Index Engines Announces Program to Jumpstart Readiness for the GDPR

New Three-Month Program Helps Organizations Support Unstructured Data Classification in Support of Compliance with Governance and Privacy Initiatives.

HOLMDEL, NJ – Information management software company Index Engines announced the Governance Readiness Starter Bundle Wednesday, a rapidly deployable 3-month software and services solution that empowers clients to get started in classifying unstructured user data in support of industry regulations and compliance requirements, including the upcoming GDPR.

The Governance Readiness Starter Bundle includes metadata classification of unstructured files where data is organized based on value, including the tagging of redundant obsolete and trivial (ROT) content that no longer has business value.  Following this three-month jumpstart, additional software and services can be deployed to provide more comprehensive solutions, including data migration and minimization as well as full-content search and archiving.

“This bundle is designed to help organizations understand their data assets, so they can clean and classify them to prepare for the GDPR and other governance initiatives,” Index Engines Vice President Jim McGann said. “With the GDPR just months away and many organizations unsure of where to start, this program is that starting point and can easily be expanded to satisfy the challenges faced with respect to unstructured data management.”

Index Engines’ engineers remotely manage the project and work with the organization throughout the 90-day process.

This 3-month term license provides all the software and services you need to get started and manage a 50TB ($18,150), 100TB ($27,200) or 250TB ($49,300) project within the data center. Following this 3-month term clients can transition to additional capacity and licensing terms.

This program is divided into six easy-to-implement steps:

  • Project Prep/Kickoff: Plan engagement with customer project team
  • Install/Training: Install, validate and train on Index Engines software
  • Indexing Setup: Configure indexing jobs and schedules
  • Index Monitoring: Monitor and tune Index Engines processing jobs
  • Report/Consultation: Develop data classification reports and review with client
  • Project Wrap-up: Review project and develop a plan for next steps

“When we talk to organizations who want to start a governance initiative, they never know where to start. The Governance Readiness Start Bundle empowers organizations to look at high-risk file servers like the finance server or a file share server and understand what data exists and start the cleanup process,” McGann said. “Our software along with the professional services bundled in makes compliance possible at a reasonable price without taxing company personnel.”

Learn more about Index Engines’ Governance Readiness solutions by emailing info@indexengines.com, visiting http://www.indexengines.com/partners/services/governance-readiness-program  or registering for our upcoming webinar www.indexengines.com/gdpr-webinar

Deletion has to be Defensible, even for the IRS

The painful lesson learned when ignoring backup tapes as part of your defensible deletion and data governance policies

DefDel email

by, Jim McGann

Lois Lerner’s emails are gone. We know this, but more than a server issue or hard drive crash, the backup tapes that archived the untampered with and complete records of those emails were destroyed.

Now, it could cost IRS Commissioner John Koskinen his job. 18 US Congressman are seeking impeachment against Koskinen on the grounds of his “failure to check Lerner’s cell phone and backup tapes that contained missing emails related to the scandal.”

According to a Wall Street Journal article, there are a few points that Koskinen is being accused of, all which could have been avoided with a proper data governance policy and documentation of the policy.

  1. “In February 2014 Congress instructed Koskinen to supply all emails related to Lerner… A few weeks after the subpoena, IRS employees in West Virginia erased 422 backup tapes, destroying up to 24,000 Lerner emails.”

Tapes need to be incorporated into governance policies. Had these tapes been part of a defensible deletion or information governance policy, they likely would have been managed properly and treated as records or defensibly deleted as a part of the normal IT process.

  1. “The second charge cites “a pattern of deception” and three “materially false” statements Koskinen has made to Congress, under oath, including his assurances that no Lerner emails had been lost. In fact Lerner’s hard drive had crashed and employees erased tapes.”

After disaster recovery, tapes can become a defacto archive. Once a tape is no longer useful for disaster recovery, it’s nothing more than a snapshot of data. Despite any legal claim stating otherwise, they serve no other purpose except for a defacto archive and should be treated as such. Financial burden and inaccessibility arguments are also becoming null and void.

  1. “A final charge accuses Koskinen of incompetence, noting how despite his insistence that his agency had gone to “great lengths” to retrieve lost Lerner emails, the IRS failed to search disaster backup tapes, a Lerner BlackBerry and laptop, the email server and its backup tapes. When the Treasury Inspector General did his own search, he found 1,000 new Lerner emails in 14 days.”

Data – email included – never dies (easily). When creating policy, it’s important to understand where the data goes: desktop, secondary hard drive, server, backup tapes, disk, archive. By understanding this and creating (and auditing) policy restricting portable devices, PSTs and other places data can go, an organization can more effectively create an enforceable policy and manage risk and liability.

