A Q&A About KLDiscovery’s Technology and Service Offerings
Bryan Kreitz, President of Business Development at Trinity Legal Discovery and a Nebula Partner in KLDiscovery's Nebula Partner Program, interviewed Eric Robinson, KLDiscovery’s Vice President of Global Advisory Services & Strategic Solutions, discussing the company’s range of legal technology and service offerings.
The interview below has been edited for clarity and brevity.
Bryan: Eric, thank you so much for joining me today on this call. I've been looking forward to this one for a little bit. I'm excited to expand the knowledge base of not only my clientele, but people [who] work with you directly. Because a lot of times people think KLDiscovery—it's eDiscovery as a whole. Hopefully in the next 30 minutes or so, we'll help open people's eyes to [the] full range of what [KLDiscovery has] the capability to do and how you fit into that. [Tell us] a bit about your background, how you got involved with KLDiscovery.
Eric: Sure. Happy to do it. And let me just say, thanks for having me, Bryan. The information and what you bring to your clients is value added and it's a great addition to the knowledge base in the industry.
Bryan: Thank you.
Eric: Let me also say, from KLDiscovery’s perspective, [we’re] really proud [of] the partnership we've developed with Trinity and the work that you all do—and being a small part of that process.
Bryan: You're more than a small part, but I see where you're going.
Eric: So the Reader's Digest version on Eric Robinson: I'm an old man who's been around this industry the better part of 25 years. I'm a lawyer by education, opted not to practice. I've been on the legal operations, eDiscovery, [and] legal technology side for my entire career. I've had the somewhat unique pleasure of having served in this industry on multiple sides of the equation. While I've been with KLDiscovery and predecessor organizations to the KLDiscovery family for about 16 and a half years, I've also worked in the law firm environment and in corporate legal, [giving me] somewhat of a unique perspective having been a user, buyer, provider, implementer, and having spent a lot of time growing in this industry over the years.
As far as roles go, I'm the Vice President of Global Advisory Services & Strategic Solutions here at KLDiscovery. What that means from a practical perspective is the Advisory Services team serves two core functions. One is to service subject matter experts across the discovery and information governance spectrums, to support our partners and our sales team in guiding clients through these processes. Then on the reactive side, [it’s] being part [of] and offering consultative services in active engagements, whether that's [for] data governance, information governance, legal ops, consulting, cyber incident response, or core eDiscovery because at our core, we are an eDiscovery company and everything else we do stems from that.
Bryan: I will say having met you, talking to you over the phone, and even me being a partner going on three years with you all, some of the stuff you do, I was like, "Oh wait, hold on. That's something we can work with and bring to our clients." One of the things I've talked with you about is you can see [the] excitement about some of that stuff you work on. What is it about this role that just makes you smile?
Eric: Oh, we were joking before we started...
Bryan: Or frown sometimes.
Eric: Yeah. Well, sometimes it's both and they're not mutually exclusive. You and I were joking before we started the recording that we could spend hours talking about any particular component of this conversation. But for me personally, I'm not a sales guy. I get very involved in the sales process, working with clients, serving [with] my team as subject matter experts, but I really enjoy problem solving, troubleshooting, and designing solutions that meet the client where they need to be. Not where they're at, but where they need to be.
Bryan: We know a lot of clients aren't really where they need to be currently.
Eric: One of my favorite sayings as a consultant is our clients pay us to tell them what they need to hear, not what they want to hear.
Bryan: Doesn't always go as well as we'd like it to.
Eric: No, you're right. But that's where, having been long in the tooth in this industry, I can say to a client, “This is what you've engaged me for”. I could tell you what you want to hear, but if I do that, then you are not going to get the results you're expecting.
Bryan: That makes sense. And to use that, for the people watching this, we are going to stay high level because we could go [for] hours on end. Helping a client, telling them what they need to hear is important, so we're going to break down a couple of the major functions you do with KLDiscovery. You mentioned data management and information governance. We talked about data hygiene, so how [does] all that roll up together?
Eric: [Let’s] look at this from a core perspective of, what are all the elements that impact eDiscovery, keeping in mind that KLDiscovery is at [the] core an eDiscovery organization. We're providing eDiscovery technology and services. What we have found, and where we have grown organically, is assisting clients in better managing their data [on a proactive basis]. Whether that’s through designing and implementing print archiving solutions, preservation archives for the data subject to some sort of legal, regulatory, or business preservation requirement, to looking at legal, with respect to the data. I started to jump into the legal ops spectrum, which is another question. But doing the data hygiene thing is understanding what data you have versus what data you actually need or thought you were keeping. There are still, in this day and age, many organizations that don't have a firm grasp on what data they have and where it all sits.
