How Safe Is Your Data?
We understand that Cloud Security is a number one concern for law firms.
Peregrine Cloud are proud to be NetDocuments Certified Partners, and we would not work with any software provider that did not have strong credentials.
For over a decade, NetDocuments has set the standard for world class security, compliance and privacy for documents and emails. All our customers’ digital assets are encrypted and protected in transit and are stored in private regulated datacentres with patented technology.
NetDocuments CTO on Cloud Security
You can view the video in full here.
NetDocuments Cloud Security FAQ
NetDocuments maintains 30 instances of a document on-line, one for every day for the last month. These are called “snapshots”, and they are independent of the document versions. At any time a user may recover from his or her own inadvertent edits.
It is highly unlikely that you can lose files with NetDocuments. Documents under NetDocuments management have a much higher level of integrity and availability than those in existing “on-premises” systems in law firms. NetDocuments deploys sophisticated technology and methodology to ensure the highest level of data integrity.
NetDocuments provides “concurrency control,” avoiding a second user from inadvertently changing the contents of a document while it is being edited by someone else. It politely informs the second user who currently has the document open and when the session started. NetDocuments gives the second user the opportunity to send an immediate message to the active user.
To ensure robustness against network and Internet failures, NetDocuments (unlike other document systems) will always save the document into your Workstation local disk first, then upload it the Global Datacenter, and finally obtain confirmation that the information has positively and definitively arrived in the repository before finishing the transaction. In the eventuality of a connection failure, the document is still available for subsequent and automatic transmission after connectivity is re-established.
NetDocuments ensures upload integrity via “check-sum” technology. When a transmission error does occur, it will resubmit the document. All data transmission is encrypted. Users can also opt for virus scanning service, where contaminated documents will be rejected from NetDocuments.
Once in the datacenter, NetDocuments has a sophisticated world-class mechanism to maintain the integrity of the document via non-repudiation and high availability technologies.
The bottom line is: NetDocuments has undertaken extreme measures and developed world-class technology to ensure that the highest level of integrity for your documents.
The chance of this happening is extremely remote, and in the 10-year history of the NetDocuments service there has never been a security breach incident.
NetDocuments environment is certainly much more secure than the law firm’s own servers. It will not allow unauthorised access to any document.
The repository supports strong authentication policies and specific access control for individuals and/or groups at the document or container level (access control can be set for the folder, ShareSpace, workspace, client, matter, practice group, office, author, or cabinet levels). Ethical walls can be set up, automatically excluding access to individuals or groups for any document, client, matter, or any other profile metadata.
All documents are fully encrypted while in transit. No communications between NetDocuments and the workstation will ever use clear-text. All transmissions use secure SSL (secured socket layer) to encrypt all documents in transit.
We spend significant resources to ensure protection against ourselves. First we capture an “audit trail” of every action performed by our operators in the service. Second we randomise the document locations against a 1.6 million directory structure on disk, to make it practically impossible for someone to locate a specific target file. Third we obfuscate the documents on disk to ensure they cannot be viewed or printed by their native applications.
Next we segregate operators into multiple classes, each with his own access privileges. Those with physical access to the datacentre will not have operating access to the servers, and vice versa. Operators with access to certain service components don’t have access to other critical service modules, ensuring no single person, without collusion with other individuals from potentially separate companies, will be able to locate documents. Of course, if a particular document is found, the information is obfuscated.
Again the bottom line is that a single NetDocuments or LexisNexis IT personnel cannot read your documents, without you specifically giving them access via the regular service.
NetDocuments can segregate a firm’s IT staff into two classes of operators: (1) Repository Managers, and (2) Cabinet Administrators.
Repository Managers can create users, groups, define profiles, create cabinets, delete obsolete cabinets, and perform other critical DMS administrative procedures. They cannot, however, open and read documents. Cabinet Administrators may not be granted the functions described above, but they may have access to documents to help end-users. NetDocuments provides a higher level of security even to your internal administrators than you currently have.
