Tag Archives: Business Practices

eDiscovery Part 4 – the eDiscovery Process

This is the fourth and final installment in our series of blog posts on eDiscovery, containing video excerpts from the presentation we made on September 26 at the O365 Nation Fall Conference in Redmond. This installment is a bit longer (14 minutes), but it deals with the question of how you search for and retrieve the content we’ve discussed in previous posts. To review:

  • Part 1 discussed the lifecycle of an Exchange email message, what the “Recoverable Items” folder is all about, and the role of the “Single Item Recovery” feature in Microsoft Exchange.
  • Part 2 discussed PST files – why you may not want people using them, how to prevent their use, and why the archiving function that is built into Exchange 2010 and 2013 is a better option.
  • Part 3 discussed discovery hold – the different kinds of discovery hold available in Exchange 2013, how they work, and how they differ from what was available in Exchange 2010.

In this installment, we address the discovery process itself, and specifically how to configure and use the eDiscovery Center that’s available in SharePoint 2013:



Finally, as you moved through the video series, you saw a number of URLs in the PowerPoint presentation that led to various Web resources that would provide more information on the topics discussed, and you may have wished that you could see them more clearly so you could write them down. Not to worry – here they are for your convenience:

Where Did My Document Go?

It is axiomatic that many of us (perhaps most of us) don’t worry about backing up our PCs until we have a hard drive crash and lose valuable information. This is typically more of a problem with personal PCs than it is with business systems, because businesses usually go to great lengths to make sure that critical data is being backed up. (You are doing that, right? RIGHT? Of course you are. And, of course, you also have a plan for getting a copy of your most critical business data out of your office to a secure off-site location for disaster recovery purposes. Enough said about that.)

So, with business systems, the biggest challenge is making sure that users are saving files to the right place, so the backup routines can back up the file. If users are saving things to their “My Documents” folder, and you’re not redirecting “My Documents” to a network folder on a server, you’ve got a big potential problem brewing. Ditto if people are saving things to their Windows Desktop, which is possibly the worst place to save things that you care about keeping.

But there’s an even more fundamental thing to remember, and to communicate to our users: The best, most comprehensive backup strategy in the world won’t save you if you forget to save your work in the first place! Even in our Hosted Private Cloud environment, where we go to great lengths to back up your data and replicate it between geo-redundant data centers, there’s not much we can do if you don’t save it.

Just as many of us have learned a painful lesson about backing up our data by having lost it, many of us have also had that sinking feeling of accidentally closing a document without saving it, or having the PC shut down due to a power interruption, and realizing that we just lost hours of work.

Microsoft has built an Autorecovery option into the Office apps in an attempt to save us from ourselves. Within, say, Word, go to “File / Options / Save,” and you should see this:

Word Autorecover Settings

That’s where you set how often your working document will be automatically saved, as well as the location. But be aware that Autorecovery works really well…until it doesn’t. A Google search on the string “Word autorecovery didn’t save” returned roughly 21,000 results. That doesn’t mean you shouldn’t leverage Autorecovery – you certainly should. But take a look at the Word “Help” entry on Autorecovery:

Word Autorecover Help

Notice the text that I’ve circled in red? It says “IMPORTANT The Save button is still your best friend. To be sure you don’t lose your latest work, click Save (or press Ctrl+S) often.” Bottom line: Autorecovery may save your backside at some point…or it may not. And corporate backup routines certainly won’t rescue you if you don’t save your work. So save early and often.

And if you’re a mobile user who frequently works while disconnected from the corporate network, it’s a good idea to save your files in multiple locations. Both Microsoft (OneDrive) and Google (Google Drive) will give you 15 Gb of free on-line storage. And if it’s too much trouble to remember to manually save (or copy) your files to more than one location, there are a variety of ways – including VirtualQube’s “follow-me data” service – to set up a folder on your PC or laptop that automatically synchronizes with a folder in the cloud whenever you’re connected to the Internet. You just have to remember to save things to that folder.

