NIST logo
*

****WORKING DOCUMENT****

5.5      eDiscovery

Actors:  cloud-subscriber, cloud-provider, legal-representative, transport-agent

Goals:  To maintain data objects and their metadata, which are stored and processed in a cloud, so that the data provenance can be known, and to provide data to an authorized legal-representative on request. The cloud-provider must be able to collect a snapshot of data about the cloud-subscriber.

Assumptions: The legal-representative has obtained authority from a court to have the cloud-provider locate and preserve information of interest.

Success Scenario (ediscovery, IaaS):  An authorized legal-representative formally requests that a cloud-provider disclose information stored on behalf of a cloud-subscriber. The cloud-provider maintains logs that allow the cloud-provider to indicate the provenance of data in the cloud-provider's infrastructure that belongs to a specific cloud-subscriber.  In response to the request, the cloud-provider creates a snapshot of the relevant data stored on behalf of the specified cloud-subscriber, including data regarding active virtual machines or other processing elements that the cloud-subscriber uses or if available, has used.  The cloud-provider conveys the requested data to the legal-representative by an appropriate means (e.g., by transport-agent if the data is large).  The legal-representative may be required to compensate the cloud-provider for the costs of providing the service.

Failure Condition: The cloud-provider fails to execute the request at all or in part.

Failure Handling: The legal-representative must confront the cloud-provider via the court system for resolution.

Credit: SNIA has a brief description in its draft use cases [SNIA].