In eDiscovery in the Cloud and On-Premises, I discussed the four leading eDiscovery platform deployment options: in the cloud; on your premises; as a cloud/on-prem hybrid; and as a mobile offering, installed on an appliance or laptop.
In this post, I will address how you can determine which deployment model – or combination of models – is likely to best meet your needs, accommodate your workflow, and fit in your budget.
Of course, no single deployment model is best for all situations, and a single organization might decide its interests are best met by deploying two or more models simultaneously. To make an informed decision about which model or models to use, you will have to look at your particular requirements, wants, and circumstances. You also will need to factor in the specific eDiscovery software and legal technologies you are considering deploying, as not all tools work in all settings.
Deployment Options Recap
As discussed in greater detail in the earlier post, there are four main deployment options for eDiscovery platforms: Cloud, on-premise, hybrid, and mobile.
Cloud computing comes in several models, most prominently public, private, and hybrid, and in several categories, in particular SaaS, IaaS, and PaaS. With a public cloud, a third-party provider manages on-demand computing services and infrastructure. A private cloud differs from a public cloud in that with the former an organization hosts cloud computing and infrastructure resources privately, either on its own intranet or at a data center of its choosing. A hybrid cloud is a mixed environment, using some combination of public cloud, private cloud, and on-premise infrastructures.
With an on-premise approach, software, hardware, and additional infrastructure for applications or platforms reside within an organization’s literal or figurative four corners. For a small organization, on-premise might mean a computer or two in a closet, likely with attached storage and backup systems. A larger institution may have a dedicated computer room containing servers, storage, and backup systems screwed into racks, physical security measures such as entry keypads, and power backup systems, or it may use one or more external data centers.
Hybrid models are a combination of cloud and on-premise. A hybrid option allows clients to decide which functions they want to take on themselves and which ones they prefer to operate in the cloud.
For mobile options, the same software that might be deployed in the cloud or on-premise is installed on a computer, allowing you to take the computer to the ESI instead of the other way around.
Who Am I?
To determine which model or models make the most sense for you, the first step is to define yourself. Who you are and what you do can be a critical factor in determining which deployment options best meet your needs.
Corporations and Government
Corporate and governmental in-house legal teams generally need to work within a larger organizational framework. Your company’s information governance or IT policies, for example, might prohibit you from processing data in the cloud – driving you toward on-premise and mobile options.
Laws, rules, and regulations might limit your options. If your organization is a HIPAA-covered entity, the organization will have to negotiate and enter into a business associate agreement (BAA) with a cloud provider before it will be permitted to store records containing personal health information (PHI) in the provider’s cloud computing facilities, as noted in Bryan Cave Leighton Paisner’s Cloud Computing 2020.
Volume can matter, as well. Corporations can have large volumes of ESI they need to work with on a limited basis and only smaller volumes that require more robust treatment. A company might have 100 TB of data under legal hold. It might be able to park 80 TBs locally and leave that untouched: no processing, no indexing, no document review. It might be able to lean on local functionality, such as deduplication deployed on-premises, to narrow the volume further. That way, the company could send only a small portion of the data to eDiscovery software deployed in the cloud where machine learning and advanced analytics would be used.
Law Firms
Different factors drive law firm decisions about which deployment options to adopt. Maintaining adequate physical and cybersecurity to protect on-premise data can be challenging for law firms, especially midsize and smaller ones, a factor tipping the scales in favor of cloud offerings.
Scalability takes on a more immediate importance. The next new lawsuit might require rapid ramping up of capabilities. A law firm using a cloud-based approach, whether a private cloud or a public one, may be able to add hosting and processing capacity quickly. One hosted eDiscovery software on-premises or at a data center may have fewer options immediately available.
Geography is key. For law firms operating on an international scale, flexible deployment options become appealing. A cloud-based deployment will not work for a US-based firm handling a matter in a state court in Florida, with a client whose headquarters are in Canada, and whose Swiss manufacturing facility is at the core of the dispute. The Swiss data almost certainly will need to be reviewed in Switzerland first, via an on-premise or mobile implementation, before any data will be allowed out of the country.
Service Providers
Yet other factors come into play for electronic discovery service providers. Generally, their systems need to be available 24 hours a day, seven days a week. Any unscheduled downtime is problematic. If their systems are inaccessible for hours, to say nothing of days, they can suffer serious negative consequences.
Capacity can be an important consideration as well. Service providers often need to process and host many TBs of data, give hundreds or thousands of users reliable access to eDiscovery platforms, and simultaneously execute on many resource-heavy requests such as the all-too-common Friday afternoon rush to collect or produce data.
What Factors Should I Consider?
Next, you want to decide which factors matter to you. Here is a list of factors to consider. Although far from comprehensive, it should help you better understand which path might work best for you.
Accessibility: For end users, eDiscovery in the cloud often can mean more ready access from anywhere, at any time, and via a wide range of devices and interfaces. For those who want to get under the system’s hood, for example, to gain access to metadata not available via the user interface, on-premise may be the more desirable approach. For those needing to severely restrict access, mobile might be the best option.
Cloud accessibility has a flip side. Putting data in a cloud means you may possibly give your cloud provider access to more ESI and other content than you want them to have.
At Reveal, we give cloud users the ability to access the database backend. That means there is little a client cannot access within our cloud environment.
Advanced artificial intelligence: Advanced AI functions often work more effectively on cloud systems than on on-premise ones, and sometimes are available only via a cloud deployment. If you want to make use of functions such as AI-driven image recognition, transcription, and translation you want to look at this closely.
