SECURITY AND DATA REDUNDANCY. A White Paper

Similar documents
Information Security at Veritext Protecting Your Data

Cloud Security Whitepaper

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Safeguarding Cardholder Account Data

How Secured2 Uses Beyond Encryption Security to Protect Your Data

The secure remote support, remote access and online meeting software that the world relies on.

A company built on security

How to Build a Culture of Security

The Security Behind Sticky Password

How to Stay Safe on Public Wi-Fi Networks

Xerox FreeFlow Print Server. Security White Paper. Secure solutions. for you and your customers

BEYOND CJIS: ENHANCED SECURITY, NOT JUST COMPLIANCE

Contents. Is Rumpus Secure? 2. Use Care When Creating User Accounts 2. Managing Passwords 3. Watch Out For Symbolic Links 4. Deploy A Firewall 5

The following security and privacy-related audits and certifications are applicable to the Lime Services:

SECURING YOUR BUSINESS INFRASTRUCTURE Today s Security Challenges & What You Can Do About Them

BEST PRACTICES FOR PERSONAL Security

Best Practices in Securing a Multicloud World

GLOBAL PAYMENTS AND CASH MANAGEMENT. Security

A HOLISTIC APPROACH TO IDENTITY AND AUTHENTICATION. Establish Create Use Manage

Your Data Demands More NETAPP ENABLES YOU TO LEVERAGE YOUR DATA & COMPUTE FROM ANYWHERE

Village Software. Security Assessment Report

Integrated Access Management Solutions. Access Televentures

Cloud FastPath: Highly Secure Data Transfer

RADIAN6 SECURITY, PRIVACY, AND ARCHITECTURE

HIPAA / HITECH Overview of Capabilities and Protected Health Information

CTS performs nightly backups of the Church360 production databases and retains these backups for one month.

Oracle Eloqua HIPAA Advanced Data Security Add-on Cloud Service

AWS continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.

VSP16. Venafi Security Professional 16 Course 04 April 2016

Cloud-Based Data Security

Securing Amazon Web Services (AWS) EC2 Instances with Dome9. A Whitepaper by Dome9 Security, Ltd.

For Australia January 2018

HIPAA COMPLIANCE AND DATA PROTECTION Page 1

Administrator s Guide

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

5 Must-Have Magento Security Plugins

Device Discovery for Vulnerability Assessment: Automating the Handoff

FAQ: Privacy, Security, and Data Protection at Libraries

For USA & Europe January 2018

AN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP

Best Practices Guide to Electronic Banking

Duo Travel Guide. duo.com

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Security Overview. Technical Whitepaper. Secure by design. End to end security. N-tier Application Architecture. Data encryption. User authentication

HOW SNOWFLAKE SETS THE STANDARD WHITEPAPER

WHITEPAPER. MemSQL Enterprise Feature List

THE TRUTH ABOUT CLOUD SECURITY. It s More Secure Than You Think

Guide: HIPPA Compliance. Corporate HIPAA Compliance Guide. Privacy, productivity and remote access. gotomypc.com

General Data Protection Regulation

Xerox Audio Documents App

Contents. SSL-Based Services: HTTPS and FTPS 2. Generating A Certificate 2. Creating A Self-Signed Certificate 3. Obtaining A Signed Certificate 4

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2

Enterprise Mobile Management (EMM) Policies

QUICK START USER S GUIDE

InterCall Virtual Environments and Webcasting

What can the OnBase Cloud do for you? lbmctech.com

TB+ 1.5 Billion+ The OnBase Cloud by Hyland 600,000,000+ content stored. pages stored

10 Hidden IT Risks That Might Threaten Your Business

Your security on click Jobs

SECURITY ON PUBLIC WI-FI New Zealand. A guide to help you stay safe online while using public Wi-Fi

Cyber Security Hardening Guide

WHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution

SECURE DATA EXCHANGE

Data Loss Prevention Whitepaper. When Mobile Device Management Isn t Enough. Your Device Here. Good supports hundreds of devices.