You just have to remember to save things, period. Did we mention saving your work early and often? Yeah. Save early and often. It’s the best habit you can develop to protect yourself against data loss.

eDiscovery Part 3 – Email Discovery Hold in Microsoft Exchange

This is the third in our series of blog posts on eDiscovery, containing video excerpts from the presentation we made on September 26 at the O365 Nation Fall Conference held in Redmond. Part 1 dealt with the lifecycle of an Exchange email message, what the “Recoverable Items” folder is all about, and the role of the “Single Item Recovery” feature in Microsoft Exchange. Part 2 discussed PST files – why you may not want people using them, how to prevent their use, and why the archiving function that is built into Exchange 2010 and 2013 is a better option.

In this segment, we dive into discovery hold, and talk about the different kinds of discovery hold available in Exchange 2013, how they work, and how they differ from what was available in Exchange 2010.

Wait – Support for WHAT is ending WHEN?

You may have already heard rumblings about support for Windows 7 and Windows Server 2008 (and 2008 R2) ending in January. It’s true that mainstream support for those products ends January 15, 2015, but extended support will continue for another five years – so there is no need to panic. Here’s a helpful Microsoft graphic that clarifies the difference in the support phases:

Microsoft support phases

So the most critical thing we need – security updates – we will continue to get, and if you really get into a jam, pay-per-incident support will still be available.

What this really means, particularly for the desktop side of things, is that it’s time to start seriously thinking about what comes next. No one but the purveyors of malware will benefit if we have another struggle like we did with Windows XP (“You can upgrade my Windows XP system when you pry it from my cold, dead hands!”). Yes, it was a great O.S., arguably the best that Microsoft had produced at the time, and maybe, just maybe, even better than Vista – although I’m not entirely ready to concede that. (I liked Vista – I was just annoyed by the lack of device drivers when it was released.) But Windows 7 was clearly a superior Operating System, and the resistance to change finally reached the point where it was just silly. Heck, as recently as last month, Windows XP still had a 17% market share, according to Net Applications, and that’s just crazy from a security perspective.

I’m cautiously optimistic that Windows 10 (what the heck happened to Windows 9, by the way?) will be Microsoft’s next great desktop O.S. I ran Windows 8 for quite a while, and I’m now running Windows 8.1, but I’m also running Start8 from Stardock Software, which gives me back some of the features whose absence in Windows 8.x I found most annoying. It sounds like Windows 10 may, out of the box, do the things that Windows 8.x only did with the addition of third party utilities. That may not be good news for the makers of those third party utilities, but it’s an indication that Microsoft understands that they missed the mark and plans to address those issues. So, if I was a desktop admin for a sizable company, I’d be all over the early releases of Windows 10 and already starting to plan how I’m going to transition to it, if it’s as good as it appears it may be.

On the server side, there’s no reason not to deploy Windows 2012 R2 on any new servers you’re installing these days. It’s a fine O.S., it’s stable, it’s secure. You may as well start getting your feet wet, if you haven’t already.

Bottom line: plan, don’t panic. Start planning now. Don’t repeat the Windows XP saga.

Are the Advantages of BYOD Worth the Security Risks?

Check Point Software recently released their Third Annual Mobile Security Survey, highlighting the impact of mobile devices on IT security. They surveyed more than 700 IT and security professionals in the U.S., Canada, Germany, the U.K., Australia, and New Zealand, and the respondents were spread fairly evenly across the spectrum of business sizes, with the largest segment (29%) coming from businesses with between 100 and 1,000 employees.

