We recently attended a Cloud Security Alliance Meetup, where Ed Hunter of Hunter Forensics discussed “Intro to eDiscovery and Forensics in the Cloud.”

Say someone sues your company, and your company is required to produce every email, every report, and every other piece of electronic data relating to the topic of the lawsuit. And say your company stores some of its data in the cloud, and perhaps the cloud provider is located in Europe, which has different privacy laws than the US. (Or even another state, which doesn’t feel it needs to comply with orders from a judge in your state.) And perhaps your data is on the same server as a completely different company’s, and that company does not want their server locked down. And perhaps we are talking petabytes of data.

As you can see, it can get very ugly very quickly.

Mr. Hunter pointed out that eDiscovery is not an IT issue; it is a legal process. Your company should have a policy that details how long you store what kinds of data, where you store it, and who is responsible for making sure it got stored. This should be handled by a cross-functional team that includes IT. Obviously, if your company must comply with standards such as HIPAA or Sarbanes-Oxley, some of these issues are spelled out for you.

In effect, eDiscovery is a project management issue. Besides retrieving potentially huge amounts of data, you have to worry about such questions as, how many copies do you need to produce—one per litigant, or more? Stored where? Who will monitor the chain of custody and the record of access, and how? How long is this going to take, and how much will it cost?

We came away from this excellent overview completely humbled by the scope of the challenge, and with a new regard for an industry segment we were only peripherally acquainted with.

For more on the Electronic Discovery Reference Model, visit http://www.edrm.net.

We attended Sys-Con’s Cloud Computing Expo in Santa Clara, November 1-4 (http://cloudcomputingexpo2010west.sys-con.com/). Overall, we thought it was a well-run and useful experience, although we did experience a few sales pitches disguised as “presentations,” which was annoying. And why was the wi-fi coverage so bad in the Hyatt–didn’t they realize that several thousand nerds would be trying to use the network? Isn’t that a weekly occurrence for them, being almost an annex to the Santa Clara Convention Center?

We were especially impressed with the caliber of the people on the exhibition floor, and security talks presented by Steve Riley of AWS and Bernard Golden of HyperStratus.

While in town, we were also able to visit The Tech Museum (http://www.thetech.org). Although we were hoping to see more about the history of technology, especially in Silicon Valley, the interactive exhibits were well done. We could definitely see that it’s a great place to bring hoards of students, to give them a chance to “touch” science.

It was so fun to be in our old stomping grounds–in fact, just a few miles from where we met, on De La Cruz Blvd in Santa Clara, at a long-gone startup.

But then we came back to San Diego and experienced that weird situation–the one where you’re gone for 4.5 days, but your laundry and your workload expands to the amount you’d usually see in a month. How does that happen?! Tired-but-inquiring minds want to know.