SharePoint and Discovery Collide

“There's just too much.”

In the early- to mid-2000s, many corporate attorneys were given this answer by their IT counterparts to justify why they couldn't simply “push a button” and search all of the organization's e-mail.

The weary IT representative was referring to e-mail existing throughout the organization ' on the server, the file shares and desktops as PSTs (or other personal e-mail archive) and on backup tapes. And it was all growing daily at an alarming rate.

Imagine if that same lawyer and IT professional could turn back time to the late 90s and come up with a solid policy to govern how e-mail was created, stored and disposed of that not only satisfied the legal requirements, but was also enforceable from an IT perspective. Had the IT and legal department known that this critical business application would soon grow out of their control, they could have acted then, instead of being forced to remediate and react to it for decades to come.

It is of little comfort now to know that all along they had the chance to put in place sensible governance while the e-mail weed was just beginning to sprout. It only adds insult to injury to realize that this governance could have reduced discovery cost and risk, as well as IT costs in the form of backup, storage and personnel costs.

That is where we are right now with SharePoint. Have we learned a lesson?

e-Mail-Type Issues

First, let's test the hypothesis that SharePoint will become the same or similar discovery and information management challenge that e-mail has (unless an organization had the foresight to implement e-mail management protocols, including auto-deletion). e-Mail was, and is, difficult to govern for several reasons:

• Daily growth which, over time, becomes exponential growth;
• Critical to a large number of business units (and thus a given business unit either cannot, will not, or perhaps even should not, assist in keeping the volume down);
• Richness as an e-discovery target;
• Lack of being searchable/retrievable from a central location; and
• Lack of an obvious time or manner to dispose of outdated content (unless it's that forward-thinking organization that actually implemented e-mail management).

How does SharePoint stack up compared to this list?

Growth

According to KMWorld, the number of SharePoint user licenses by 2010 year-end was estimated to be 130 million (see, www.kmworld.com/Articles/News/News-Analysis/Ubiquitous-SharePoint-70840.aspx), and according to a Global360 survey, 97% of survey respondents will eventually use SharePoint (see, www.global360.com/download/sharepoint-survey). In addition, the 2011 update to the survey shows the rollout of SharePoint 2010 has increased five-fold.

Critical Content/e-Discovery Target

According to the Global360 survey, 68% of organizations use SharePoint for document workflows, 58% utilize it for business processes, and 33% use it for mission-critical workflows. To the alert document requestor or investigator, this means SharePoint is a source they'd like to be searched.

Lack of Search and Retrieval

According to Neil MacDonald at Gartner: “We estimate that 30% of SharePoint servers are deployed outside the management of the IT department.” (See, blogs.gartner.com/neil_macdonald/2009/03/24/the-phantom-security-menace-rouge-sharepoint-sites.) Add to this the fact that many organizations do not even know how many SharePoint sites they have, let alone how to search all of them (though SharePoint itself has some functionality here). Collection becomes the real problem, as SharePoint has wiki and blog functionality, and only a few tools can capture this content in a sound way.

Disposition

Many SharePoint sites are set up for a specific project, and thus have a limited lifetime. Once these sites are no longer used, they tend to sit as a pond in which future fisherman can fish. In this way, SharePoint sites are very similar to PST files, in that one day an organization could be compelled to search and produce from them.

So, is all lost and are we doomed to have not one, but now two, out of control sources of content to grapple with during discovery?

SharePoint Doesn't Have to Become e-Mail

If we learn from the past and invest in the right policy and technology while SharePoint is relatively young, we can avoid the e-mail quagmire.

Policy

A SharePoint policy should be implemented immediately. There are a variety of experts and resources that can help. One key consideration is to ensure that business users have a clear and painless path to initiate setup of SharePoint through a centralized IT function to avoid the establishment of rogue SharePoint sites. A monthly chargeback model is one way to ensure: 1) users don't frivolously set up sites; and 2) users have incentive to let IT know when a site can be shut down. As chargeback models are difficult to impose after the fact, having this initial setup is critical.

