I started off this little series of posts with a reference to e-discovery, and this is where the real benefits of data-classification come in. E-discovery is the process of investigating issues after a breach, during audit or for compliance/legal purposes. It can be expensive. Not only in terms of the initial breach, audit, etc. but also in terms of man hours, equipment and consultancy spent in trying to catch the culprit, prove compliance or back up claims. There are a few e-discovery companies out there, (Kazeon, Guidance Software, Archivas) and each one of them claims to save thousands if not millions of dollars doing what they do. So what is that?
In a nutshell, it is the process of collecting, searching, preserving and analysing digital information. All of these processes are simple enough, but keeping them all managed together is a real problem. Imagine for a moment that your data is properly classified however. The data will already be in a state where the processes become simpler. The real issue then is the gaps, not the processes. I find this very interesting, because it feels like proper security at last.
And there are some real security issues here:
- If I have collected information from a system, how do I know that information hasn't already changed en route to collection?
- How do I know it hasn't been seen and manipulated, or copied?
- Between collection and searching, how do I know the index hasn't changed, and therefore the information I am now looking at is redundant?
- How can I preserve information without it becoming prohibitively expensive?
- When I want to analyse this information, how do I know I'm analysing the right things?
I guess e-discovery isn't big business in the US yet either? Odd, seeing as how the savings claims are in the millions of dollars. The first company to produce a truly secure e-discovery platform will be raking it in. I just hope it isn't MS or Google.
The other questions have yet to be asked and answered, but I'm going to be asking them in the next few weeks and months. I'd be interested to hear other people's views on this.