Technical Consultant, Mimecast
User Name
Bradley Sing
Bradley Sing
Bradley Sing is currently Technical Consultant at Mimecast where he has been since November 2016. Bradley has been working in the technology industry for almost four years and draws on his previous experience to help align customer business needs with the technical solutions that Mimecast provides, which ranges from product demonstrations to help documenting processes and aspects of products. Prior to his role at Mimecast, Bradley worked across the web hosting & domain name industry in Australia, working for Melbourne-based web hosting startup Hosting Australia and previously Melbourne IT Group.
Related Articles
Available Now: The Get Cyber Resilient Magazine - Volume 1
In this edition insights from Mimecast’s Co-founder PeterBauer as well as APAC cyber leaders who form part of our Customer Advisory Board and local industry experts. While there is no silver bullet to stopping cybercrime these stories are designed to help guide you in your cyber resilience journey.
Read MoreZero trust’s pitfalls – and how to sidestep them
From piecemeal strategies and legacy systems to poor implementation that roadblocks productivity, there are plenty of examples of zero trust going wrong. So how do you make the popular framework work for you?
Read MoreWhy the answer to cyber’s talent shortage could be staring CISOs in the face
Australian cybersecurity is facing a perfect storm, as a talent shortage coincides with a rise in attacks. A shift in mindsets can help, with flexible approaches to hiring and upskilling offering hope for resource-strapped CISOs.
Read More
Content
There has been a lot of media about Royal Commissions over the past couple of years, and as such they’ve been hard to ignore. The Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry brought entire industries, even the safest and largest organisations such as the ‘Big 4’ banks into the public eye.
What you might not know is that since the year 2000, there have been 12 Federal Royal Commissions established by the Government of Australia and 23 at a State Level. Prior to this, and especially in the earlier days of federation there were a lot more, however I’ve highlighted the ones in the 21st century as these Royal Commissions have been affected by an additional data set - email. With this in mind, is your organisation ready for these types of requests? If so, how would you respond if your organisation was put under the lens of The Commonwealth?
Let’s take a step back – what is a Royal Commission?
In the Australian system of government, a royal commission is the highest form of inquiry on matters of public importance. These can affect organisations across all industries, from banking, the 2009 Victorian Bushfires and in the spotlight now, the Royal Commission into Aged Care Quality and Safety. Most recently the Royal Commission into Violence, Abuse, Neglect and Exploitation of People with Disability has been subject to inquiry.
So how do they work?
A Royal Commission is like litigation in the sense that those conducting the enquiry have the right to gather evidence, call witnesses and cross examine them. Evidence can also be supplied by members of the public. In the example of the current Aged Care Commission the top 100 approved providers of Aged Care in Australia were asked the following question in December 2018.
“Since 1 July 2013, have there been any occasions when your service or outlet has provided substandard care, including mistreatment and all forms of abuse?”
Out of the 100, 83 responded in time. This was no easy task given that these organisations were asked to supply it was five years’ worth of data, documents and records.
Whilst there are many forms of ‘records’, email remains the number one communication tool within business. For the organisations that managed to respond by the deadline, a lot of time and resources were spent scrambling to get the information together.
If you were asked to provide every single email that included the word ‘misconduct’ in it from the past five years, how easy would it be to provide to your legal team? And how long would it take?
It starts to get expensive
Royal Commissions are funded by the Australian taxpayer, and as an example the Banking Royal Commission cost the public $75 million dollars. Due to the expenses involved, there are usually tight deadlines involved around these types of inquests. In terms of total cost however, it’s more likely to be closer to $1 billion dollars when taking into count the cost passed onto the affected organisations.
For your organisation, would you have to hire contractors? How would you work with your digital data in conjunction with your legal counsel? As we know lawyers bill in six-minute increments, so you can start to see how costly and expensive complex e-discovery begins to be.
What features does my Modern Archive need?
There are a few key features which your modern archiving strategy should have, specifically, compliance, accessibility and portability.
Compliance
The first essential thing is to have a copy of every single email required. Native email platforms such as Office 365 or Exchange on Premise aren’t configured to, or don’t maintain, a copy of every single email which allows end users to remove emails or administrators to bulk purge large amounts of data.
Even if your organisation adopts a backup strategy around email, is it truly compliant? Quite often what we see is that if emails are removed from an environment before the backup snapshot occurs, there is a large chance that emails aren’t being stored in line with company policy.
Accessibility
Once you have ensured that you have met the compliance requirements, we can move to how the data is accessed. Often requests to IT will come from different stakeholders in the business, often from non-technical roles such as legal, risk, HR or compliance.
You need to ensure that the tools are in place to enable these different stakeholders to not only do their best work but also to ensure that eDiscovery is being performed via a safe, secure and compliant method. Historically organisations would recover from a backup, hope it’s the correct one, load it onto a virtualised environment and then provide a PST copy to the stakeholder who requested it.
The stakeholder then needs to sort through or ‘sanitise’ that data. We’ve seen this fall back onto software such as Microsoft Outlook, and while it is a great platform for email communication, it was never designed to sort across data sets.
Portability
Once access has been provided, you need tools to ensure that the relevant stakeholders can sort through that data quickly and provide it to the person that needs it. If you are working with external counsel, which is both costly but generally necessary for this level of inquest, you need to be able to provide this data to them.
Once your legal team has that data, they will want to investigate it, potentially reviewing thousands of email entries and communications. You will also find that the review might be undertaken by large teams of paralegals and other contractors so ensuring that they can access the data securely and quickly is vital.
In many instances these teams are looking for a single email which can help defend the position of your organisation. Whilst it may seem like a ‘needle in a haystack’ exercise, ensuring they have the best tools will help reduce cost to give your organisation a strong position to handle these types of requests.
Take Away
Your Modern Archive needs to be Compliant; it must be Accessible, and it needs to have Portability. Whilst this article has focused on the needs of archiving in relation to Royal Commissions, the tools and methods required can be applied to any form of litigation, HR request or eDiscovery which may be required in the future.
Comments:0
Add comment