Data, including what is archived on backup tapes, must be properly audited and managed. When data is deleted without an understanding of why, how and when, problems inherently arise, especially if this data is at the heart of high profile litigation. All data – especially data on backup tapes – should have a governance policy surrounding it to make it defensible and avoid the pitfalls of the IRS.

Exercise defensible deletion with Index Engine’s Catalyst software

The hardest part of creating and enforcing defensible deletion policies around data retention within your data center is understanding what and where data exists. PSTs, former employee files and duplicate data get lost over time and become near impossible to gauge.

Data profiling creates the map so you can construct information management, defensible deletion or other retention policies. Built-in capabilities within the catalyst engine make the process simple, defensible and automated.

Many organizations find that using data profiling to determine disposition, significant actions can occur which result in cost and resource savings. Many organizations find that as much as 22 percent of data is abandoned, 14 percent aged and has had no access in more than 3 years, 24 percent duplicate content, 6 percent personal multimedia files (iTunes, video, vacation pictures, etc) that have no business value and 18 percent risk based data for legal and compliance.

Using Catalyst’s data profiling module a comprehensive understanding of what exists is available on your network. Working with the business users a plan can be defined to determine the disposition of the content.

Built-in disposition capabilities include:

Deletion with validation – Manage the defensible deletion of unstructured data using validation to ensure the content has not changed since it was profiled. Validation checks the modified date or optionally the signature of the document.

Copy – migrate or tier data to any network share. Data will be copied and stored on a less expensive or more appropriate location.
Move – copy data to a new location, validating that it was migrated correctly, followed by a delete from the original location will result in a data move. This process ensure that content is migrated accurately and reliably.
Defensible audit logs – As disposition of the data is performed, including deletion, logs will be maintained that detail the date and disposition of the document, including the user that executed the disposition.
Output listings – full path and filename listings are available allow the use of 3rd party tools and utilities to manage disposition. This would include options to encrypt data.

Leveraging Data Profiling For Achievable Projects

More than ever before, organizations want to know what kinds of information are stored within the IT infrastructure. Why? Because this information bogs down critical production systems like email and collaborative document management, costs money to store, and presents massive risk if not managed correctly. Few organizations truly understand the makeup of their digital landfills. But, that is soon to change. According to a recent eDiscoveryJournal survey, more than 50% of organizations plan shared drive migration and clean-up projects – more than any other named information governance projects.

These projects aim to defensibly delete unnecessary, outdated, or duplicative information while keeping valuable knowledge or content that is on Legal Hold. This is not just a nice corporate “house keeping” idea; it is now a necessity due to the high growth rate forecast by business analysts. McKinsey Global Institute, for example, projects data to grow at 40% per year; thus making it virtually impossible to effectively and economically store and manage organizational information without some form of culling.

In order to do this, organizations need to efficiently profile data. This insight into information can help get past analysis paralysis to clear digital landfills. In this webinar, eDJ Analyst Greg Buckles and XYZ will examine practical approaches to data profiling and how to set organizational goals. We will example the approaches to information governance, such as managing data in-place, dealing with Legal Holds, selecting targets for profiling, and information classification. We will examine case studies focused on PST audits and profiling for disposition. Finally, this webinar will offer pragmatic advice on how to use data profiling to achieve immediate results today while building out a larger information governance strategy and plan.

Space is limited. Register now.

Defensible deletion reason #372: Unmanaged, unstructured emails are a fire waiting to start

Over time, email piles up in massive servers, archives, even users desktops and it becomes like a matchbook underneath a child’s bed. Alone, it causes no threat and just sits there, waiting. They can go years and even a lifetime without ever causing a problem.

While no one would leave a matchbook underneath a child’s bed, as it’s completely unfathomable, few think twice about their email servers.

But, why such a visceral reaction to leaving a matchbook in a kid’s room? The matches are not going to burst in to flames, they won’t just spark old comic books and baseball cards, and matches are not the easiest thing to start – even as an adult. We take precautions because of what could happen if those matches got into the wrong little hands.

So why do we just hoard email on servers, desktops and even on legacy backup tapes when there are harmful matches among them? Within the millions of email are Social Security numbers, contracts, legal documents, regulatory compliance papers and emails that can no longer be properly interpreted. Like the matchbook, this dark data just sits there. They don’t just expose themselves, they don’t just jump through firewalls and they aren’t just going to send themselves.

Yet, all it takes is one set of wrong hands and a fire can quickly develop. Thieves search for personally identifiable information that can cause loss of customers, FTC interference and identity theft. Legal and regulatory documents can’t be found or end up in the wrong hand causing fines and penalties. Plus, don’t forget all the money needed to repair and upgrade fire walls and pay legal fees associated with breaches.