Which, again, if we bring it back to the eDiscovery world, it's not necessarily a big problem given how the cost [of] storage has dropped over the years. But maintaining data that you have no business, legal, [or] regulatory purpose to maintain creates downstream risk from the eDiscovery perspective because if you have it and you have a discovery request implicating that data, [which] otherwise shouldn't be around, you now incur the burden of time, cost, and angst in having to preserve, collect, process, and review that data.
Bryan: Yeah, we talked about that, and I try to be fully transparent. Everybody knows I'm a huge fan of KLDiscovery. I have a client [who] probably has never deleted anything. We're setting up a call, which will probably be months of calls and meetings to get our heads wrapped around [it all]. Knowing I have the ability as a partner to still run point, but [with] the expertise [of KLDiscovery], we can say to my client: “How do we get rid of everything you don't need?” Because like you said, that downstream cost is where it's going to bite you.
Eric: Right. And it's not even just…again, I know we're focusing on the eDiscovery piece. But think about, even for organizations that are in a merger and acquisition stage, whether they're doing the acquiring or being acquired, the data you have is an asset and a liability at the same time.
Bryan: Good point.
Eric: Whether it's for core eDiscovery, data governance, or information governance, this concept of data hygiene is a huge component of what I would call healthy data management. We haven't even touched on how things like cybersecurity, privacy, biometrics, data subject access requests, or any of those things apply [to] the data. Everything starts with the data. Your policies apply to your data, your protocols for managing data apply to your data, your systems are designed to manage your data, or they should be. Understanding what you have, where you have it, why you have it, and the importance of that data to your organization is all really important and feeds everything else.
Bryan: You did touch on a couple things, but I'll still try to break this down at different levels because each one plays a different role. Now, I can see how all of this could fall under one umbrella, but it's still in pieces. We talked about governance, but let's talk about the compliance side. How [does] that fit into your services and what KLDiscovery can bring?
Eric: Compliance is, to use your language, an umbrella and every organization is going to be structured somewhat differently. But if you really think about it, managing data privacy, managing information security compliance, all of that stuff at some level is part of a compliance program. What are your policies and procedures around data? What are the policies that your employees or your customers or your clients or your partners are supposed to be adhering to with respect to your data? Compliance touches virtually everything. Now, we can segment that. You've got financial compliance, privacy compliance, security compliance, [and] cyber compliance. There [are] all different components that can come together. It's like talking about information governance. Information governance is an umbrella that also has lots of different components underneath it.
Arguably, if you look at the information governance reference model, I was fortunate enough to be part of a team that actually redesigned the information governance reference model, or the IGRM, through the EDRM organization. We spent hours trying to sort out how these things get bucketized. And really, I was honored to be part of the group, [and] people much smarter than I am [came] to the conclusion that you can't. These things are all interconnected, you can put whatever labels you want on them, but they have to touch and you can't do something to one without impacting another. It can become a spiderweb. I don't want to monopolize the time on this one subject, but it is a critical element and it is a core piece of understanding as you start to think about [your] compliance requirements compared to [your] data governance and data management requirements, whether they're pushed upon me by some sort of regulatory requirement, HIPAA, for example, or whether it's something I've imposed to say this type information is of very significant business value, so I need to make sure I'm preserving that data for a set period of time. And there's no legal or regulatory requirement to do that, but I think for my business purposes, that's what I need.
Bryan: I want to touch on one more aspect. You mentioned earlier the cybersecurity side of things, your incident response. This is going to be a two-part question. One, tell me about your cyber incident response team, your cybersecurity team, what you are available to do, and how you do it. So, talk about cybersecurity and then, two, how do you prioritize [it] with the client [on] where you're going to start? Do you start with compliance? Do you start with information governance?
Eric: At the end of the day, it really is a conversation because we can put whatever labels we want on it, but KLDiscovery subscribes to a very collaborative, consultative approach across all our solutions and services. With that in mind, all of these are conversations (and part of those conversations is ensuring the right people are in the conversations). If we're doing an information governance and/or compliance assessment with a client, one of the very first discussions we have is a meeting of the strategic stakeholders defining and documenting the objectives. Obviously, they may change as information is discovered. But then also working with the client to define, at least initially, what is the success criteria for this engagement? We have to take our clients where we find them and we may walk into a scenario and say here are all the things we suggest you do based on our first two hours of conversation.
