The Challenges of Data Collection in the Cloud

Corporations have been migrating their organizational data to storage in the cloud at a remarkable rate. The vast majority of technology decision makers (84 percent) say their organizations invested in cloud services in 2016, according to Insight’s 2017 Intelligent Technology Index report. The report noted that, “while only 15 percent have fully migrated their corporate application workloads to public clouds, 47 percent are more than halfway implemented in the cloud, with large and medium companies leading the way.”

It’s unlikely that this genie is going back in the bottle. The reality is that your data is now – or soon will be – in the cloud. The question becomes: When the discovery request arrives or the corporate investigation commences, how do you collect that data from the cloud in a forensically sound manner?

When your data is behind your own firewall or stored in a clearly identifiable media on your premises, you can point right at it and collect it with your preferred software tools. The cloud, however, is a very difficult environment for doing e-Discovery because you lose the “line of sight” with your data. You can no longer point at it, easily harvest it and seamlessly drop it into a database.

Based on our experience, here are three common challenges you need to overcome in order to perform forensically sound data collection in the cloud:

1. Easy to get in, hard to get out
Corporate IT teams have been drawn to the cloud migration trend for a variety of reasons, but unfortunately many of them don’t give much thought in advance to how they’ll get their data back out of the cloud when the need arises. The truth is that cloud providers are financially incentivized to keep your data housed on their platform — so perhaps not surprisingly, they typically make it onerous and inefficient to extract. Specifically, the collection tools offered by cloud providers tend to be clunky and not forensically sound as they lack features to track the chain of custody in data collection. Part of your cloud migration planning process should be to ensure the right data collection tools are in place when you need to get your data back out, rather than being hit with an urgent request and left scrambling to collect that data.

2. International data protection regulations
The EU’s General Data Protection Regulation (GDPR), Japan’s Act on the Protection of Personal Information (APPI) and China’s new Cybersecurity Law have all been adopted this year. These new data protection laws govern the way personal data must be handled in their various countries and have imposed strict constraints on the collection of electronic information pertaining to identifiable individuals. If you’re not careful about how you extract data from sources covered by these regulations, you run the risk of breaking laws that contain serious civil and criminal penalties.

3. Rise of Office 365
The rapid corporate IT move to the cloud has been fueled by the swift market penetration of Office 365, Microsoft’s flagship cloud computing platform. In 2016, one out of every five corporate employees used an Office 365 service, up from less than 7 percent in 2015, according to Skyhigh’s Office 365 Adoption & Risk Report. This creates significant challenges for data collection because the built-in collection tools for Office 365 are inadequate for large-scale collections, forcing digital forensics teams to use a piecemeal approach involving the use of other software tools to complete the collection. Corporate teams and their outside service providers need to have a good collection process for data residing in Office 365, including the use of tools that are designed to connect with Office 365 databases in a forensically sound manner.

Cloud data sources – e.g., Box, AWS, Drive, Dropbox, etc. – create forensic headaches of their own. In addition, on-premise data sources like SharePoint and File Shares are not easily consolidated by Office 365 to enable efficient collections.

To meet the rising challenges associated with forensic collection of data in the cloud, corporate investigators and legal IT professionals need access to better and faster software tools that will help them process complex data collected during litigation and digital investigations. With so much data lurking in so many places, getting that relevant evidence from collection to analysis is crucial. For example, AccessData’s new AD eDiscovery® 6.2 allows users to quickly collect data in the cloud from Office 365, SharePoint®, OneDrive® for Business and Office 365 Exchange.

For those of us in the trenches of digital forensics and e-Discovery, the result of the swift migration of corporate data to the cloud is that we’re suddenly confronting the daunting challenge of collecting electronic evidence from sources we can’t touch or see. It’s important to understand the challenges you’re going to confront and use the best available tools to navigate those challenges in a forensically sound manner.