VSP18 Venafi Security Professional

Pulseway Security White Paper

Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003

Automate sharing. Empower users. Retain control. Utilizes our purposebuilt cloud, not public shared clouds

The Lighthouse Case Management System

Google Identity Services for work

SIEMLESS THREAT DETECTION FOR AWS

Protect Your Application with Secure Coding Practices. Barrie Dempster & Jason Foy JAM306 February 6, 2013

Projectplace: A Secure Project Collaboration Solution

MaintMaster Technical White Paper

Keys to a more secure data environment

Simple and Powerful Security for PCI DSS

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk

(1) Top Page. Before Using GCMS Plus. Chapter3. Top Page. Top Page is the initial screen displayed after you log in. My Menu

WHITEPAPER. Security overview. podio.com

One-Time PIN. User Guide

SECURITY STRATEGY & POLICIES. Understanding How Swift Digital Protects Your Data

SECURITY THAT FOLLOWS YOUR FILES ANYWHERE

epldt Web Builder Security March 2017

Here is a screenshot of the log in screen you will see at the above address:

Compliant. Secure. Dependable.

Get the most from your Health Savings Account. Your guide to your HSA and online account access

INTRO TO AWS: SECURITY

Security Specification

THE DEFINITIVE GUIDE TO BACKUP FOR OFFICE 365

HIPAA COMPLIANCE AND

MD-HQ Utilizes Atlantic.Net s Private Cloud Solutions to Realize Tremendous Growth

Google Cloud & the General Data Protection Regulation (GDPR)

Guardium UI Login using a Smart card

6 Tips to Find the Right Colocation Center for You

Top. Reasons Legal Teams Select kiteworks by Accellion

Awareness Technologies Systems Security. PHONE: (888)

PCI DSS Compliance. White Paper Parallels Remote Application Server

6 Ways Office 365 Keeps Your and Business Secure

Security Information & Policies

Transcription:

SECURITY AND DATA REDUNDANCY A White Paper

Security and Data Redundancy Whitepaper 2 At MyCase, Security is Our Top Priority. Here at MyCase, we understand how important it is to keep our customer s data secure. Dealing with privileged case information isn t a responsibility that we take lightly. Everything we do is built with security in mind. It s the fundamental base that we always use as the starting point for any task. We understand that our customers may be nervous about moving their data to the cloud. It s a new and exciting field, but with that brings a fear of the unknown. Can you really trust an Internet company to protect your data? How secure is cloud based storage? What s being done to protect my data? In this whitepaper, we provide an overview of how we address the security and redundancy of your data. It s our goal to put your mind at ease. Yes, you can trust us with your data. Yes, we re as concerned about security as you are. And yes, we re on top of it - the field is always evolving, and you can be confident that we ll be evolving with it, protecting you every step of the way.

Security and Data Redundancy Whitepaper 3 A Brief Overview of Our Security Policies PHYSICAL SECURITY STATE OF THE ART ENCRYPTION DATA REDUNDANCY MyCase runs on Amazon EC2 cloud servers. All sensitive information is encrypted by MyCase before it s written to disk. Data is backed up using Amazon S3 storage, providing 99.999999999% durability. Amazon facilities are nondescript locations protected by military grade perimiters. We use 128-bit SSL encryption for data transmission and 256-bit AES encryption when storing data. The entire MyCase database is continuously backed up and can be restored to any point in time within a 5 minute window. Physical access is strictly controlled by two factor authentication and 24 hour security escorts. Unique keys are generated for every individual document, providing an additional layer of security with at rest encryption. Documents are backed up to a separate AWS region, providing additional redundancy in case of catastrophic failure. Amazon s Cloud Computing Platform MyCase is built on top of Amazon s EC2 cloud computing platform (yes, the same Amazon that you use when shopping online). They ve got over a decade of experience on running online servers and data centers, so you know you can trust them to be at the leading edge of online service technology. Amazon has strict procedures in place to protect the physical security of their servers, as well as protecting the integrity of the data they store. By building on their platform, we gain the benefit of all of their experience and knowledge. We re not just running on a server in some kid s basement - this is the best of the best when it comes to hosting your cloud-based service.

Security and Data Redundancy Whitepaper 4 Amazon has received a number of certifications for their servers. In addition, HIPAA compliant websites have been built on top of the Amazon cloud platform (you know if a website can pass through all of the health care regulations, there isn t much else that it couldn t handle!) Compare that to other companies that host their own servers - how reliable are their facilities? Is their data protected? Or think of trying to run your own local IT department - would you even know where to begin on building a secure storage solution? That s why we defer to the experts here. You can read more about Amazon s cloud infrastructure and security at: http://aws.amazon.com/security/. Experience Counts The founding engineer and current architect of MyCase has a background in securing data and servers for the US Department of Defense. He understands the importance of securing data, and has the knowledge to prevent unauthorized access and monitor compliance. With over 10 years of experience in developing commercial websites, he s worked through the evolution of the Internet from the dot-com days and has worked first hand with numerous online services. It s this experience that gives us the confidence that we ve built a secure online platform that you can trust. We re experts in our own right - top performers in our respective industry. This isn t the first time we ve been down this road, and we ve seen and learned a lot along the way. We re constantly monitoring the latest security threats, and evolving and adapting our service to address any concerns.

