The Internet of Things, that ever growing universe of connected devices that includes everything from baby monitors to electric grid sensors, is driving a data explosion. By 2020, Cisco estimates, the IoT will generate 600 zetabytes of data a year. That’s 600 trillion gigabytes of data.
That IoT-fueled data growth could have a dramatic impact on the way eDiscovery is conducted, according to Antigone Peyton, chair of the intellectual property & technology law group at Protorae Law PLLC, who recently spoke to Logikcull about the future of eDiscovery and cybersecurity.
At Protorae Law, Peyton handles complex eDiscovery issues and litigation, including the reasonable scope of discovery, helping businesses understand, investigate, and remediate around practices that may lead to breach or data compromise. (Peyton will also be speaking at an upcoming Logikcull Corporate eDiscovery and Cybersecurity User Group on May 18th, in Washington, D.C. Register now if you haven’t already!)
“The proliferation of objects that create data about people and their activities, from a personal and business perspective, raises a host of eDiscovery issues that we have not previously encountered,” she says. When it comes to the Internet of Things, “a lot of these objects are not designed in a manner where it’s easy or intuitive to gather or understand the information that they collect about us.”
The IoT is ushering in the “third wave” of eDiscovery, Peyton argues. “We now have all these disparate computing centers with sensors that are collecting and creating lots of data about us, but they’re not part of our traditional enterprise model.”
That IoT-generated data is becoming increasingly important. Attorneys who deal with employment, insurance, and health-related issues “tend to be more sensitive to the fact that relevant information might be gathered from IoT objects,” Peyton finds. Litigators are just starting to come around to “the power of IoT information and how it can be used to tell a story or refute a position.”
In-house counsel, on the other hand, “are not thinking about IoT as part of their information governance or litigation responsiveness efforts,” she explains.
But they’ll need to catch up, soon.
"Right now there’s no single protocol for these systems... It’s really the Wild West in that area.”
The growth of the IoT will create “a whole new set of challenges for in-house counsel, outside counsel and eDiscovery companies because right now there’s no single protocol for these systems, these sensors talking or storing data or providing export functionality. It’s really the Wild West in that area.”
“Like with traditional enterprise data systems, we’re going to have to figure out systems and technologies to help us wrangle in all these IoT devices and the data they collect, in a manner that makes it cost-efficient and effective for us to collect, review and analyze that information.”
Future-facing tech developments like the IoT aren’t the only thing that attorneys need to stay on top of, however. Peyton notes that legacy systems and technology can pose significant data governance and cybersecurity threats, and there’s rarely anyone paying attention to these risks.
“That might be a highly insecure system and a gateway to corporate infrastructure that nobody was really thinking about..."
Consider, she says, an old database in an R&D facility. “It’s just been sitting there, online or offline. Slowly, over time, the company is losing knowledge about those systems -- how they’re connected, how they’re secured, who has access to them -- and so they’re sitting in a cybersecurity time well.”
“That might be a highly insecure system and a gateway to corporate infrastructure that nobody was really thinking about at the time that they took efforts to update, refresh, and improve corporate infrastructure.”
Once such systems are compromised, intruders can “roam around and get lots of different, damaging information that should not see the light of day.”
Peyton sees opportunities in machine learning technology when it comes to recognizing and responding to potential breaches.
“One of the things companies really are doing a good job of is putting smart sensing technology into their systems, baking them into their infrastructure -- technologies that would allow them to learn if there is a spike in data that’s being pulled out through a particular system, or an unusual spike in activity that’s inconsistent with that time of day or day of the week, or with a user’s prior behavior.”
"Technologies that used to require customized systems that cost hundreds of thousands, sometimes millions of dollars, are becoming more accessible and available..."
“This is really an opportunity to utilize machine learning technology along with cybersecurity programs so that they can have more intelligent and actionable information about uses of their system and when uses are peculiar and should be investigated.”
And she sees technology reducing the barriers to access when it comes to such solutions.
“Now that the world has moved to the SaaS, utility model for cloud computing,” Peyton explains, “the technologies that used to require customized systems that cost hundreds of thousands, sometimes millions of dollars, are becoming more accessible and available to smaller and medium-sized businesses that want to build their infrastructure on enterprise-level systems.”
For in-house counsel who are just starting to address cybersecurity, IoT, and eDiscovery issues, Peyton recommends starting with the basics. “The first point is to get together a team of stakeholders who can help you understand the company’s business and the current processes and understand which ones are necessary or important for the business and which ones can be changed in light of cybersecurity or data protection needs.”