If done through the proper channels, SharePoint site classification can be implemented at the outset as well. This process helps map the site's content to the record retention policy, which again is something easier done at the outset than at a later time. SharePoint consulting experts can assist here. This will facilitate retention and disposition in the future in accordance with an organization's established policies.

Technology

Contrary to what some attorneys think, IT can be your best ally here. For IT, the SharePoint headaches are different, but painful nonetheless. Because some SharePoint functionality and licenses are virtually “free,” and because the look and feel is rather intuitive, business users are adopting SharePoint en masse. However, as sites grow, so too do the Site Collections, which live primarily inside SQL Server databases and have storage limitations. And as these limitations are surpassed, performance degrades. As the underlying SQL Server database licenses and storage are not free, somebody has to pay for it, maintain it, back it up, etc. Here is where IT and legal can join forces.

A SharePoint archiving solution that can aid with search and retrieval from a discovery standpoint can also be used for storage optimization. This presents a win-win for legal and IT. While legal is benefiting from being able to search and preserve information, IT is benefitting from enhanced performance and a reduced need for additional SQL server licenses and deployments. Note, one method of storage optimization, external blob storage or “EBS,” can be difficult if not set up before the site is active, which is another reason to create and roll out a SharePoint strategy post haste. The clock is ticking for IT, too.

An additional incentive to ensure users go through the proper IT channels to set up and manage sites is to offer migration services. For example, if a legal department was setting up a SharePoint site to manage all motions, offering to scan the existing file shares for all motions and pre-populate the SharePoint site with this content is a “carrot” for the users. Using the same tools that migrate to and from SharePoint sites, sweeps can be set up to look for rogue sites on the network, which can empower IT to use the “stick” approach when necessary.

Conclusion

The time to act is now. The policies and technologies that can be implemented will benefit both legal and IT departments while simultaneously reducing risk for the whole organization. However, as was learned with e-mail, it is much easier to head off issues with proactive pruning and tending than to have to react to a garden overtaken by weeds.

“There's just too much.”

In the early- to mid-2000s, many corporate attorneys were given this answer by their IT counterparts to justify why they couldn't simply “push a button” and search all of the organization's e-mail.

The weary IT representative was referring to e-mail existing throughout the organization ' on the server, the file shares and desktops as PSTs (or other personal e-mail archive) and on backup tapes. And it was all growing daily at an alarming rate.

Imagine if that same lawyer and IT professional could turn back time to the late 90s and come up with a solid policy to govern how e-mail was created, stored and disposed of that not only satisfied the legal requirements, but was also enforceable from an IT perspective. Had the IT and legal department known that this critical business application would soon grow out of their control, they could have acted then, instead of being forced to remediate and react to it for decades to come.

It is of little comfort now to know that all along they had the chance to put in place sensible governance while the e-mail weed was just beginning to sprout. It only adds insult to injury to realize that this governance could have reduced discovery cost and risk, as well as IT costs in the form of backup, storage and personnel costs.

That is where we are right now with SharePoint. Have we learned a lesson?

e-Mail-Type Issues

First, let's test the hypothesis that SharePoint will become the same or similar discovery and information management challenge that e-mail has (unless an organization had the foresight to implement e-mail management protocols, including auto-deletion). e-Mail was, and is, difficult to govern for several reasons:

• Daily growth which, over time, becomes exponential growth;
• Critical to a large number of business units (and thus a given business unit either cannot, will not, or perhaps even should not, assist in keeping the volume down);
• Richness as an e-discovery target;
• Lack of being searchable/retrievable from a central location; and
• Lack of an obvious time or manner to dispose of outdated content (unless it's that forward-thinking organization that actually implemented e-mail management).

How does SharePoint stack up compared to this list?

Growth

According to KMWorld, the number of SharePoint user licenses by 2010 year-end was estimated to be 130 million (see, www.kmworld.com/Articles/News/News-Analysis/Ubiquitous-SharePoint-70840.aspx), and according to a Global360 survey, 97% of survey respondents will eventually use SharePoint (see, www.global360.com/download/sharepoint-survey). In addition, the 2011 update to the survey shows the rollout of SharePoint 2010 has increased five-fold.

