Case Anywhere has followed the National Institute of Standards and Technology (NIST) Cybersecurity Framework as the foundation of its security approach. This approach includes five core functions – Identify, Protect, Detect, Respond and Recover – and is implemented through a multi-tier security scheme ensuring all data and technologies are protected. Case Anywhere is securely hosted in the Rackspace Datacenter and is monitored 24/7 by the Rackspace Security Operations Center (SOC). The security systems and technology used ensure that all five core functions of the NIST Cybersecurity Framework are met aggressively.
Secure Socket Layer (SSL): The SSL security protocol is used for establishing a 256-bit encrypted link between the Case Anywhere service and the user’s Internet browser. The online SSL communication ensures that all data transmitted between the end user and the Case Anywhere service remains encrypted.
Multi-Factor Authentication (MFA): When a user works from a new or unknown computer/device, the MFA system requires the user to enter a unique pin sent to them by email. This safeguard helps ensure that only valid users gain access.
Password Policy: Case Anywhere is adhering to the NIST recommendations on passwords and password policy. This protocol is based on the latest research and guidelines for producing the most secure passwords to date.
Password Reset: Users are allowed to reset their password if needed. Each user is assigned a unique identifier at the time of the reset and the system will send the user a time-sensitive reset password link that expires if unused. This reset mechanism allows users to immediately respond to a potential disclosure of their password.
User Data Access: Users can only access data permitted by their profile. Data access is dependent on the user’s username and password and is controlled by Case Anywhere administrators pursuant to established protocols and case-specific restrictions.
Timeout Policy: The session timeout for the Case Anywhere service is 120 minutes. If a user does not interact with the software during this interval, the system ends the session automatically for the user’s protection.
Data Center Security:
Security Operations Center (SOC): 24x7x365 Security Operations Center (SOC) is staffed by experienced GCIA- and GCIH-certified security analysts that monitor the Case Anywhere infrastructure. Using best-of-breed tools and analytics, these experts will rapidly detect security events and proactively respond to close them.
Datacenter Certifications: A multi-layered approach to securing cloud services and infrastructure meets the strictest industry standards — including ISO 27002 and 27001; PCI-DSS, SSAE16; SOC 1, 2, and 3; Privacy Shield and Content Protection; and Security Standard requirements.
Threat Intelligence and Security Analytics: Ingestion of monitored environment activity and alert and event data, all logged into a single platform, enables a holistic view for threat event analysis and proactive response.
Vulnerability Management: Scanning and agent technologies are utilized by the Security Operations Center (SOC) to respond to threats. Internal scans are conducted on the Case Anywhere infrastructure in real-time.
Business Continuity and Disaster Recovery: Data and full server images are created daily in the datacenter. These backups can be restored quickly if needed to reinstate Case Anywhere’s production environment. Production data and server images are also replicated to another distant datacenter to create regional redundancy. This approach ensures that all data is safe. If the primary data center becomes non-operational, Case Anywhere’s production capabilities can be quickly restored at its backup location.
Encryption at Rest: The Case Anywhere database is encrypted at rest. This safeguard reduces data exposure and ensures that all critical data is encrypted until needed.