Friday, May 08, 2015

Building Portals For All Browsers And Office Suites

Just a quick thought that it is important to be sure that functionality one deploys will work on all commonly used browser platforms. And, if one has functionality which allows users to move data into Office programs like Excel, Access or Word, it is important to validate that the functions work in all versions.

And, although this is less of a concern, one also needs to be mindful of some of the "integration pitfalls" between browsers and office platforms. We are, at times, asked to try and figure out why such integration does not work. This often results in our scouring Microsoft, Google Chrome or Firefox support areas to try and determine why downloads don't always start when they should or halt unexpectedly, etc. It often also results in our relying less on this "built-in" functionality and more on interfaces we develop which are browser or office suite independent.

The moral of the story is that, in order to provide excellent client service, one in the legal extranet field needs to be aware of all the issues relating to all the interfaces which are in place when clients attempt to move data from the collaboration platform to their desktop.

Monday, May 04, 2015

Legal Extranet Security

When building a legal extranet system, be sure to keep the following security considerations in mind:


  • Be sure the site is protected by a strong SSL certificate.

  • Be sure you can control who can access different sets of data.

  • Be sure you can control the type of access (enter, edit, delete) you can grant.

  • Be sure grants can be role based or individual based.

  • Be sure grants can vary by data type (case data, calendar data, documents, tasks, etc.)

  • Be sure you enforce an ID and password.

  • Be sure you delete the session cookie when one logs off the system.

  • Be sure you scan all the documents added to the system for virus contamination and/or spyware.

  • Be sure your services are in a hardened data center.

  • Be sure your servers are appropriately patched with the latest security O.S. and database patches.

  • Be sure you have an audit log in place so clients can confirm who is updated what types of data.
  • Be sure you encrypt PII and other sensitive data.