Just like a parent sets the rules, compliance, legal, IT, records managers or another guardian needs to set policies surrounding emails. Retention policies, containing both archiving and deletion policies, should be in place to govern data. One leading analyst group recently estimated that less than one percent of companies actively have and enforce an information governance policy.

Much of this goes back to the tools – how do you set policy around data when you don’t know what exists or where? It’s near impossible to understand unstructured data and uncover all those pesky, hidden PST files. But now the technology exists in the form of unstructured data profiling.

Data profiling, sometimes called file analysis, is a process where all forms of unstructured files and email are analyzed and the user is provided a searchable ‘map’ and comprehensive summary reports of the metadata including type of information that exists, where it is located, who owns it, if its redundant, and when it was last accessed.

Optionally data profiling can look beyond metadata and go deep within documents and email for content supporting eDiscovery keyword searches or even personally identifiable information (PII) audits for sensitive content such as Social Security or credit card numbers.

Not only does the technology exist, but it exists at a price point that makes it affordable to deploy, leaving no room for excuses why the matches in the email server and hoping the wrong pair of hands doesn’t find it. Even for those that don’t want to throw out or move the matches – it’s imperative that you at least know the matches are there so they aren’t left next to the comic books.

Unfortunately, many won’t find the motivation to find, expose and isolate the matches until after a breach, but those that see the proactive importance of simply knowing what data is being stored, visit http://www.indexengines.com/solution-data-profiling-assessment.html or contact info@indexengines.com

Data profiling: Bridging the gap between Legal and IT

One of the key challenges, as you know, is getting legal and IT to communicate. They have not had a common language – language that allows them to understand each other and build policies. This language is based on knowledge – knowledge of data assets. Without this knowledge they have nothing to discuss. ata profiling is the knowledge or language that allows IT and legal to communicate and build sound polices.

Check out this column on Bridging the Gap Between Legal and IT in Legal IT Professional.

Defensible Deletion Webinar: Tame Risk Hidden in Legacy Archives

Join Index Engines and Vedder Price Thursday, March 14 for a look into defensible deletion

Is old data jeopardizing your organization?

Massive volumes of content are created every day and as this content ages it fades into the background and becomes a challenge and a risk to manage.

Backup tapes represent a major aspect of this legacy data. They embody archives of user content, from sensitive email communications to critical contracts and agreements.

But there are innovative, automated ways to manage defensible deletion policies, manage data risks and control costs. Find out more during an exclusive webinar presented by Index Engines and Vedder Price, Thursday March 14 at 1 pm ET. Register now.

It’s a real problem that’s costing organizations millions in litigation and eDiscovery costs.  Stockpiles of hidden data contain unknown risk and liabilities.

Managing this data and ensuring it complies with current information governance policies is an ongoing, complex challenge.

This webinar will give real-world new approaches towards reducing legacy data, controlling its cost, and managing the content that can be enacted immediately. Register now. 

Presenters
Bruce Radke, Shareholder, Vedder Price
Jim McGann, Vice President Marketing, Index Engines

Defensible Deletion & Tape Remediation

Defensible Deletion & Tape Remediation

Purge obsolete mystery data and manage the risk of the unknown

 It is much easier for an organization to save everything versus making decisions about what data should be retained and what should be purged. In fact, many organizations continually increase storage capacity and create massive stockpiles of unmanaged content which has outlived its usefulness.

But as data piles up and systems change, what is stored where becomes overwhelming. As data ages and grows, it can no longer be managed because of sheer size and complexity. Even worse, much of the data has outlived its usefulness or is not compliant. All of this data is ROT – redundant, outdated and trivial. Index Engines helps companies by uncovering what data exists and making defensible deletion policies enforceable. Even content on legacy backup tapes can be made easily accessible and manageable without system restoration.

 Defensible deletion for litigation

Smoking gun emails frequently have negative impacts on key lawsuits. Sensitive working documents that are no longer required for business purposes often end up in the wrong person’s hands creating a corporate liability and media frenzy. Files and email from ex-employees easily become a burden to any firm if kept online or even in offline backup tape archives.

Defensible deletion manages long term liability and enables user data to be known and either archived or remediated according to policy. This is a proactive strategy done in advance of litigation by systematically deleting what has no value before it can be exposed, misinterpreted or breached. At the same time, sensitive documents that have business value are secured according to compliance policies in case of eDiscovery.

Defensible deletion to reclaim IT budgets

 Servers and user shares get clogged with duplicate information, personal multimedia files and aged data… then they are moved to a virtual wasteland of information. The data still has to be saved because there could be valuable business data on them, but every year more and more of your IT budget is eaten away by storage costs.

