Exterro trends for 2023

​

As the IT challenges facing businesses continues, we ask legal GRC software solutions provider Exterro’s (www.exterro.com) senior engineer, Mark Hasted, Director – Sales, Nick Rich, Regional Vice President of Sales for Europe, Miles Clee, and International Training Instructors Jon Cook and Adam Firman for their views on what trends we can expect to see in 2023 …

“Corporate digital forensics are proving harder to carry out with a remote workforce,” says Mark Hasted, Senior Engineer.  “When performing a covert investigation, for instance, to detect if a user has been stealing intellectual property, it’s no longer a case of physically borrowing that laptop.  Security teams now need to obtain remote access to that device and to scan and image it.  By centralizing the data, it can be analysed by a designated expert or segmented and sent to multiple teams all of whom may also be working remotely.  Advances in workflow automation are helping corporations adapt to the new normal by reducing the dead time associated with processing in this way with workflows that collect, review, and extract non-relevant data before assigning for review.”

“The move to take legal processes in-house will continue pace driven by both technological advances and the need to conserve spending in an increasingly cash-strapped economy,” adds Hasted.  “Many organisations are looking to slash their external review or DSAR fulfillment costs associated with data protection regulations which run into thousands when external counsel is used.  It makes much more sense to bring such processes in house where they can be carried out using automated legal GRC software by non-legal teams such as HR.”

“The drive to bring more legal processes in house will also see demand intensify for solutions that prioritize the user experience (UX) and make legal processes less opaque.  Platforms that offer a single user interface and visual dashboards will gain the edge over competitor solutions because they will minimise the need to train non-legal users on how to access this data,” continues Hasted.  “At the same time, we’re seeing the need for more checks and balances to be built into the technology to ensure data is shared correctly over international boundaries, with any potential violations flagged to team leader or administrator.  This is making it much easier for organisations to streamline their data processing across multiple jurisdictions.”

“We expect to see growth in Centralized Privacy or Privacy-by-Design over the next few quarters as consumers push for better privacy experience,” says Nick Rich, Director, Sales.  “This will compel businesses who wish to gain ground to prioritise privacy.  We believe that most organizations that have extensive customer-facing touchpoints – be that websites or applications – will therefore need to become more proactive and to bake privacy into their service offering.”

“We are definitely on the cusp of a super cycle regarding GDPR,” explains Rich.  “The regulations came into force in 2018 so next year will see many of the solutions originally put in place amortized at the end of a five-year lifecycle.  That software has outlived its usefulness and the data mountain has grown under the feet of the business.  Many of those that went through that first wave are saying, ‘Yes, we did it, but the process was quite manual and painful to achieve, so let’s do it properly this time round using automation’.  The overwhelming impetus for the government will be to stay aligned to EU GDPR so as not to risk its position with respect to data adequacy.  Light changes may be made but the fundamental principles will remain intact because otherwise the government risks providing the EU with ammunition over which to contest our adherence to the adequacy requirements.  There’s no political will to diverge from the core precepts of GDPR so companies can expect little disruption to their current approaches to compliance.”

“There’s been massive growth in Data Subject Access Request (DSARs) as consumers are exercising their muscle to find out the data held on them by data processors but we’re also increasingly seeing these weaponized,” explains Miles Clee, Regional Vice President of Sales, Europe.  “The increase in DSAR activity has caught many businesses unawares.  For example, when an employee leaves, if they request a DSAR this can prove almost impossible to fulfil for HR.  They must use e-discovery to track down touchpoint, every conversation and document attributed to that individual.”

“Most companies don’t have an automated DSAR solution so fulfilling that request can present a massive challenge,” continues Clee.  “Often, they don’t realise the work involved until it happens and then, unable to fulfil the request, it inevitably turns into a negotiating round with the subject.  Armed with an e-discovery solution, they can discover all the data sources, connect to every third-party solution and identify files with that PII, redact the data and present It back to the subject.”

“Digital Forensics now permeates every part of policing with evidence trawled from devices from suspects, victims and witnesses alike.  It’s no longer a small specialist unit providing output to another specialist unit but has become the ‘bread and butter’.  What hasn’t changed as quickly is the budget allocation to reflect its pervasiveness,” says Jon Cook, International Training Instructor.  “At the present time, there’s no coordinated process, with each force handling it differently with different forms, hardware and software.  This limits functionality, prevents efficiency and increases the cost to the taxpayer.”

“A more national standard of processing and data review would provide a more cost effective and efficient service.  Police forces who invested in their infrastructure pre-Covid are now faced with needing to do so again to cope with rising data volumes.  Do they do that amid spiralling costs or move to the cloud?  They recognize the value of being able to review their data from anywhere without the geographical constraints of getting data to the DFU, can see the advantages of more powerful processing and moving from a CapEx to a subscription model but are unsure of how to do so,” explains Adam Firman, International Instructor.

“The overarching concern for the police has been how to store data in a legally defensible manner but with the storage of sensitive evidence in the cloud having been validated during the West Midlands Police digital forensics project, next year should see the way clear for forces to move their digital forensics from on prem in a bid to reduce outlays and control costs through scalability.”