eDiscovery & Cybersecurity: can you be good at both?

Not like the otherEDiscovery and cybersecurity share a few things in common. Both are concerned with data ending up in other people’s hands (intentionally or not); both potentially impact an organisation’s reputation; both involve lawyers at some stage; and both use a lot of the same underlying technology to identify important data. So why is it so difficult for vendors that offer both to thrive in both markets simultaneously?

I say difficult because I was struck late last year by evidence that some key vendors that operated in both markets were finding that straddle to be painful. First Symantec announced it was going to split in two. Although Symantec had largely run down its Clearwell eDiscovery business to a handful of people, it is still in the eDiscovery business – it’s offering demos of version 8.0 of its eDiscovery platform at this week’s LegalTech show – and that part is to live within the new information management part of the company, which has seen the resurrection of the Veritas brand.  Cybersecurity meanwhile will be a key part of the security part of the new bifurcated Symantec.

Soon after Symantec’s news, AccessData announced it too was splitting into two companies, with the new Resoution1 Security focusing on cybersecurity while AccessData focusing on eDiscovery and forensics. It did so, to enable each to “grow their distinct businesses.”

And then somewhat under the radar, Guidance Software changed its CEO, edging out Victor Limongelli who had joined the company in 2003 to get it into the eDiscovery business, which he did. But the company has been fiddling with its eDiscovery pricing models a lot over the last few years and tried to boost its SaaS business by acquiring CaseCentral in 2012. But it admitted on its earnings call in November 2014 that that deal hadn’t worked out, as it found it too difficult to prise customers away from the SaaS-based eDiscovery products they were using – a reference most likely to kCura Relativity. The company is now set on a course dominated by cybersecurity and although Guidance recently indicated that it still cares about the eDiscovery market, it appears to be a declining level of interest.

So why can’t these vendors successfully combine both disciplines in what are two growing markets?[

  • Is it because the corporate decision-maker is completely different?
  • Is it the size of the deals, or how long they take to close?
  • Is it the different relative maturities of the markets?
  • Is it internal vendor issues, i.e. the sales team can’t stretch and adapt to sell the same underlying
  • technology but with different applications on top?

I don’t have all the answers but I’m sure some of those issues are directly relevant.

Now, this doesn’t apply to every vendor; some do appear to be able to operate successfully in both markets, though most are professional services – rather than pure software – companies. Those that can straddle the two can learn lessons from one market to apply in the other, which is much harder to do if you’re separate companies.

There are many other connections between eDiscovery and cybersecurity – some believe law firms are a disaster waiting to happen in terms of information security risk, for example. But overall it strikes me that better eDiscovery preparedness equals better cybersecurity preparedness. As it makes little sense for legal and security to operate in separate silos, I believe if vendors can make the most of the synergies between the markets they will be better off in the long term.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.