Category Archives: Enterprise eDiscovery

True Enterprise-Wide eDiscovery Collection is Finally Here

My previous post discussed the inability of any software provider to solve a critical need by delivering a truly scalable eDiscovery preservation and collection solution that can search across thousands of enterprise endpoints in a short period of time. In the absence of such a “holy grail” solution, eDiscovery collection remains dominated by either unsupervised custodian self-collection or manual services, driving up costs while increasing risk and disruption to business operations.

So today, we at X1 are excited to announce the release of X1 Distributed Discovery. X1 Distributed Discovery (X1DD) enables enterprises to quickly and easily search across up to tens of thousands of distributed endpoints and data servers from a central location.  Legal and compliance teams can easily perform unified complex searches across both unstructured content and metadata, obtaining statistical insight into the data in minutes, and full results with completed collection in hours, instead of days or weeks. Built on our award-winning and patented X1 Search technology, X1DD is the first product to offer true and massively scalable distributed data discovery across an organization. X1DD replaces expensive, cumbersome and highly disruptive approaches to meet enterprise discovery, preservation, and collection needs.


Enterprise eDiscovery collection remains a significant pain point, subjecting organizations to both substantial cost and risk. X1DD addresses this challenge by starting to show results from distributed data across global enterprises within minutes instead of today’s standard of weeks, and even months. This game-changing capability vastly reduces costs while greatly mitigating risk and disruption to operations.

Targeted and iterative end point search is a quantum leap in early data assessment, which is critical to legal counsel at the outset of any legal matter. However, under today’s industry standard, the legal team is typically kept in the dark for weeks, if not months, as the manual identification and collection process of distributed, unstructured data runs its expensive and inefficient course.  To illustrate the power and capabilities of X1DD, imagine being able to perform multiple detailed Boolean keyword phrase searches with metadata filters across the targeted end points of your global enterprise. The results start returning in minutes, with granular statistical data about the responsive documents and emails associated with specific custodians or groups of custodians.

Once the legal team is satisfied with a specific search string, after sufficient iteration, the data can then be collected by X1DD by simply hitting the “collect” button. The responsive data is “containerized” at each end point and automatically transmitted to a central location, where all data is seamlessly indexed and ready for further culling and first pass review. Importantly, all results are tied back to a specific custodian, with full chain of custody and preservation of all file metadata.

This effort described above — from iterative distributed search through collection, transmittal to a central location, and indexing of data from thousands of endpoints — can be accomplished in a single day. Using manual consulting services, the same project would require several weeks and hundreds of thousands of dollars in collection costs alone, not to mention significant disruption to business operations. Substantial costs associated with over-collection of data would mount as well.

X1DD operates on-demand where your data currently resides — on desktops, laptops, servers, or even the Cloud — without disruption to business operations and without requiring extensive or complex hardware configurations. Beyond enterprise eDiscovery and investigation functionality, organizations can offer employees the award-winning X1 Search, improving productivity while maintaining compliance.

X1DD will be featured in an April 19 webinar with eDiscovery expert Erik Laykin of Duff & Phelps. Watch a full briefing and technical demo of X1DD and find out for yourself why X1 Distributed Discovery is a game-changing solution. Or please contact us to arrange for a private demo.

Leave a comment

Filed under Best Practices, Corporations, Desktop Search, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, Information Governance, Information Management, Preservation & Collection, X1 Search 8

Enterprise eDiscovery Collection Remains Costly and Inefficient

2016 marks my sixteenth year as a senior executive in the eDiscovery business. I began my career as a co-founder at Guidance Software (EnCase), serving as General Counsel, CEO and then Vice Chairman and Chief Strategy Officer from 1999 through 2009. After becoming the dominant solution for computer forensics in the early part of the last decade, Guidance set out to define a new field — enterprise discovery collection. Despite a good foundational concept, a truly scalable solution that could search across hundreds, or even thousands, of enterprise endpoints in a short period of time never came to fruition. To date, no other eDiscovery vendor has delivered on the promise of such a “holy grail” solution either. As a result, eDiscovery collection remains dominated by either unsupervised custodian self-collection, or manual services.