Security and Data Redundancy Whitepaper 5 State of the Art Encryption MyCase uses two forms of encryption to protect your data. When you connect to our servers, your data is encrypted before transmission using 128-bit SSL connections. This is the same type of secure connection you use when doing online banking, investments, healthcare portals, etc. Encrypting your transmission ensures that nobody can intercept your data along the way, and verifies that you re connected to our servers and not some impostor. After we receive your data, we use 256-bit AES encryption to encrypt your data before storing it to disk. This is the same level of encryption authorized for storage of top secret military information. Anything sensitive is encrypted before storage - client names and addresses, messages, appointment details, etc. This protects your data in the highly unlikely case that someone did manage to steal a physical disk drive from an Amazon facility - all they would get from us is a bunch of jumbled, useless data. In addition, we generate a unique key for every single case document that you upload to MyCase. Those keys are used to encrypt your documents on Amazon s S3 service giving you at rest encryption for your document data. Activity Streams and Audit Logs All the activity in MyCase is logged in your activity stream. You see this information on your dashboard whenever you login to your account. By monitoring your firm s activity stream, you can notice suspicious activity and take steps to prevent it. Is there a client you no longer trust? Suspend his or her MyCase account immediately and they ll no longer be able to login to the website. We also monitor every single unique page access on our server. We store the IP address, date/time, and URL of each request. These audit logs are there for your protection in the unfortunate event that you suspect your account has been compromised. We can review the audit logs and let you know the extent of what was accessed, allowing you to take preventative steps immediately.

Security and Data Redundancy Whitepaper 6 Server Access and Monitoring Our servers are running the open source Linux operating system. Security patches are installed as soon as they are available, making sure that we re always up to date with the latest fixes. Our servers are protected with a firewall so only the necessary information can pass through. Shell access to our servers is restricted by IP address, so remote access to the server is impossible unless you re physically present at the MyCase office. We monitor our server logs on a daily basis, allowing us to quickly resolve any issues. We also run a 24-hour monitoring service that checks the health of the server and alerts us immediately to any changes to files or problems with the website. You can rest assured that your data is safe and our servers are locked down appropriately. Two-Factor Authentication MyCase also offers Two-Factor Authentication. Two-Factor Authentication (or 2FA) is a security feature that makes it extremely difficult for unauthorized users to access your account. Even in the event of your username and password being compromised, 2FA would still prevent someone from gaining access to your confidential data.

Security and Data Redundancy Whitepaper 7 Logging into a web-based software system that does not implement 2FA is a simple, one-step process. All the user has to do is enter the correct username and password, then the entire database of sensitive client information is made available. Conversely, logging into a 2FA system requires an additional login step. After the user inputs a correct username and password combination, they are not immediately logged into the system where data is available. They are instead taken to a second login screen which prompts them to enter their Secure Authentication Key (or SAK). The SAK lives in an app on the user s smartphone. Once the user has been taken to the second login screen and is prompted to enter their SAK, they will take out their smartphone, open the app, and the SAK will be displayed to them. When the correct SAK has been entered, the user will be logged into the system. If the user is unable to enter the correct SAK, they will be locked out of MyCase (even though a correct username and password was entered). What You Can Do to Protect Your Data No matter how many steps we take to secure your data, the most common cause of data loss is based on the human element. It s important that you take steps to secure your own account. Use a strong password (we ll tell you how strong your password is when you change it). Don t use the same password for MyCase that you use for other websites. Don t give your MyCase password to anyone else. Change it frequently. Make sure that other people can t access your e-mail - otherwise they could reset your MyCase password and gain access to your account.

Security and Data Redundancy Whitepaper 8 At any time, if you feel like your account may have been compromised, just contact us immediately. We can freeze access to your firm, locking out all users immediately until we can make sure that everything is safe. Some Final Words... We know it seems like a lot to think about, and we know that security is always our customers top concern. But rest assured that we re working on it. We re always thinking about it and constantly evolving to address new security threats. Compare that to using e-mail to communicate with your client - an unencrypted, insecure platform. Anyone can read your e-mail along the way. There s no auditing and no security controls. Or think about running your own IT department and your own servers... can you really put together a team with more online experience than Amazon? We re always here to help. By working with us and keeping security at the forefront of your mind, we can make sure that your MyCase experience is protected and secure.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback