Caring About Cloud Migration

Friday, July 1, 2016 - 13:15

Information technology departments across all industries face enormous pressure to control costs and reduce their budgets. At the same time, they’re coping with the massive growth of data to store on IT systems and data servers. This had led to a mass migration of data to cloud-based storage systems run by third-party service providers. These systems differ from traditional hosted storage, where data is simply moved onto discrete servers owned and maintained by a service provider. Cloud-based systems fragment data across large collections of servers that are often spread out across different locations, sometimes on a global scale. These cloud-based systems add to the complexity of privacy, risk and security compliance concerns that are raised by any movement of data from company control to that of a service provider.

One particularly problematic but often overlooked area involves migrating data into the system in a manner that complies with the company’s legal obligations to preserve electronic information that is subject to litigation hold due to legal disputes or regulatory matters. It also impacts information that is subject to other preservation obligations, such as records retention regulations or contractual obligations. For example, many companies are migrating their email systems from existing on-premises servers to cloud-hosted email services, such as Google’s Gmail or Microsoft Office 365. Before legacy email is moved to the new cloud system as part of the migration plan, it’s important to understand the impact that the migration and conversion processes being deployed may have on that email data.

Validation tests typically used by IT departments for these processes are generally neither rigorous nor extensive enough to uncover small but significant changes to the data. These may impact the integrity of the metadata, embedded objects, and message bodies or attachments to the point that the original data may be considered spoliated by a court. Basic forensic testing of random samples will often uncover these changes before the original data is lost forever, but only if the legal team and their e-discovery advisors are involved early enough. This applies equally to other legacy data being imported into the system – it’s not limited to email.

It’s important to understand any format limitations and conversion impacts on data being exported from the system to meet discovery obligations. Since many cloud-based systems operate on proprietary platforms and fragment data among large numbers of servers, taking data out of the cloud environment can often render all or some of it unreadable or unusable. The export formats available may not be compatible with existing e-discovery processing and hosting software. The search and retrieval capabilities available in the cloud-based system may also have limitations, which will then require exports of larger data sets than otherwise needed, for search and filtering outside the system, using more powerful and accurate tools. However, exporting these large data sets using internet-based interfaces can be slow and cumbersome, and may require extensive quality control measures to ensure the exports are valid and complete if, as found in most systems, the interface lacks such functionality.

These issues typically don’t torpedo cloud migration projects. Most companies often don’t fully understand them until after the new systems are deployed and problems surface. Often this is at a time of crisis, which puts significant time constraints on resolving issues that may have arisen. However, early involvement in the planning and testing stages of the migration process can help counsel avoid these painful fire drills down the road. A little time invested up front can help the company fully understand the impact of data migration and identify any steps needed to remediate issues before they cause permanent data losses.

The opinions expressed are those of the author and do not necessarily reflect the views of AlixPartners, LLP, its affiliates, or any of its or their respective professionals or clients.

David White is a director at AlixPartners, LLP, where he advises clients on information governance, information security and electronic discovery. 

 Please email the author at dwhite@alixpartners.com with questions about the article.