a comment

Filed under Cloud Data, eDiscovery & Compliance, Enterprise eDiscovery, Enterprise Search, Hybrid Search, Information Access, Information Governance, Information Management

Highlights from Reed Smith’s SharePoint eDiscovery Webinar

by John Patzakis

Reed Smith recently hosted an excellent webinar on SharePoint eDiscovery challenges, led by Patrick Burke with the firm’s eDiscovery team. The webinar featured a substantive and detailed discussion on the nuances, pitfalls and opportunities associated with eDiscovery of data from SharePoint sites. This topic is very timely as the majority of enterprises are deploying the Microsoft platform at an accelerated rate, with the solution reaching $1 billion in sales faster than any other Microsoft product in history. Burke noted that “SharePoint has exploded across corporate networks, and are filling rapidly with ESI,” but that “the bad news is that it’s not centralized. There is no single place to go to search through the ESI across an organization’s SharePoint sites to identify which SharePoint Site holds the ESI you’re looking for.”

As SharePoint enables enterprises to consolidate file shares, Intranet sites, internal message boards and wikis, project management, collaboration and more into a single platform, it provides significant operational efficiencies as well as eDiscovery challenges. The vast majority of current SharePoint deployments are versions 2007 or 2010, and neither have meaningful internal eDiscovery or even export features. This is one reason why SharePoint eDiscovery is fraught with over-collection, resulting in much higher costs and time delays that what is typically seen with other similar data stores such as email servers and file shares.

In addressing best practices for eDiscovery of SharePoint sites, Burke advised, among other key points, that the litigation hold process must not only involve individual custodians but the SharePoint administrator as well: “As it usually isn’t feasible to search all an organization’s SharePoint sites, the first step is to talk to the key custodians (through litigation hold questionnaire processes) and ask them which SharePoint sites they use (to identify) relevant ESI.” From there, “the cross-check involves talking with the SharePoint administrator, who can look up all the SharePoint sites to which the custodian’s belong.”

A full video recording of the webinar can be accessed here >

Appliance-based eDiscovery solutions or remote collections do not work as it may take weeks, if not months, to copy a multi-terabyte SharePoint site over a network connection and a large corporation may have several dozens of SharePoint silos from which to collect.  Manual collection efforts, which are geared toward mass “data dumps,” are also time consuming and are typically very costly due to the extensive processing and data massaging required to put the SharePoint data back into context.

Instead, what is needed is a solution such as X1 Rapid Discovery can quickly and remotely install and operate within the same local network domain to enable localized search, review and early case assessment in place. X1 Rapid Discovery’s full content indexing and preview of native SharePoint document libraries and lists, as well as its robust search, document filters, intuitive review interface uniquely enables targeted and contextual search, preservation and export of SharePoint evidence in its native format. In fact, we believe it is the only solution available that enables true in-place early case assessment and eDiscovery review of SharePoint sites, including iterative search, tagging and full fidelity preview in place, without the requirement to first export all of the data out of the platform.

To learn more, sign on to the recorded webinar or please contact us for a further briefing to learn how to save your organization or your clients tens of thousands of dollars on litigations costs associated with SharePoint.

Leave a comment

Filed under Best Practices, Case Law, eDiscovery & Compliance, Enterprise eDiscovery, Information Access, Preservation & Collection

Barry Murphy Joins the X1 Team

Last week, I said goodbye to my time at the eDJ Group, a company in good hands that will continue to provide top notch eDiscovery and information governance consulting at a level of depth very few can match.   This week begins my new adventure as Senior Vice President of Product Marketing and Strategy at X1, and I am very excited about the opportunity.

Many have asked why I chose to join X1 and I want to take this space today to explain the reasons.  As an analyst for the past four years, I have had the chance to see – up close and personal – the challenges that enterprise IT and business people are trying to address.  One that comes up consistently is the ability to quickly find information in a world where the volume of it is increasing so rapidly.  While search might seem relatively simple, I can tell you that many clients pull their hairs out due to frustration with enterprise search deployments.

Thus, the first thing that hit me about X1 was the number of X1 customers whose top point to make about that product is that “it just works.”  Business people like the ease of use and clean, single-pane-of glass view of their information, Legal teams like how X1 Rapid Discovery makes eDiscovery more efficient and less costly, and IT teams like that the product can be deployed in increasingly virtualized environments.

Part of the attraction to X1, for me, is the fact that the company can address such a range of solutions via a powerful search engine.  It is not just about eDiscovery, though there is a product for that.  Rather, X1 will power many solutions by providing easy access to information – and the company does it in a way that just works.  It makes me think back to those old BASF commercials – the ones where BASF says, “we don’t make the products you buy, we make the products you buy better.”  I get a feeling that same message can apply at X1; something along the lines of “we don’t make the cloud infrastructure, we make the cloud infrastructure better and more valuable.”

Stay tuned for more details on how X1 will make other solutions better and continue to provide great search products in 2014.  I’m looking forward to this adventure.

Leave a comment

Filed under eDiscovery & Compliance, Enterprise eDiscovery, Information Access, Information Governance, Information Management