The client may say we hear you, but we're really only going to do one of your eight items right now, [or] we're only going to tackle one, three, and six. We have to be in conjunction with our partners. Every component of every engagement may not be directly KLDiscovery. We'll never claim to do something or be experts in something that we're not, but we have partners we can bring in like Trinity. There are certain scenarios where Trinity may be the best person to bring into an engagement with us or vice versa, and [we’re] willing to sit down and have those conversations. Sometimes they're challenging, sometimes they can be frustrating for everybody, but [we need] to get to a consensus on the goal we're now working towards. Here's what you asked for, here's what you said you want to do, now how do we get there?
Bryan: I think that consultative approach, KLDiscovery as a whole does such a great job of that. Bring the information forward, here's what we're seeing, and how do we get [to our goal]? I tell people this all the time, especially my project managers on the eDiscovery side of things, we might get a crazy request from the client that really doesn't make sense to us on [the] eDiscovery side of things, but they're dead set on it being run that way. If it's still getting them where they need to go, even though it might not be the most efficient, we can only suggest and recommend, but at the end of the day, we have to rely on the client making the final decision on where they want to go. [It’s about] being there for them and saying, “Okay, we said this, but you're going to do this, where do we go next?”
Eric: And document the heck out of it. I mean, to your point about where [does] compliance fit in and how does it all kind of come [in] to play? There's no one answer to that question. When we look at it holistically, we can put whatever labels or tags on it we want to. It's really understanding what the specific client [is] looking to accomplish, and what is the most effective, efficient, and defensible way to get them from where they're at today to where they say they want to be. Then there are decisions being made in [the] intermediary space that impact how [we proceed] or the completeness of the end point, [which] are additional conversations. It's like making a change order. Here's what we planned on, here's the decision that was made, and here's how that impacts the end result.
Bryan: Data is so fluid nowadays I wish I could script out with clients, at least from [the] eDiscovery side of things, how everything would play out. We're going to collect the data, everything is going to go properly, [and] we're going to load everything. You're going to review, produce, and do your depos and trial prep block. But, [the] client forgot there was a terabyte of storage that pertains specifically to [the] case they didn't tell us about and [so it’s] always moving and you're always changing. KLDiscovery [has a] team ready to take the path put before [them]. Does [KLDiscovery] assist [with] implementing these decisions that are made, let's say, at a corporate level?
Eric: What is the nature of the engagement? I'll give you an example. We've had engagements where we've been brought in to assess an organization's current eDiscovery readiness, how they're doing things, what they're doing. The original proposal had an option for implementation. The client said, "Right now we just want to do the assessment." We can construct those engagements however the client wants to. We'll always provide the option for the client to go to the next level, to [take] the next step to actually do an implementation. And that can be a lot of different things. Sometimes the changes recommended are mostly procedural protocol, that type of thing, maybe even policy. When it's a technological recommendation [where we] suggest you replace [a] technology, I'm part of [those] evaluations. I was involved in one engagement where we were asked to evaluate the current technologies and make recommendations for enhancements or replacements. Sometimes that's all the client wants because they're not ready for the next level.
Whether we're doing it or we're working with a partner, [we say] here's what you've asked for. If you choose to go to the next phase, here's what it may look like, [and the] cost [and] time are all to be determined based on what happened in the preceding phase. We can be very involved and we have been [in] those circumstances where we have gone into that next phase to do the implementation based upon the recommendations. The client has said, "Okay, this is what we're willing to do now." For example, we've worked with outside counsel or even in-house counsel [in] drafting policies because we're not providing legal opinions, but we can [definitely] say, this is your policy. How are you going to implement it? How do you create a protocol to meet the policy, to be compliant with your policy? We have worked with clients to do that.
Bryan: Tell me a little bit about your cyber incident response.
Eric: It's interesting because we've been doing incident response data mining and ransomware recovery for years. We got thrown into the frying pan on incident response data mining back in the 2014 timeframe. It's public information, we've worked on Home Depot and Target way back when. We had very quietly been building a service offering around that work. Now, for clarity, we're not CrowdStrike, we're not what used to be Mandiant [and] is now Google. We're not doing the front-end cyber forensic work. We're not figuring out who the threat actor was and how they got in, or necessarily even doing the tracing of where they went.
Where we come in is the data mining component. Once the potentially compromised data set has been identified, whether it's a mailbox from a business email compromise, commonly referred to as a BEC, or a server-based event like ransomware or an unauthorized access, we get that data. Whether it's provided to us or our Forensics team or your Forensics team goes in and gets the data from the client environment based on where we've been told to go, we then have a dedicated team [who] does nothing other than the internal response work to do the data mining review, which is really a function of looking at the data to figure out what's in [it], who the impacted entities are. Let's say you have a healthcare facility that has an incident, you notice we don't use the B-word (breach).
Bryan: B word's bad. My mom told me that.
Eric: B word's bad. So we then do the analysis on the data to figure out who are the individuals impacted in the data and what are the sensitive data elements like social security numbers, patient IDs, whatever it may be that has been potentially compromised for each individual. In 90% of our matters, we're leveraging a purpose-built technology that's designed to do nothing other than data mining and does a great job with this work because eDiscovery platforms, generally speaking, were not really designed for data mining work.
Bryan: I think everybody can agree with that.
Eric: The Canopy platform represents a sea change in how this work can be done. In our experience, it's representing huge opportunities for both time and cost savings. Are there cases where using a platform like Nebula or even Relativity may be the more efficient solution? There are kind of edge cases where that may be [true]. But we'll always select the technology that is most appropriate for a given matter. And then we provide the entity report, [which] basically gives counsel and the client the information they need to determine who needs to be notified. Now, what we've done in building out the service offering is we've also developed partnerships within the cyber community. So if a client contacts us directly and says, "We've had an incident, we need cyber forensics," we've got partners [who are] cyber forensic experts we can contact.
Bryan: Makes sense.
Eric: Similarly, on the notification side, which is the back end of the process, think about the letters or the emails we've all gotten saying your account has been compromised or has potentially been compromised. They never come right out and say it. We have partnerships in place where we can bring those services to the table to help the client be as efficient as possible—not having to go out and hunt down five different providers across the space.
Bryan: That makes it easy because then it's a single focus. And just like with having you as our partner where if one of my clients has an incident, it's still a seamless, "Hey, you're not going to have to deal with 50 different people." I'm going to be running point. I'm going to have the team behind it. We'll get all the information making it streamlined. And so that gives me the ability to go to my clients and say, "I know you trust us for forensics and eDiscovery, here's where else we can make an impact and do it with a team that has years and years of experience." One of the things we talked about was how franchisees and partners fit into that. When partners [and] franchises are coming on, what would be the best way for them to work with the cybersecurity or the information governance [teams]?
Eric: From a practical perspective, every one of our partners has a partnership contact. [The] partnership contact is always a great means of connecting the dots because they're your relationship manager. That piece aside, the KLDiscovery website has links to both advisory services, which is my direct team, as well as to our incident response team. There's ways to reach us. People are always welcome to reach out to me directly. If it's not coming across, I actually enjoy talking about this stuff.
Bryan: I can tell.
Eric: I can help connect those dots as well. On the cyber incident side, the strategic vision for incident response is being driven by Laney Altamar, who is our VP, Cyber Incident Response & Legal Technologies. She's done a great job in building this out as a business offering. Then on the data mining side, Nathaniel Swearingen, Director, Global Cyber Incident Response, has done an unbelievable job in building processes and protocols and a dedicated team around the actual data mining efforts. Then the Advisory team layers in to provide either front end or back end consultative support.
Bryan: For anybody listening to this, the relationship between KLDiscpvery and Trinity has been awesome. Has it been roses every step of the way? No, but that's always going to happen. There's a learning [curve] and there's a growing together as we figure out everything. But I will say [to] anybody looking for the ability to have an eDiscovery platform, maybe you also offer Relativity. Not only that, but you can't go to [others] and get incident response and the ability to offer these types of things to your clients. But because of this relationship [with KLDiscovery], I can do that and go to my clients knowing I've got a team behind me.
I do want anybody listening to this to know I'm not getting paid for this, they're not giving me any kickbacks, [or] bonus. This is just because [of the] relationship we've developed with Eric and his team, and Keith [Burke] and KLDiscovery. I [also] had a question and answer with Chris Weiler [KLDiscovery’s CEO] and it's that type of company environment I think is really cool, you add that value, [and] you have somebody getting excited about compliance. You are like, “Let's figure this out.” Let's make this work for the client. That's the type of partner I need. I need someone who's going to be excited to help this client and be able to bring that next level [to] what they need.
Because at the end of the day, like you said, we're going to advise and consult. I am a sales guy, I talk a lot, I enjoy interacting with people. I like helping clients figure out how to win a case or figure out how to protect themselves through these scenarios. And like I said at the beginning, I don't know the numbers, but I would say [the] majority of companies aren't set up. Either they have too much data they're storing [or] they don't know where their data is. They [think] it's not in front of us, so I'm not going to worry about it.
Having you and your team available to step in when I have a client like my corporation that never deletes data, I can now say, "We're going to handle all your eDiscovery [and] Trinity has a team that is going to work on your behalf." That in [and] of itself sets us apart from so many others. We're a small company. We do big work, but we're a small company—just in the world of eDiscovery.
Eric: Don't undersell yourself, Bryan.
Bryan: But because of this relationship, we have the ability to now touch every piece of the EDRM.
Eric: I think there's a critical element in this that goes beyond the scope of what can be brought to the table, and even beyond the services and the technology itself. I think one of the things that has been the foundation of the successful partnership between Trinity and KLDiscovery is the synergy of the cultural belief that we're here to build relationships and to serve our clients. You can go and develop a solution that is going to cost the client a million dollars, but if you know they really only need [a] solution that is going to cost them $500,000 or $50,000, doing the right thing by your clients is really what establishes integrity in the space, and that's really, really critical.
Bryan: Hundred percent.
Eric: I think the relationship components are the foundational elements because it's great to have transactional work, and all of our businesses are built, to a great extent, on transactional work, but what really drives our success is the ability to build relationships where clients have [the] trust and confidence to come back. Everything we do from a proactive consulting perspective, to reactive eDiscovery and reactive consulting, is founded in that perception of building and establishing a relationship and being a good partner in the process. That's kind of my soapbox.
Bryan: I have always lived that way. Clients can come at me over a lot of things about mistakes, but integrity is never one that I will fault on. I've been asked for kickbacks before, I've been asked for favors and stuff like that. I'm just like, "Hey, use me because I do a phenomenal job, not because I'm going to pay you a percentage of the work you send me." If I don't get that work, then I don't get that work. I'm going to work to better my clients. How can I take care of them?
I love taking care of the client. At the end of the day, getting a text from one of my GC clients [saying], "Hey, they're singing your praises. You're doing a bang up job." I screenshot that. I'm saving that text forever. That's what we want. I want people to go, "Bryan's amazing, and he brought over Chris and they were the best." To round [it] all out, that's why I like [KLDiscovery’s] team. I'm so glad Keith reached out to me in early 2020 about acquiring us. No, it was 2019. And I was like, "We're just on the up and up and don't want to sell." Then Covid hits and he came back and [asked] about partnering with us. [He] brought Nebula in, and as they say, that was the start of this beautiful relationship. I'm glad we have it.
Eric, thank you for your time. I even learned some additional stuff. We've had several conversations, I've learned points where I can talk to a client, and it might be the client [says], "Oh, I need this, this, and this." I'm going to say, “I'm getting Eric and his team so we can get on a call because that's their specialty." I learned a long time ago in sales, if you fudge stuff, you'll end up getting called out. So I learned very early on just to say, "I [have] a team behind me that is set up for this, and we'll hop on a call and make it happen."
Eric: There's no question Trinity is an amazing organization, Bryan. You've built a great team within your organization. You're definitely building a brand around what you do and the unique flavor Trinity brings to the market. KLDiscovery and Nebula are happy to be a part of that and to support in any way possible. For me personally, the objective is always to educate. Whether it's through thought leadership, consulting with clients or partners, really being able to bring value each day. Then, that day's been a win for me, and the relationship building is a key component of that. I want to thank Trinity for your partnership, and Bryan, for your personal efforts and the opportunities to have these conversations.
There's a lot of great stuff happening with Nebula, as you know. Nebula as a platform has grown 100%+ year over year and just continues, so we're really excited about what the near, mid, and long-term future for Nebula is, and that's going to benefit all of us in the long run.
Bryan: Correct. Well, Eric, thank you so much. It was great talking to you, and I know we will be talking again soon.