More On

Choosing between two data collection approaches in an IaaS environment

Although the data collection tools resemble those of a standard IT environment, the methodology can differ

In part one of this three-part series, we discussed some of the basic concepts and advantages that result when organizations abandon the traditional concept of data storage and move their IT infrastructure to Infrastructure-as-a-Service (IaaS) providers. Part two of the series dealt with the data’s location once it has entered the cloud. Now, we come to the end of our e-discovery rollercoaster and discuss how to best collect this data.

It is almost anti-climactic to discuss data collection tools in an IaaS environment, simply because they are the same tools that companies use to collect data from a standard IT environment. That’s right--the very same tools that organizations deploy to retrieve data from laptops, desktops, servers and the like can also collect data from an IaaS environment.

At this point, you’re probably thinking “This is great! We’ll do the same thing we do to collect the other data, no problem at all.” Of course, now it’s time for the big reveal, because, although the data collection tools are the same as those in a standard IT environment, the methodology used to retrieve the data differs from a more standard collection, in that the organization must choose between two basic approaches.

In the first approach to data collection, personnel allow technicians access to their computers so they can grab the cloud data that has already been mapped to their device (remember, the “S” drive from part two). From the IT perspective, this is the simplest approach because the technician does not need any credentials to access the data, as the custodians are already logged in with their credentials. From a business operations perspective, however, it’s a little trickier, as now you now have a member of staff unable to work while the technician copies the data from his computer.

The second approach essentially flips the script on the first, as the IT staff provides technicians with administrative credentials that allow them to map the cloud data to a computer of their choosing, from which they can collect the data. Now, from the business operations perspective, everything can continue running smoothly because the custodian will not be interrupted and removed from his computer. However, from an IT perspective, established risk management and network security policies may prevent giving a non-employee access to cloud data.

Either approach will end with the same result: The collection of data from the IaaS environment. The organization will need to decide which approach to follow based on factors such as:

  1. The time needed to conduct the collection
  2. The number of custodians involved
  3. The physical location of those custodians

So, there you have it. As I said, somewhat anti-climactic given that in this series we have discussed moving an organization’s infrastructure completely to the cloud in an IaaS environment, the location of data in this environment and, finally, the collection of data from this type of environment. There are, of course, multiple variables that can come into play, all dependent on how an organization chooses to configure its IaaS environment, and any of which has the potential to pose unique challenges to data collection. When in doubt, it’s always best to reach out to a trained specialist who can help navigate these challenges should they arise.

Contributing Author

author image

Jonathan Fowler

Jonathan Fowler, EnCE, ACE, is the Director of Forensics at First Advantage Litigation Consulting. He can be reached at

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.