Why You Don't Need Both Cloud & On-Prem
Should We Run eDiscovery In The Cloud, On-Prem Or Both?
How To Avoid Complications From A Dual Environment
By Jordan McQuown
In a recent article, I analyzed the root-cause of challenges that are holding back adoption of eDiscovery cloud computing. IPE (Inverse Performance Equation) is one of the biggest culprits. As matters exceed a couple hundred gigs of data or so, reviewer productivity grinds down to painfully slow levels. To address this, many organizations are opting to maintain two eDiscovery environments: one in the cloud and one on-prem.
I think the dual environment approach is a mistake. In this thought piece, I’d like to outline why I believe you shouldn’t maintain both environments. I know of numerous organizations today running dual (cloud and on-prem) eDiscovery environments. If this sounds like your enterprise, I’d like to share some insights here that you might not have considered.
Organizations that are maintaining both cloud and on-prem eDiscovery environments today probably have not fully considered what I’m about to share. By my estimation, this could include:
- eDiscovery service providers
- Law firms
- Corporations, government agencies and other stakeholders who manage eDiscovery in-house
- Consultancies with a core competency in eDiscovery and investigations
Most organizations I’ve analyzed did not set out to have two environments. Instead, this came about almost accidentally. To illustrate this point, let me describe a fairly common scenario I see playing out.
- An organization has made a substantial investment in on-prem eDiscovery computing and it has worked just fine for many years.
- The on-prem environment does have limitations, usually restricting reviewers to a single work environment that’s not particularly flexible. This limitation was exacerbated during the pandemic.
- The on-prem environment requires a substantial investment in hardware, software and services to keep it optimized. Leaders were hoping the cloud would one day reduce or eliminate this expense.
- Sometime in the last few years, leaders began to hear about the benefits of eDiscovery cloud computing: no hardware, no software, work-from-anywhere, claim the rental expense as an operating cost rather than incur a huge capital expenditure. It was all very attractive.
- They decided to dip their toes in the water and run a few small matters in the cloud. The initial results were encouraging. The costs were reasonable and the reviewers were productive. Leaders began to wonder if they even needed on-prem any longer.
- They kept feeding larger and larger matters into the cloud and then IPE hit. On matters with more than a couple hundred gigs or so of data, reviewer productivity plummeted while complaints and frustrations skyrocketed.
- Leaders felt stuck. While the cloud couldn’t handle everything, it could handle a lot. So they adopted a relatively simple policy that at the time seemed cost-effective: all small matters go through the cloud and large matters go on-prem. While they would prefer to have a single environment, they really don’t see a reason to change what seems to be working today.
This is the stuck position I believe many organizations are finding themselves in. While they don’t necessarily want two eDiscovery environments, it seems tenable to keep both. Right?
If your organization has ended up with two environments and you find this to be an acceptable solution, I would wager that there are several problems you will likely run into that will cause you to regret that decision:
- The costs of maintaining two environments are probably much higher than you’ve accounted for yet and they could go up, by a lot.
- The security risks are nearly double.
- It can be very confusing, operationally, to know which environment to select and recommend to clients. If your recommendation doesn’t work out, client satisfaction could be impacted negatively.
- Given today’s cutting edge architectural options, it’s really not necessary to maintain two environments.
Before we explore these ideas, I do want to add a qualifier. Some organizations I’ve worked with have clients who don’t want their data in the cloud. Period. While I believe the cloud can be made as secure as on-prem, this sort of client-bias often cannot be overcome. The choice becomes binary. Either you review their matters on-prem or you lose their business. Today, this is the one and only completely reasonable justification I can think of to maintain two environments. This is especially true if a large portion of your revenue comes from clients with this bias. But if that is not your situation, the ideas I’m about to describe could guide you toward a much better path.
Budgets drive a lot of decision-making in eDiscovery and rightly so. On the surface, it probably doesn’t seem all that much more expensive to maintain two environments than one. This is especially true for organizations that made substantial investments in on-prem and then added the cloud. The incremental expense for cloud licenses probably pales in comparison to the costs of the on-prem infrastructure.
But this thinking belies two considerations that really should be factored into the overall cost picture:
- The human costs have probably been significantly underestimated.
- At some point, you’ll need to scale the on-prem infrastructure.
I’ve noticed over the years that when organizations build budgets for eDiscovery functions, they tend to underestimate the human costs. In several businesses I’ve analyzed, members of the IT team dedicate up to half of their time, if not more, to eDiscovery. But rarely is a proportional amount of their salary accounted for in eDiscovery budgets. Usually that salary expense is carried on the books of the IT function.
This is a hidden cost that most organizations simply don’t account for. My sense is that this is probably costing you a lot more than you realize today and it will only get worse as time goes by. I say this for a few reasons. First, the skillsets required to maintain an on-prem environment are quite different than for maintaining a cloud environment. Second, as more matters get added to the cloud, the need for near full-time support for the cloud will almost certainly occur. Many of the new managed services agreements we’re putting in place are for the cloud, not just on-prem.
Third, because the maintenance requirements are so different between the two environments, it’s entirely possible that you could end up needing two dedicated teams—especially if you operate in a 24x7x365 capacity. If the human expenses for both environments are not properly calculated and attributed, your profits could really degrade and it might be a mystery as to why that’s the case.
The second cost consideration has to do with upgrades of the on-prem environment. One of the biggest expenditures we help clients plan for is something we call environment scaling. This usually means we’re upgrading storage systems, servers, SQL servers, security and even the network. Most eDiscovery environments require pretty significant upgrades about every 3-4 years. That’s the nature of the beast. If your environment was upgraded sometime in the last 1-2 years, you’re probably good to go for a while.