Organizations employ limited technical approaches in an effort to get by, and thus enterprise eDiscovery collection remains a significant pain point, subjecting organizations to both significant cost and risks. This post is the first of a two part series on the status of the broken enterprise eDiscovery collection process. Part two will outline a proposed solution.

Currently, enterprises employ four general approaches to eDiscovery collection, with two involving mostly manual methodologies, and the other two predominantly technology-based. Each of the four methods are fraught with inefficiencies and challenges.

The first and likely most common approach, is custodian self-collection, where custodians are sent manual instructions to search, review and upload data that they subjectively determine to be responsive to a matter. This method is plagued with severe defensibility concerns, with several courts disapproving of the practice due to poor compliance, modifying metadata, and inconsistency of results. See Geen v. Blitz, 2011 WL 806011, (E.D. Tex. Mar. 1, 2011), Nat’l Day Laborer Org. v. U.S. Immigration and Customs Enforcement Agency, 2012 WL 2878130 (S.D.N.Y. July 13, 2012).

The second approach is manual services, usually performed by eDiscovery consultants. This method is expensive, disruptive and time-consuming as many times an “overkill” method of forensic image collection process is employed. It also often results in over collection, as the collector typically only gets one bite at the apple, thus driving up eDiscovery costs. While attorney review and processing represent the bulk of eDiscovery costs, much of these expenses stem from over-collection, and thus can be mitigated with a smarter and more efficient process.

When it comes to technical approaches, endpoint forensic crawling methods are employed on a limited basis. While this can be feasible for a small number of custodians, network bandwidth constraints coupled with the requirement to migrate all endpoint data back to the forensic crawling tool renders the approach ineffective. For example, to search a custodian’s laptop with 10 gigabytes of email and documents, all 10 gigabytes must be copied and transmitted over the network, where it is then searched, all of which takes at least several hours per computer. So, most organizations choose to force collect all 10 gigabytes. The case of U.S. ex rel. McBride v. Halliburton Co.  272 F.R.D. 235 (2011), Illustrates this specific pain point well. In McBride, Magistrate Judge John Facciola’s instructive opinion outlines Halliburton’s eDiscovery struggles to collect and process data from remote locations:

“Since the defendants employ persons overseas, this data collection may have to be shipped to the United States, or sent by network connections with finite capacity, which may require several days just to copy and transmit the data from a single custodian . . . (Halliburton) estimates that each custodian averages 15–20 gigabytes of data, and collection can take two to ten days per custodian. The data must then be processed to be rendered searchable by the review tool being used, a process that can overwhelm the computer’s capacity and require that the data be processed by batch, as opposed to all at once.”

Halliburton represented to the court that they spent hundreds of thousands of dollars on eDiscovery for only a few dozen remotely located custodians. The need to force-collect the remote custodians’ entire set of data and then sort it out through the expensive eDiscovery processing phase, instead of culling, filtering and searching the data at the point of collection drove up the costs.

And finally, another tactic attempted by some CIOs to attempt to address this daunting challenge is to periodically migrate disparate data from around the global enterprise into a central location. This Quixotic endeavor is perceived necessary as traditional information management and electronic discovery tools are not architected and not suited to address large and disparate volumes of data located in hundreds of offices and work sites across the globe.  But, boiling the ocean through data migration and centralization is extremely expensive, disruptive and frankly unworkable.

What has always been needed is gaining immediate visibility into unstructured distributed data across the enterprise, through the ability to search and collect across several hundred endpoints and other unstructured data sources such as file shares and SharePoint, and return results within minutes instead of days or weeks. None of the four approaches outlined above come close to meeting this requirement and in fact actually perpetuate eDiscovery pain.

Is there a fifth option? Stay tuned for my next post coming soon.

Leave a comment

Filed under Best Practices, Case Law, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, Information Governance, Information Management, Preservation & Collection

A Series of Firsts: How X1 Sets the Standard for the New Enterprise Search Market

by Barry Murphy

The new world of IT demands that enterprise software support varying infrastructures – traditional managed data centers, the cloud, hybrid and virtual environments.  As a result, old-school approaches that once seemed logical no longer work in today’s reality.  For example, tightly-coupled search appliances that marry hardware and software together no longer meet the requirements of enterprises that need to make distributed workers more productive no matter what kind of device they are on.  It’s a new world for enterprise search and traditional solutions will have a very hard time adapting and scaling.

