Bandwidth Spring 2007 - eDiscovery – Are all your electronic communications in compliance with the new rules?

Home

Editor's Corner

Akibia Case Study:
Achieving PCI Compliance

Secure Your Virtualized Environment

Network Versus Host-Based Security Approach

Network Management
and Control

eDiscovery Electronics Communications Compliance

Check Point VPN-1
UTM Edge Wireless

Akibia News

Akibia Partners

Contact Akibia

eDiscovery –
Are all your electronic communications
in compliance with the new rules?
By Frank Cabri - VP Marketing, FaceTime

As of December 1st 2006, U.S. companies are required to keep track of all electronic communications – email, instant messaging, chat threads, even VoIP conversations such as Skype – in order to be able to provide this information as part of the discovery phase of any legal process.

The Federal Rules of Civil Procedure (FRCP), and in particular the newly amended Rule 26, which govern the production of evidence in most federal court cases, make the efficient management of corporate electronic records (eRecords) more vitally important than ever. Failure to comply with the new electronic discovery (eDiscovery) rules can mean fines, sanctions, executive liability, a drop in stock price, and other risks. Industry analyst Osterman Research recently published a white paper that explains the FRCP amendments in detail and the impact they will have on organizations of all sizes. You can request a copy of the white paper online at www.facetime.com/ediscoveryakibia.

While most companies have implemented solutions to track, archive, and monitor their email systems, it appears that far fewer companies have extended those solutions to cover instant messaging and other real-time communications records. According to a recent study by ComputerWorld, 32% of IT professionals surveyed said they are not prepared to meet the new legislative requirements, while 11% say they are somewhat prepared and 42% do not know their company’s readiness. Given the widespread use of these tools in business today, these numbers are cause for concern.

Use of real-time communications in business today is significant

Microsoft and IBM are the dominant players in the real-time enterprise collaboration space with their products Microsoft Office Live Communications Server (LCS) and IBM Lotus Sametime. A handful of other vendors are also in the enterprise IM space, such as Reuters that caters to the financial services industry. The Gartner Group predicts that enterprise IM “penetration will approach 90% by 2010.

However, the use of corporate sanctioned IM solutions such as LCS or Sametime does not typically stop all use of public IM applications. In fact, a FaceTime study conducted in October 2006 showed that roughly three of four enterprise IM users also still relied on public IM. And, as organizations allow interconnectivity between their enterprise IM users and outside users who rely on public IM networks, the risk of malware threats increases dramatically. Employees use IM for convenience, speed, and work productivity, but as the boundary between work and personal space erodes the use of corporate PCs for personal communications is increasingly common: 70% of end users have sent personal IMs from work. More than 25% of employees admitted to using IM in order to have “private, unmonitored communications,” and if they were aware that their IM communications were being monitored, almost half (45 percent) acknowledged that they would pay more attention to company guidelines.

Clearly, any company not taking steps to address the potential risks to productivity, compliance, and the bottom line raised by this behavior is not meeting the fundamental requirement of data protection legislation – the duty of due care.

FaceTime Enterprise Edition delivers eDiscovery compliance for real-time communications

FaceTime Enterprise Edition (FTEE) is used by the world’s largest organizations – including nine of the 10 largest US financial institutions - to manage and secure IM, P2P, Skype, web conferencing and other real-time communications applications. It provides user policy management, message hygiene, zero-day worm protection, comprehensive compliance, and protection against user circumvention. It also detects and prevents spyware and other malware infections at the Internet gateway – before it impacts the business.

FTEE ensures that all archived real-time communications threads match recorded conversations at the level of time-stamped messages, storing messages in binary and text format in the order they appear for content accuracy, including accurate capture of multi-party chat threads, and then transferring them directly to WORM (Write Once Read Many) storage. File transfer management controls include anti-virus scanning, compliance review and WORM archival. Anti-tampering checksums ensure that archived messages cannot be repudiated.

FTEE is an essential complement to enterprise IM systems such as Microsoft LCS and IBM Lotus Sametime. While both IBM and Microsoft offer some basic text logging features, FTEE provides the advanced search and reporting capabilities that are a must-have in meeting the new e-discovery regulations. FTEE delivers comprehensive management, control and reporting for all enterprise IM platforms.

Companies that already have an email compliance system deployed can continue using the same reporting and workflow interfaces and processes for IM as for email. FTEE takes completed IM threads and expresses them in conformance with a rich XML schema, containing not only a detailed set of IM events, including multi-party and chat, but also a wide variety of user and policy attributes, available through direct integration with the corporate directory infrastructure.

FTEE additionally provides data security and protection compliance for real-time communications data to meet the requirements of HIPAA, SOX, GLB, and the full range of applicable SEC rules, making it the only solution to offer TrueCompliance™, ensuring strictest compliance with regulatory and corporate policies.

Summary

If past history is anything to go by, the penalties for noncompliance could be serious. Morgan Stanley was fined $1.5 billion in 2005 for failing to produce electronic information as part of a civil litigation procedure. Every company where employees use real-time communications - whether or not that usage is officially sanctioned - needs to be able to produce accurate records of those communications. Companies would be well-advised to take appropriate measures to ensure they can produce all of their electronic communications records.

Employees, particularly younger workers, are very accustomed to using IM. To these new workers, email has become the new “snail mail”- still useful, but in fewer instances. With more employees using instant messaging, organizations may want to implement their own compliance procedures and eDiscovery practices rather than wait for a governing body to enforce it upon them. Many employees do not misuse instant messaging, but a “trust, but verify” approach may be wise.

About FaceTime

FaceTime enables the safe and productive use of greynets like instant messaging, Skype, web conferencing and P2P file sharing. To learn more about FaceTime solutions for the management, security and compliance of real-time communications, please visit www.facetime.com.

About the Author
Frank Cabri is vice president of marketing at FaceTime and has more than 15 years of marketing and product management experience in the networking, security and telecommunications industries. Mr. Cabri holds a Master of Business Administration from the Ageno School of Business, Golden Gate University, and a Bachelor of Science in International Business from California State University, San Jose.