Case Anywhere has followed the National Institute of Standards and Technology (NIST) Cybersecurity Framework as the foundation of its security approach. This approach includes five core functions – Identify, Protect, Detect, Respond and Recover – and is implemented through a multi-tier security scheme ensuring all data and technologies are protected. Case Anywhere is securely hosted in Microsoft Azure and is monitored 24/7 by Azure Security Technology. The security systems and technology used ensure that all five core functions of the NIST Cybersecurity Framework are met aggressively.
User Security:
Secure Socket Layer (SSL): The SSL security protocol is used for establishing a 256-bit encrypted link between the Case Anywhere service and the user’s Internet browser. The online SSL communication ensures that all data transmitted between the end user and the Case Anywhere service remains encrypted.
Multi-Factor Authentication (MFA): When a user works from a new or unknown computer/device, the MFA system requires the user to enter a unique pin sent to them by email. This safeguard helps ensure that only valid users gain access.
Password Policy: Case Anywhere is adhering to the NIST recommendations on passwords and password policy. This protocol is based on the latest research and guidelines for producing the most secure passwords to date.
Password Reset: Users are allowed to reset their password if needed. Each user is assigned a unique identifier at the time of the reset and the system will send the user a time-sensitive reset password link that expires if unused. This reset mechanism allows users to immediately respond to a potential disclosure of their password.
User Data Access: Users can only access data permitted by their profile. Data access is dependent on the user’s username and password and is controlled by Case Anywhere administrators pursuant to established protocols and case-specific restrictions.
Timeout Policy: The session timeout for the Case Anywhere service is 120 minutes. If a user does not interact with the software during this interval, the system ends the session automatically for the user’s protection.
Data Center Security:
Microsoft Azure Security: 24x7x365 Monitoring of Operations, Applications, Storage, Networking, Compute, and Identity. Using best-of-breed tools and analytics, Azure Security Technology will rapidly detect security events and proactively respond to close them.
Datacenter Certifications: A multi-layered approach to securing cloud services and infrastructure meets the strictest industry standards — including ISO 27001, HIPAA, FedRAMP, NIST SP 800-171, SOC 1, and SOC 2.
Threat Intelligence and Security Analytics: Azure offers built in advanced threat detection functionality through services such as Azure Active Directory (Azure AD), Azure Monitor logs, and Azure Security Center. This collection of security services and capabilities provides a holistic view for threat event analysis and proactive response.
Vulnerability Management: Security update management helps protect systems from known vulnerabilities. Azure uses integrated deployment systems to manage the distribution and installation of security updates for Microsoft software. Azure is also able to draw on the resources of the Microsoft Security Response Center (MSRC). The MSRC identifies, monitors, responds to, and resolves security incidents and cloud vulnerabilities around the clock, every day of the year.
Business Continuity and Disaster Recovery: Data and full server images are created daily in the datacenter. These backups can be restored quickly if needed to reinstate Case Anywhere’s production environment. This approach ensures that all data is safe.
Encryption at Rest: The Case Anywhere database and all servers are encrypted at rest. This safeguard reduces data exposure and ensures that all critical data is encrypted until needed.