X1 is ready for the IT reality of always-on, virtual, cloud, and hybrid environments and business mobility.  This is evidenced by two “firsts” that X1 is proud to announce.  First, X1 is the first search application with an app publicly available in an Enterprise Mobility Management (EMM) app store.  X1 Search Mobile is available in the AirWatch marketplace.  Given the rapid move to mobile devices for work, this is no small news.  Google just announced on Friday that searching the web is now predominantly done from mobile phones.

Click to enlarge image

Click to enlarge image

It’s clear, then, that enterprise search from the mobile device is now an essential requirement for business professionals.  The mobile search app is important, but what X1 is building out is much more than that.  In order to effectively deliver enterprise search from the mobile device requires having the back-end infrastructure to support full enterprise search in virtual environments.  It also requires supporting the next-generation desktop (VDI or DaaS) where the users live. X1 has uniquely mastered such back-end infrastructure with the only desktop search (VDI or otherwise) and enterprise search solution that are VMware Ready certified.

The second “first” that X1 is proud of is the listing of X1 Rapid Discovery in the Amazon AWS Marketplace.  Again, this is no small feat – this is the first enterprise-grade search and eDiscovery application to be available in the AWS Marketplace.

AWS marketplace

Click to enlarge image

Organizations storing content in AWS can now get full-featured enterprise search and eDiscovery deployed right next to their content.  And, if these organizations store other content locally, they can deploy Rapid Discovery in their own data center as well and have a single-pane-of-glass across all information no matter where it lives.

X1 will continue to provide solutions that work in the infrastructures that organizations utilize today.  The traditional approach to search will not work, but with X1, companies will have the flexibility to deploy into any environment and give users a powerful search experience on any device.  That is a powerful productivity tool – and businesses require worker productivity the same way humans require oxygen.  It is a new enterprise search market out there and X1 is uniquely positioned to lead the charge.

1 Comment

Filed under Cloud Data, eDiscovery, Enterprise eDiscovery, Hybrid Search, Information Management

Amazon Re:Invent – With the Cloud, Avoid Mistakes of the Past

Last week, I had the opportunity to attend the Amazon Re:Invent conference in Las Vegas. Over 13,000 people took over the Palazzo for deep dive technical sessions to learn how to harness the power of Amazon Web Services (AWS). reinventThis show had a much different energy than other enterprise software conferences, such as VMworld.  Whereas most conferences feature a great deal of selling and marketing by the host, Amazon Re:Invent was truly more of a training show. Cloud architects spent a lot of time in technical bootcamps learning how AWS works and getting certified as administrators.

That is not to say that there was no selling or marketing going on; the exhibition hall featured myriad vendors that augment or assist with AWS deployments and solutions. The focus on the deep technical details, though, does point out the fact that we are still in the very early days of the cloud. Most of the focus of the keynotes was about getting compute workloads to the cloud – there was not a lot of mention of moving actual data to the cloud, even though that is certainly beginning to happen.  But, that is how the evolution goes. IT departments need to be comfortable moving workloads to the cloud as they begin to leverage the cloud. Building this foundation is also important to Amazon – the goal would be for many companies to completely outsource the IT data center.

It is important, however, to proactive plan for information management as more workloads and, importantly, data move to the cloud.  As the internet first emerged, companies dove into new technologies like email and network file shares only to create eDiscovery nightmares and make it virtually impossible to find information within digital landfills. It is key to learn from those mistakes rather than to repeat them when leveraging cloud-based technologies. In order to ensure both that end-users are happy with search experiences on data in the cloud and that Legal can do what they need to do from an eDiscovery standpoint. This means providing business workers with unified access to email, files, and SharePoint information regardless of where the data lives. It also means giving Legal teams fast search queries and collections. But, Cloud search is slow, as indexes live far from the information. This results in frustrated workers and Legal teams afraid that eDiscovery cannot be completed in time.