Critical Content/e-Discovery Target

According to the Global360 survey, 68% of organizations use SharePoint for document workflows, 58% utilize it for business processes, and 33% use it for mission-critical workflows. To the alert document requestor or investigator, this means SharePoint is a source they'd like to be searched.

Lack of Search and Retrieval

According to Neil MacDonald at Gartner: “We estimate that 30% of SharePoint servers are deployed outside the management of the IT department.” (See, blogs.gartner.com/neil_macdonald/2009/03/24/the-phantom-security-menace-rouge-sharepoint-sites.) Add to this the fact that many organizations do not even know how many SharePoint sites they have, let alone how to search all of them (though SharePoint itself has some functionality here). Collection becomes the real problem, as SharePoint has wiki and blog functionality, and only a few tools can capture this content in a sound way.

Disposition

Many SharePoint sites are set up for a specific project, and thus have a limited lifetime. Once these sites are no longer used, they tend to sit as a pond in which future fisherman can fish. In this way, SharePoint sites are very similar to PST files, in that one day an organization could be compelled to search and produce from them.

So, is all lost and are we doomed to have not one, but now two, out of control sources of content to grapple with during discovery?

SharePoint Doesn't Have to Become e-Mail

If we learn from the past and invest in the right policy and technology while SharePoint is relatively young, we can avoid the e-mail quagmire.

Policy

A SharePoint policy should be implemented immediately. There are a variety of experts and resources that can help. One key consideration is to ensure that business users have a clear and painless path to initiate setup of SharePoint through a centralized IT function to avoid the establishment of rogue SharePoint sites. A monthly chargeback model is one way to ensure: 1) users don't frivolously set up sites; and 2) users have incentive to let IT know when a site can be shut down. As chargeback models are difficult to impose after the fact, having this initial setup is critical.

If done through the proper channels, SharePoint site classification can be implemented at the outset as well. This process helps map the site's content to the record retention policy, which again is something easier done at the outset than at a later time. SharePoint consulting experts can assist here. This will facilitate retention and disposition in the future in accordance with an organization's established policies.

Technology

Contrary to what some attorneys think, IT can be your best ally here. For IT, the SharePoint headaches are different, but painful nonetheless. Because some SharePoint functionality and licenses are virtually “free,” and because the look and feel is rather intuitive, business users are adopting SharePoint en masse. However, as sites grow, so too do the Site Collections, which live primarily inside SQL Server databases and have storage limitations. And as these limitations are surpassed, performance degrades. As the underlying SQL Server database licenses and storage are not free, somebody has to pay for it, maintain it, back it up, etc. Here is where IT and legal can join forces.

A SharePoint archiving solution that can aid with search and retrieval from a discovery standpoint can also be used for storage optimization. This presents a win-win for legal and IT. While legal is benefiting from being able to search and preserve information, IT is benefitting from enhanced performance and a reduced need for additional SQL server licenses and deployments. Note, one method of storage optimization, external blob storage or “EBS,” can be difficult if not set up before the site is active, which is another reason to create and roll out a SharePoint strategy post haste. The clock is ticking for IT, too.

An additional incentive to ensure users go through the proper IT channels to set up and manage sites is to offer migration services. For example, if a legal department was setting up a SharePoint site to manage all motions, offering to scan the existing file shares for all motions and pre-populate the SharePoint site with this content is a “carrot” for the users. Using the same tools that migrate to and from SharePoint sites, sweeps can be set up to look for rogue sites on the network, which can empower IT to use the “stick” approach when necessary.

Conclusion

The time to act is now. The policies and technologies that can be implemented will benefit both legal and IT departments while simultaneously reducing risk for the whole organization. However, as was learned with e-mail, it is much easier to head off issues with proactive pruning and tending than to have to react to a garden overtaken by weeds.