Capacity: Because of cloud systems’ scalability (see below), you should be able to quickly scale a cloud system’s capacity to meet your needs. With an on-premise system, to expand capacity you need to go through a whole series of often expensive and time-consuming steps to spec out, purchase, receive, and install new hardware and software.
Convenience: Cloud systems often are more convenient to set up, operate, and use than their on-premise or hybrid alternatives.
Cost: When it comes to the costs of cloud versus on-premise deployments, the scales increasingly are tipping in favor of cloud. Look at the software costs, of course, but on the on-premise side factor in additional costs such as hardware, additional software licenses, physical space, physical security, and the people to run, maintain, and secure the system.
Cross-border: If you potentially need to move data from one jurisdiction to another, say from China to the United States, you need to learn what limitations on cross-border data transfer apply and determine how to comply with those limitations at a practical level.
Data governance, disposition, and retention: At some point in your eDiscovery process, you will want to dispose of at least some portion of the ESI you put into the system. You may also want to dispose of – or retain – added content such as reviewer decisions. With on-premise installations, you supposedly have complete control over how long your data is retained, where it is retained, and when and how it is disposed of. Cloud providers will most likely offer you a narrower range of options and they may also have their own retention, backup, and destruction policies and practices that might not line up with yours.
Data transfer: No matter which deployment options you use, sooner or later you will need to transfer data into and out of your systems. With cloud systems, data transfer capabilities, speeds, and costs vary enormously. They also can be limited by contractual provisions. With on-premise approaches, if you can attach external storage media directly to your system, for example with a six-foot cable, generally you can transfer high volumes of data into and out of the on-premise implementation quickly. As distance increases, speed drops off, sometimes precipitously.
Geographical reach: While many matters take place entirely in a single country, many others span geographical and political borders. The advantage of eDiscovery in the cloud is that where your cloud of choice goes, you can go as well. With their public cloud offerings, Amazon and Microsoft both cover much of the world. On the flip side, no cloud system completely spans the globe and some jurisdictions frown on cloud; in those situations, on-premise and mobile options are the way to go.
In those situations, you want a cloud infrastructure akin to Reveal’s, which is available in the US and Canada, much of Europe and Asia, and Brazil, South Africa, and Australia.
Legal, regulatory, and policy requirements and compliance: You might be required by law, by regulation, or by internal policy to go down one path or stay away from another. HIPAA is but one of many laws, rules, and regulations that can come into play.
Privacy: As the importance of properly addressing data privacy needs and concerns grow, it becomes increasingly important to understand how the models you choose allow you to handle those issues.
If you are considering cloud options, you should make sure you know where, geographically, your data will be housed and you should find out what privacy requirements and restrictions apply in that location. If you want or need to house data in a specific geographical location, you want to know whether there are constraints that steer you more toward one deployment option and away from another.
If you deploy systems on your premises or at a data center, you have more granular control over the privacy measures that are put in place.
Scalability: Scaling up or down – adding more processing capacity, for example – generally is accomplished more easily and quickly with cloud deployments. In contract, increasing storage, processing, and similar capacities with an on-premise installation likely involves specifying, ordering, installing, and testing new hardware, obtaining additional software licenses, and adding backup capacity.
Security, physical and cyber: With on-premise, theoretically you can fully control security – physical security and cybersecurity – and access to data and applications. With cloud offerings, you need to rely on whatever security the providers put in place. It is important to note that cloud providers may be able to offer much greater security than anything you have the resources to deliver. If necessary, mobile options can be configured so that they are completely self-contained, with no external connectivity other than for power.
Security capabilities tend to be more robust in the cloud as you have access to a lot of services that if deployed on-premise would require upfront licensing costs. With the cloud, these services generally are “pay as you go” and usually are quite reasonably priced.
Software: Not all software will run on all systems. Determine whether and to what extent the eDiscovery solutions and other legal technology you want to use is likely to work with the deployment model you are considering. There will be different considerations for cloud applications – software users access primarily through the Internet – than for software applications meant to be installed on a network and yet different considerations if the software is to be loaded to an end-user’s computer.
Software updates: With cloud, it is easy always to be on the most up-to-date version of a software package. If you want to stay with older versions, on-premise may be your path.
Whose budget pays: On-premise often means capital expenditures. For cloud, the monies might come from operating costs.
Do I Have to Choose Just One?
You should not have to select one and only one way to deploy the eDiscovery platform of your choice. You should be able to use one eDiscovery platform across all four deployment options.
As you can glean from the list of factors above, no single deployment option is going to meet all needs. For a matter I worked on a year or so ago, we spec’d out and almost deployed a mobile appliance to be used to host data for review in Switzerland. With the ever-changing dynamics of litigation, at the last minute, we switched to an implementation where the eDiscovery platform was hosted in a data center used by a Swiss service provider. Had the matter not gone away, after Swiss review we would have moved the data to a cloud instance located in the United States.
To be able to address situations like this one, you are best served if you are able to use an eDiscovery platform that gives you the ability to deploy any combination of the four options, cloud, on-premise, hybrid, and mobile. By definition, a cloud-only solution will not be useful if you need to run the software on an air-gapped appliance. Similarly, an eDiscovery solution that requires software to be loaded on a local computer does not lend itself well to a cloud-only approach.
If your organization is interested in leveraging the power of legal AI software wherever you need it – eDiscovery in the cloud, on-premise, hybrid, or mobile – contact Reveal to learn more. We’ll be happy to show you how our authentic artificial intelligence takes review to the next level, with our AI-powered, end-to-end document review platform.