Here are some of their key findings (quoted from the site linked above):

  • The Greatest Threat Resides Within Your Organization – 87 percent of surveyed professionals believed that the greater security threat to mobile devices were careless employees. Nearly two-thirds of the respondents believed that recent high-profile breaches of customer data were likely due to employee carelessness.
  • Proliferate Use of Personal Mobile Devices on the Corporate Network – Despite careless employees as the weakest link into businesses, 91% of IT professionals saw an increase in the number of personal mobile devices connecting to their networks over the past two years. In 2014, 56% of those surveyed managed business data on employee-owned devices, up from 37% in 2013.
  • Mobile Security Incidents Expected to Rise – 2015 is shaping up to be a risky year, according to those surveyed. Of the security professionals surveyed this year, 82% expect the number of security incidents to grow in 2015. Additionally, nearly all of the respondents (98%) expressed their concern about the impact of a mobile security incident, with the greatest concern being the potential for lost and stolen information.
  • Cost of Mobile Security Incidents Continue to Rise – 2014 saw an increase in remediation costs for mobile security incidents. Of the IT executives surveyed, 42% noted that mobile security incidents cost their organizations more than $250,000.

Consider some additional trend data:

  • Computerworld predicts that BYOD smartphones will continue to grow at roughly a 30% CAGR through 2017 – from only 88 million two years ago to 328 million in 2017.
  • Rapid7 quotes a Cisco prediction that by 2016 there will be 1.62 billion mobile devices (of all kinds) in the workplace. They also state that more than 80% of the mobile devices in the workplace today are employee-owned.
  • Over a year ago (back in May, 2013), Gartner predicted, based on a global survey of CIOs, that, by 2017, more than half of companies will require their employees to supply their own mobile devices.

So let’s recap: 98% of the Check Point respondents were concerned about the impact of mobile security incidents on their businesses, 42% said that such incidents had already cost their businesses more than a quarter of a million dollars, 82% expect the number of security incidents to grow in 2015. Yet nearly all have seen an increase in the number of personal mobile devices connecting to their networks over the past two years, and, by all indications, the BYOD trend will continue and, if anything accelerate. Which brings up two obvious questions: (1) If BYOD is such a security risk, why are businesses overwhelmingly moving in that direction? And (2) What can a business do to leverage the benefits of BYOD while still limiting the exposure to security risks? Let’s look at these two questions…

Why BYOD?

  • It reduces the business’ capital outlay for mobile devices. Even in cases where businesses give their employees a cash allowance to purchase the mobile device of their choice, the company generally saves money in the long run by not being responsible for the maintenance and repair of an employee-owned device.
  • Employees are more productive when working on their preferred device. Someone who has been using an iPhone for years isn’t going to be happy about being handed a company-owned BlackBerry device. A Mac user isn’t going to want to deal with a company-owned Windows laptop – and vice versa. Younger workers in particular, who have grown up with technology, want to use what they’re accustomed to using, and will be more productive if allowed to do that.
  • Employees who use mobile devices for both work and personal matters tend to put in more hours per year – some surveys suggest as many as 240 more hours per year – than those who do not.
  • Given the above, business who do not implement BYOD may find themselves at a competitive disadvantage.

How to Do BYOD Safely
First of all, more and more organizations are implementing some form of mobile device management (MDM). According to the Check Point survey, 56% of organizations were managing the business data that exists on personal devices, up from 37% in 2013. There are numerous MDM products on the market, but I would suggest that managing the mobile device itself is only part of the problem. A complete solution would also include mobile application management (MAM) – some mechanism to deploy secure applications to a mobile device…applications that would be “sandboxed” away from an employee’s personal applications, such that the data accessed by those applications would be isolated from the personal applications, and information could not be copy/pasted from a secure application into a personal application. It would also be nice if the organization could selectively wipe the secure applications and associated data from a mobile device while leaving the employee’s personal data and applications untouched. Citrix XenMobile Enterprise is such a solution, and the following 16 minute video does a great job of demonstrating the XenMobile Enterprise user experience:

And, of course, if your users need access to full-blown Windows applications, not just mobile apps, they can securely access those applications via Citrix XenApp or XenDesktop, as we’ve been doing for years.

Bottom line: BYOD is here to stay. Businesses are increasingly turning to BYOD because of its advantages, even though they recognize that it brings with it significant security risks. It is, however, possible to gain the advantages of BYOD without compromising the security of your company data, and VirtualQube, by virtue of our longstanding partnership with Citrix, can help.