Index Engines helps by creating a searchable profile of what exists and allows you to defensibly delete duplicates and what is no longer required while culling information needed for legal hold or that has other business value. Most companies find that 40-70 percent of their aged user data has no business value, and that backup tapes contain up to 99% percent useless data. Defensible deletion helps IT reclaim this storage capacity and manage hidden liability.

Oh, those tapes too

 Index Engines is architected to add intelligence to enterprise-class data environments. Patented engines scan a wide range of data sources including online networks, email servers, and offline backup tapes to provide a profile of the content. All documents, corporate email, hidden pst’s, and legacy content backed up by IT can be seen and disposition determined. Only Index Engines can provide this breadth and depth of knowledge across all enterprise data assets.

The most complex projects surround legacy backup tapes. Index Engines brings you direct indexing and extraction to significantly streamline the collection of valuable records from tape. With Index Engines, extraction of content from tape does not require the original backup software to access tape content making the process cost effective and less complex. Additionally, extraction leverages the index to understand data at a file and email level. Using direct indexing and extraction you can review the contents on tape, find relevant content and extract what is interesting from tape.

Contact us today to access antiquated storage and free yourself from risk. (732) 817-1060

Defensible Deletion Webinar: Deadlines, Defensibility and Dollars – eDiscovery Best Practices

Join Index Engines Thur, March 7th for this exclusive web event
We understand service providers face a growing challenge from their clients – the completion of more complex projects under stricter deadlines and budgets with less man hours.

But, there’s a solution we’d like to share with you.

Discover how to keep your cost and man power resources in line while completing projects on deadline with extreme accuracy during an exclusive webinar brought to you by Index Engines, the leader in high speed ESI collection and management.

In less than 60 minutes, you’ll uncover how eDiscovery Service Providers:

Deliver culled data that is de-duplicated and metadata filtered days ahead of their deadline and competition, expediting the culling process,
Secure the integrity of findings and make it defensible using a single interface that allows for unified identification and capture of unique ESI from multiple sources, and
Accurately predict cost by deciding on a pricing model – project, subscription or custodian based – that is the most cost effective for your business.

Register now for this complimentary best practices webinar, on Thur, March 7th at 2:00PM EST and discover how top eDiscovery Service Providers are developing their business by focusing on: deadlines, defensibility and dollars.

About Index Engines’ eDiscovery model
Index Engines’ high speed ESI collection and management platform makes the eDiscovery process time and cost efficient; enabling eDiscovery service providers to complete more complex projects under stricter deadlines and budgets with less man hours. With our best-in-breed integrated workflow, we concentrate on your Deadlines, Defensibility and Dollars.

 

For more information on defensible deletion, go to www.indexengines.com

Another reason for defensible deletion – out of context emails

Out of context emails make your company look “scandalous” – another plug for defensible deletion

The news of more leaked emails is making their way around the blogosphere, including one of our favorites over at Yahoo Finance.

Henry Blodget of the Daily Ticker brings up an intriguing point, no matter how many policies you put in place or how much you hope that your employees have common sense – ‘knucklehead emails’ still get sent out.

I call them ‘knucklehead emails’ because the ones I refer to have no malice associated with them, they’re just not well thought out, like joking about a gambling spree with the petty cash. Sure, to the writer it’s funny because there’s only $10 available and the recipient knows it, but to the outside reader one year later, not so funny. It’s completely harmless until taken out of context. (The ones with malice and cover-up attempt, that’s a difference topic for another day.)

Every company has at least a handful of “knucklehead emails” somewhere in their database whether it’s football pools (Gambling), the sending of a credit card number (PII violation), or the forwarding of a joke (Sexual harassment). In today’s hyper-sensitive and over-regulated world, if those emails got out, yours could be the next company sharing a headline with the word ‘scandalous.’

The key to preventing these situations is being aware of what information exists and making decisions on it. After all, does your information governance policy really exist if there’s no one there to enforce it? Understanding what exists by adding a data profiling policy to your information governance plan is a start. Parameters can also be set to start a defensible deletion policy for information that has no business value.

The only thing a forwarded chain mail from an ex-employee that hasn’t been viewed in seven years can do is come back to hurt you. The harsh truth is, your email servers are filled with valueless emails waiting to find their way out in to the open. Organizations need to be proactive to protect their consumers and themselves.

The ‘keep everything’ policy does more than just inflate your storage costs, it puts you in line to be the next “scandalous” company.

For more information on protecting your company from “knucklehead emails” contact info@indexengines.com or go to http://www.indexengines.com

A blog by Index Engines