As the pace of web innovation increases, employees in enterprise organisations can often choose from a catalogue of SaaS applications to be productive in their day to day work. I’ve spoken to people who use Slack, Office 365, Confluence and Workplace every day to collaborate productively with their peers – especially when working across multiple locations.
Whilst this is great for the employees and teams who are working together, it presents a big problem for IT Administrators and legal teams. Each of the applications that an employee uses has its own administration interface, login system and probably stores data in a proprietary format on a system somewhere in “the cloud”.
Most enterprise organisations have solved the login problem using single sign on and an identity provider like Okta or Azure Active Directory. This allows employees to access any of these applications using their corporate login details, rather than remembering a separate username and password for each service. This also increases security as the employee is effectively locked out of all their applications should their corporate login account be deactivated.
The bigger problem comes from all the data that these third-party applications generate. Multiple collaboration tools are likely to be used by a single project team, causing project data to proliferate across many disparate systems. This data could one day be implicated in a legal matter or contain personal information.
Imagine a cross-functional team, spread across two offices, has been set up in your company to launch a new product. This team agrees to use their Office 365 tenant to share Word and Excel documents on a special SharePoint site and creates a Workplace Group and Slack channel to discuss the project. Over the next 18 months they work together on these platforms, sharing schematics, video recordings of customer interviews, meeting minutes and other project documents. The team launches the project and everyone moves on to other things.
A year later the product is involved in a legal dispute and a judge orders your organisation to turn over all data relating to the creation and management of the product. In order to comply with this request your organisation will need to have an eDiscovery platform and plan to search, access and archive data across all these third-party SaaS applications.
Another problem will likely appear for enterprise organisations as privacy-first legislation like the European GDPR and California’s Consumer Privacy Act become the norm. People in these jurisdictions will now be legally allowed to request access to all the information a company stores about them. This will also require an eDiscovery platform that will allow you to manage these requests in a legal way.
It’s clear to see in these two scenarios that the time and effort required to comply with one of these requests increases exponentially every time an employee in your organisation starts using a new SaaS application. Every legal request will require your eDiscovery team to perform content searches in multiple different places, most likely using very different user interfaces, which increases the risk of errors and increases costs.
To prevent these issues from occurring in your enterprise organisation, it’s advisable to select an eDiscovery platform that stores a copy of all your data in a single location. This makes it far quicker and cheaper to respond to a legal or data access request as you only need to use one system to search across potentially hundreds of applications.
Microsoft are very aware of this problem as their Office 365 service is made up of dozens of individual applications. They have built an eDiscovery solution on top of Office 365 to help legal teams search and manage these legal requests. They have also opened up this platform up to third parties, allowing any SaaS application to archive a copy of it’s data inside Office 365 for free. This means that a legal team can perform content searches across Office 365 and other applications seamlessly in a single go, taking advantage of the full eDiscovery case management tools that Office 365 provides.
Other providers such as Barracuda and Globanet provide similar capabilities, but often charge extra based on the amount of data that is stored in the archive.
If your organisation uses Office 365 you would be hard pressed to not evaluate their own eDiscovery solutions before looking into other, more expensive, options.