But if your environment hasn’t been upgraded in the last 3 years, you probably have a big decision to make soon: should we upgrade on-prem or try to move everything to the cloud? My recommendation would be that you upgrade the cloud. My last article on this topic put forward ideas that you might not have considered. The financial benefits of operating with a single environment could far outweigh the costs of this type of upgrade. But no matter what, if you haven’t calculated a future upgrade to on-prem into your budget forecast, you’re probably operating on erroneous cost projections.
Cybersecurity is a constant concern for eDiscovery operators because we host some of the most valuable and sensitive ESI (electronically stored information) in the world. This is an inherent problem for dual-environment operators. No matter how you calculate it, keeping two environments secure is twice the work and twice the challenge of keeping one environment secure. This means:
- Two networks need to be architected for a security-first posture.
- Two networks need to be monitored in real time.
- Two sets of logins need to be managed.
That requires twice the level of vigilance. In my experience, most eDiscovery operators struggle to practice vigilance for a single environment, let alone two.
But the biggest problem in this area probably has to do with the different security postures of the two environments. This introduces a number of operational challenges and probably even requires different disclosures to clients for the two different environments. Here’s what I mean.
If you operate an on-prem eDiscovery environment, you’re probably in control of the security policies and practices for that unique environment. Most on-prem environments are a custom build, where the technology, operations and policies are designed specifically for the needs of that environment.
But in the cloud, you’re likely subject to the practices and policies of the cloud provider. What happens when the policies and practices of your cloud environment are different from your on-prem environment? How do you monitor and enforce the policies of the two environments? How do you disclose to clients the differences between the two? That brings me to my next point.
In my estimation, one of the major reasons you don’t want two environments is because it can be very confusing operationally, especially for business development people. I see two frequently-encountered situations where confusion could produce negative consequences:
- Estimations of reviewer productivity.
- Engagements that start small and then scale in data sets.
Most eDiscovery practices, in my experience, set productivity targets for their reviewers. In other words, they want reviewers to consistently comb through a set number of documents per hour. The reviewer’s ability to hit those productivity benchmarks is highly dependent on the speed of the underlying infrastructure.
But how can you make this calculation when the performance characteristics are quite different between the two environments? This is especially problematic when the performance is not constant, because it’s subject to IPE—where performance degrades as data-sets increase. Think about that for a moment. If your estimates are for 750 documents to be reviewed per hour and yet your actual performance is 500 documents per hour, what do you do? How do you explain that to stakeholders? How does that impact your deadlines and your profit margins?
One of the ways I’ve seen this play out is with matters that start small and then swell. This is actually very common in eDiscovery. I’ve seen matters kick off with under 100 gigs of data, then 50 more gigs get added and then 100 more. What happens when you start off by placing the matter in the cloud, but then IPE blocks you from finishing the matter in the cloud because it won’t scale? The options I’ve seen organizations consider at that moment often include:
- Migrate the data for the entire matter from the cloud to on-prem. This takes time and can be complicated to coordinate. Given that most eDiscovery projects operate on pretty tight timelines, this is not a very attractive option.
- Split the matter between cloud and on-prem. This is also not a very attractive option because it often requires a new set of reviewers to quickly get up to speed on the project. It also often inhibits collaboration between reviewers who may not even be in the same location.
It’s not primarily reviewers who are impacted by these situations. Business development people, who are usually not all that familiar with the underlying technology, often struggle with two core questions:
- Which environment do we recommend for this matter and how can I be confident it’s the right environment?
- What do I do if reviewer productivity drops off precipitously, due to IPE, or if the matter scales beyond the performance limitations of the cloud?
I’ve seen business development people grapple with these questions and with the actual fall-out of making recommendations that don’t work out. This does not lead to confident business development people who know they can stand behind their recommendations one hundred per cent. This is not the mindset you want for your business development staff.
At the end of the day, my number one reason for saying you don’t need two eDiscovery environments is because it’s just not necessary. The cloud can be made to perform at a level that is equal to or greater than on-prem. The cloud can be made scalable, where you don’t have to migrate data to on-prem in an emergency. The cloud can help you avoid that next big on-prem scaling expenditure.
If nothing else, I hope my reasoning here will give you an option to consider when the moment comes to scale on-prem. What if, instead of scaling on-prem with all of its inherent limitations, you scale your cloud environment? What might that mean for the future of your business? How might this improve your security posture? How much confidence might this give your business development staff? How much simpler might this make your operations?
If you have questions about any of the ideas I’ve put forward here, please know that my door is open.
CHIEF TECHNOLOGY OFFICER (CTO), GEORGE JON
Jordan McQuown is an authority in information technology, cyber security, electronic discovery, and digital forensics. He has written Thought Leadership articles for the American Bar Association’s Cybersecurity Handbook and Information Security Magazine, and he is a regular speaker as a subject matter expert on the eDiscovery security, application and legal conference circuits.
George Jon (GJ) is an eDiscovery infrastructure, product and process specialist, delivering performant, scalable, fault tolerant environments for users worldwide. GJ works with global corporations, leading law firms, government agencies, and independent resellers/hosting companies to quickly and strategically implement large-scale eDiscovery platforms, troubleshoot and perfect existing systems, and provide unprecedented 24/7 core services to ensure optimal performance and uptime.
George Jon’s (GJ) conclusions are informed by fifteen-plus years of conducting enterprise-class eDiscovery platform assessments, application implementations and infrastructure benchmark testing for a global client base. GJ has compiled extensive quantitative and qualitative insights from the research and implementation of these real-world environments, from single users to multinational corporations, and is a leading authority on eDiscovery infrastructure.