Monday, May 04, 2015

Legal Extranet Security

When building a legal extranet system, be sure to keep the following security considerations in mind:

  • Be sure the site is protected by a strong SSL certificate.

  • Be sure you can control who can access different sets of data.

  • Be sure you can control the type of access (enter, edit, delete) you can grant.

  • Be sure grants can be role based or individual based.

  • Be sure grants can vary by data type (case data, calendar data, documents, tasks, etc.)

  • Be sure you enforce an ID and password.

  • Be sure you delete the session cookie when one logs off the system.

  • Be sure you scan all the documents added to the system for virus contamination and/or spyware.

  • Be sure your services are in a hardened data center.

  • Be sure your servers are appropriately patched with the latest security O.S. and database patches.

  • Be sure you have an audit log in place so clients can confirm who is updated what types of data.
  • Be sure you encrypt PII and other sensitive data.