Exterro's trends and predictions for 2023

Corporate digital forensics are proving harder to carry out with a remote workforce.

When performing a covert investigation, for instance, to detect if a user has been stealing intellectual property, it’s no longer a case of physically borrowing that laptop. Security teams now need to obtain remote access to that device and to scan and image it. By centralising the data it can be analysed by a designated expert or segmented and sent to multiple teams all of whom may also be working remotely. Advances in workflow automation are helping corporations adapt to the new normal by reducing the dead time associated with processing in this way with workflows that collect, review, and extract non-relevant data before assigning for review.

Mark Hasted, Senior Engineer, Exterro

The move to take legal processes in-house will continue apace driven by both technological advances and the need to conserve spend in an increasingly cash-strapped economy.

Many organisations are looking to slash their external review or DSAR fulfilment costs associated with data protection regulations which run into thousands when external counsel is used. It makes much more sense to bring such processes inhouse where they can be carried out using automated legal GRC software by non-legal team such as HR. The drive to bring more legal processes inhouse will also see demand intensify for solutions that prioritise the user experience (UX) and make legal processes less opaque. Platforms that offer a single user interface and visual dashboards will gain the edge over competitor solutions because they will minimise the need to train non-legal users on how to access this data. At the same time, we’re seeing the need for more checks and balances to be built into the technology to ensure data is shared correctly over international boundaries, with any potential violations flagged to team leader or administrator. This is making it much easier for organisations to streamline their data processing across multiple jurisdictions. 

Mark Hasted, Senior Engineer, Exterro

Expect to see growth in Centralised Privacy or Privacy-by-Design over the next few quarters.

Now that more and more of the world has adopted privacy legislation, consumers are pushing for a better privacy experience. This will compel businesses who wish to gain ground to prioritise privacy. We believe that most organisations that have extensive customer facing touchpoints - be that websites or applications – will therefore need to become more proactive and to bake privacy into their service offering.

Nick Rich, Director, Sales, Exterro

We’re on the cusp of a super cycle regarding GDPR.

The regulations came into force in 2018 so next year will see many of the solutions originally put in place amortised at the end of a five-year lifecycle. That software has outlived its usefulness and the data mountain has grown under the feet of the business. Many of those that went through that first wave are saying, ‘Yes, we did it, but the process was quite manual and painful to achieve, so let’s do it properly this time round using automation’. The overwhelming impetus for the government will be stay aligned to EU GDPR so as not to risk its position with respect to data adequacy. Light changes may be made but the fundamental principles will remain intact because otherwise the government risks providing the EU with ammunition over which to contest our adherence to the adequacy requirements. There’s no political will to diverge from the core precepts of GDPR so companies can expect little disruption to their current approaches to compliance.

Nick Rich, Director, Sales, Exterro

There’s been massive growth in DSARs 

As consumers are exercising their muscle to find out the data held on them by data processors but we’re also increasingly seeing these weaponised. The increase in DSAR activity has caught many businesses unawares. For example, when an employee leaves, if they request a DSAR this can prove almost impossible to fulfil for HR. They have to use e-discovery to track down touchpoint, every conversation and document attributed to that individual. Most companies don’t have an automated DSAR solution so fulfilling that request can present a massive challenge. Often, they don’t realise the work involved until it happens and then, unable to fulfil the request, it inevitably turns into a negotiating round with the subject. Armed with an e-discovery solution, they can discover all the data sources, connect to every third-party solution and identify files with that PII, redact the data and present It back to the subject.

 Miles Clee, Regional VP of Sales, Europe, Exterro

Digital Forensics now permeates every part of policing with evidence trawled from devices from suspects, victims and witnesses alike.

It’s no longer a small specialist unit providing output to another specialist unit but has become the ‘bread and butter’. What hasn’t changed as quickly is the budget allocation to reflect its pervasiveness. At the present time, there’s no coordinated process, with each force handling it differently with different forms, hardware and software. This limits functionality, prevents efficiency and increases the cost to the taxpayer. So, a more national standard of processing and data review would provide a more cost effective and efficient service. Police forces who invested in their infrastructure pre-Covid are now faced with needing to do so again to cope with rising data volumes. Do they do that amid spiralling costs or move to the cloud? They recognise the value of being able to review their data from anywhere without the geographical constraints of getting data to the DFU, can see the advantages of more powerful processing and moving from a CapEx to a subscription model but are unsure of how to do so.  The overarching concern for the police has been how to store data in a legally defensible manner but with the storage of sensitive evidence in the cloud having been validated during the West Midlands Police digital forensics project, next year should see the way clear for forces to move their digital forensics from on prem in a bid to reduce outlays and control costs through scalability.

Jon Cook, International Training Instructor, & Adam Firman, International Instructor, Exterro