Cloudy Laws II – Only 65 Challenges to eDiscovery Forensics in the Cloud

Among the many types of challenges presented by the adoption of cloud computing are those involving computer forensics. Computer forensics can be thought of as the set of tools and techniques that make eDiscovery possible and reliable. It is defined in Wikipedia as, “a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media.” The National Institute of Standards and Technology (NIST) Information Technology Laboratory (ITL) defines cloud computing forensic science more specifically as, the application of scientific principles, technological practices and derived and proven methods to reconstruct past cloud computing events through identification, collection, preservation, examination, interpretation and reporting of digital evidence As with other legal evidence, digital evidence is subject to challenge in court. It has to be what it purports to be. Therefore, the accurate identification of the creator, custodian, chain of custody, authenticity and other attributes of digital evidence is essential in any eDiscovery setting. Essentially, a computer forensic investigation must locate and identify “documents” and other information that can be traced to the actions, knowledge and information available to parties and other witnesses involved in a lawsuit, arbitration or investigation While a number of technical tools and techniques have been developed to …

Read more

Cloudy Laws – Cloud Computing Security and Legal Challenges

Cloud computing presents innumerable opportunities and brings with it enormous security and legal challenges. While there is no single accepted definition of the “cloud,” the National Institute of Standards and Technology created a reference model in 2011. NIST defined cloud computing by describing its five essential characteristics, three service models, and four deployment models. (NIST Special Publication 800-145) Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Essential Characteristics Service Models Deployment Models On demand self service Broad network access Resource Pooling Rapid Elasticity Measured Service Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) Private Cloud Community Cloud Public Cloud Hybrid Cloud The rapid increase in the availability of cloud computing solutions ranging from Enterprise systems, to Office 365, to the ad hoc use of unencrypted Dropbox accounts, has profound implications for privacy, information security, eDiscovery and legally defensible document retention policies. Hardly a day passes without news of another serious security breach or weakness. The security risks and the costs of misjudgments, mistakes or …

Read more