Yes we absolutely do have such privacy and confidentiality policies. We have five levels of data security classification:
Level 1: Public – such as press releases and product brochures
Level 2: Internal Use Only – such as phone directory and policy manuals
Level 3: Confidential – such as customer list and invoices
Level 4: Sensitive – such as software source code and penetration test results
Level 5: Secret – for Customer Digital Files (CDF)
NetDocuments has a technology patent which makes this an impossible scenario. First let’s address the massive database or index corruption. These systems are managed professionally by the best engineers who created such systems, and the likelihood of such corruption is extremely remote. Second in each of our two datacentres, we have at least 30 on-line daily instances of our database and index, to ensure we can recover in the remote likelihood of this eventuality.
Now, let’s accept your assumption that the database and the index are fully corrupted and the access control is such that the Service tells a server to deliver a document to an unauthorised user. Our patent will actually detect such a scenario and block the document delivery.
This technology patent physically “binds” a document and its access control into the same file. Even if massive corruption at the database or index were possible, the physical files still maintains the access control and ethical walls associated with that document. NetDocuments technology will always perform a last and final check when “un-obfuscating” the document to verify the permission of the user. Even if the Service mandates a delivery to a particular user, if the internal permission list bound into the file does not match the mandate, the Service will block the unauthorised delivery.
The bottom line is, NetDocuments has never delivered a document to an unauthorised user, and the possibility of this happening is very remote, even in the remote eventuality of a massive database and index corruption. It is certainly much more secure than any “on-premises” document service deployed by law firms.
Historically, we have had 99.995% service availability, excluding scheduled down times. There are two world-class datacentres for NetDocuments, one in the East managed by LexisNexis, and one in the West managed by a federally regulated commercial bank. These centres are managed 365x24x7 by a combined staff of 700 full-time IT experts, and equipped with fully redundant ISPs, networks, servers, storage, power & cooling, and security infrastructure. Data are replicated automatically between the two datacentres, with the ability of each facility to service 100% of the processing loads. In addition to the two world-class datacentres, we backup critical data off-site into a Granite Mountain Vault, an atomic-bomb, earthquake, and flood resistant facility considered to be the safest place on the planet against man-made and natural disasters.
We recommend that the firm acquire two independent Internet connections for high-availability. However, even in the eventuality of Internet down time, users can continue editing existing documents or creating new ones through the NetDocuments workstation echoing technology. Each workstation is capable of echoing any and all documents opened in the last few months (determined by the firm administrator), making them available for future caching or business continuity.
The bottom line is, your documents will be much more available via NetDocuments than through your existing document systems.
No one has ever hacked into NetDocuments. Every precaution has been put in place, including dual firewalls, intrusion prevention, regular vulnerability and penetration tests, server security hardening, Ernst & Young certifications, and audits by Bank regulatory agencies such as the Office of the Currency and Comptroller, Federal Reserve System, etc.
In order for someone to hack into the system they would need to do the following: (1) break into the atrium firewall, (2) by-pass the intrusion prevention system, (3) penetrate the Unix encryption hardware, (4) break into the Windows 2003 and Microsoft IIS security, (5) break into the DMZ firewall, (6) compromise the NetWare system, (7) decrypt the NDS secret store, (8) hack into the storage server security, (9) correctly guess a randomised number between 1 and 1.6 million, and (10) do this fast enough to avoid detection by the security monitoring personnel.
We provide an optional Local Document Server, which will store all your documents locally in your datacentre.
This will give you the peace of mind of knowing you have physical possession of all your documents at a site of your choice.
For added peace of mind, we will also store your documents in extremely secure world-class datacentres, for business continuity purposes, at the LexisNexis facility, and in a commercial Bank datacentre.
We will make it extremely easy for you to “turn on” our services, but we will make it also extremely easy for you to move on to another document system.
In the Local Document Server you will have every one of your documents in native mode, organised into windows folders such as office, author, client, and matter. You will also find an XML file next to each document, containing the profile metadata and access control list. Your IT staff or consultants will be able to quickly upload the documents and profile data into any other DMS system you wish, even without consulting NetDocuments.
You will continue to manage and administer your own data. The creation of users, user groups, document profile data, mass changes, cabinet and workspace creation, policies for security and record retention, and all other administration tasks will be controlled by your staff.
NetDocuments will relieve you from managing and maintaining servers, updating operating systems, updating document services software, capacity planning, security enforcement, and other trivial tasks.