If a customer wanted to speed up search, it would have to essentially attach an appliance to a hot-air balloon and send it up to the Cloud provider so that the customer’s index could live on that appliance (or farm of appliances) in the Cloud providers data center, physically near the data. There are many reasons, however, that a Cloud provider would not allow a customer to do that:

  • Long install process
  • Challenging Pre-requisites
  • 3rd party installation concerns
  • Physical access
  • Specific hardware requirements
  • They only scale vertically

The solution to a faster search is a cloud-deployable search application, such as X1 Rapid Discovery. This creates a win-win for Cloud providers and customers alike. As enterprises move more and more information to the Cloud, it will be important to think about workers’ experiences with Cloud systems – and search is one of those user experiences that, if it is a bad one, can really negatively affect a project and cause user revolt. eDiscovery is also a major concern – I’ve worked with organizations that moved data to the cloud before planning how they would handle eDiscovery. That left Legal teams to clean up messes, or more realistically, just deal with the messes. By thinking about these issues before moving data to the cloud, it is possible to avoid these painful occurrences and leverage the cloud without headaches. At X1, we look forward to working closely with Amazon to help customers have the search and eDiscovery solutions they need as more and more data goes to AWS.

Leave a comment

Filed under Cloud Data, eDiscovery & Compliance, Enterprise eDiscovery, Enterprise Search, Hybrid Search, Information Access, Information Governance, Information Management

SharePoint Search: Beyond eDiscovery

by Barry Murphy

I had the pleasure of conducting a SharePoint eDiscovery webinar with Patrick Burke of Reed Smith for the OLP last week.  The subject is fascinating because finding, preserving, and reviewing SharePoint content in the litigation/investigation context can be so challenging.  The metadata users add to content (e.g. workflow tasks), the web page interface that creates more native ESI than just a document, and the decentralization of SharePoint deployments make eDiscovery for SharePoint a topic unto itself.  Often lost in this topic is the issue of end-user search of SharePoint.

When I talk about end-user search in SharePoint, most people just assume that the search functionality baked in to the product (Microsoft acquired FAST Search & Transfer several years back) is enough.  In some cases, that will be correct, but in others it does not work to give business users efficient access to information.  Some companies have standardized on SharePoint as an enterprise content management (ECM) platform while others have some departments that use SharePoint for sharing files and managing specific business processes.  In either situation, the reality is that business workers store information in multiple places – SharePoint, email, network file shares, etc.  To find that information is often a frustrating task of switching from application to application only to have a subpar search experience.

Consider the screenshot below of a search experience in SharePoint:

SharePoint blog 1

Click to enlarge

The experience leaves something to be desired in that I have to execute several more clicks on the left to do any kind of filtering and, in the result set itself, it is very difficult to know if any of these are the document I am looking for because I can’t see the document itself.  I would need to open it first.  In addition, as a business worker, I probably don’t know if I should be looking in email, file shares, or SharePoint for the document I need.  I know I saw it somewhere, but can’t remember where.  In this search experience, if I don’t find what I am looking for in SharePoint, I now have to go search my email and then my file system.  It adds up to a waste of time.

Now, consider a unified, single-pane-of-glass approach:

SharePoint blog 2

Click to enlarge

In this user interface, I can search across email, files, and SharePoint.  I can see a full-fidelity preview of the attachment.  I can refine on any kind of metadata.  It is a positive search experience that is helpful and allows me to be efficient.  More and more people realize now that this unified access to information is critically important. That may be why SharePoint guru Joel Oleson said, after a X1 Search 8 product demo, “the great news is seeing unified search across the variety of platforms [email, file shares, SharePoint] in a single powerful desktop product priced very reasonably.”  It’s because business workers really do need that unified interface across all information.  To be forced to move from email to SharePoint just to run a search can be frustrating and time consuming.  For SharePoint administrators, not having to worry about a user’s search experience in SharePoint is liberating.  When business workers and IT administrators are both happy, the world is a better place.

Read Joel Oleson’s complete review of X1 Search 8 here >


Leave a comment

Filed under Cloud Data, Enterprise eDiscovery, Enterprise Search, SharePoint, Uncategorized