Security

Architecture

Tenant Isolation

Tenant isolation means that all customer data is contained within a logically separated part of the system, even though such data shares the same IT infrastructure. This means that the actions of one customer (or tenant) can’t affect another customer, and that there is no crossover of data between customers. In Laserfiche Cloud, all customer data is further protected by using a Virtual Private Cloud, or VPC.

Access logs and system event logs, which do not contain regulated data such as user-created metadata or files, are stored and secured on a central log server and retained for one year.

Network

Firewalls analyze the data and packets routed to Laserfiche Cloud. Every quarter, Laserfiche performs an external vulnerability scan of the firewalls, as well as a configuration assessment.

Encryption

At Rest:

Laserfiche uses AES-256 encryption to encrypt data at rest, including disk storage, backup snapshot, and log and configuration files.

In Transit:

To protect security of data in transit, all connections over the Internet to Laserfiche Cloud must use a connection encrypted using HTTPS over TLS 1.2+. Requests over unencrypted HTTP will be automatically redirected to the equivalent HTTPS endpoint.

Application

When planning security-critical components, Laserfiche uses threat modeling to drive the design of secure systems. All modules and services hosted on Laserfiche Cloud use Failure Mode and Effects Analysis to assess threats.

Operational Practices

Data Access

All customer data is subject to strict confidentially and security policies, with multiple safeguards to prevent unauthorized access. Customer data is stored in dedicated databases and virtual disk volumes and is encrypted (see Architecture, above). Data access attempts are logged and security alerts generated in real time when users attempt to bypass access control mechanisms. Only infrastructure personnel who need access to the production environment for upgrades and maintenance have that access; other employees and contractors are never granted privileged access.

Laserfiche follows the principle of least privilege in securing user data, using minimum privileges at the operating system level, per-service roles, and per-machine roles.

Support Access

As a user, you can grant controlled access to your data to technical support personnel by giving them access to a virtual user account, and then granting them permissions. Customers can grant as few or as many permissions as they want to support personnel, depending on the access needed. Administrative-level accounts used to manage the host operating system and databases are denied read access to customer document and file data, and attempts to bypass this generate security alerts. Laserfiche requires written permission from an authorized person at the customer organization to access customer data.

Change Management

Laserfiche follows a formally-defined change management process. All changes are centrally coordinated, tested, reviewed, and approved before being released into a production environment, and must be approved by a Change Control Board.

Training and Awareness

Training Laserfiche employees is vital to designing and maintaining a secure system. All employees receive annual security awareness training, and members of Laserfiche Development, Support, and Operations teams also receive training on secure software development and testing principles, and those working on Laserfiche Cloud infrastructure teams receive additional training. In addition, all employees must agree to the information security policy and other security policies listed in the employee handbook.

Customer Exit Procedure

When a contract between Laserfiche and a Laserfiche Cloud customer ends, whether due to missed payments, cancellation, or end of an evaluation period, the customer will no longer be able to access their data using Cloud.  All information will be purged from the system within 30 days of contract completion.

Customers may request in writing that their data be permanently deleted, either at the time of cancellation or later. After verifying the authenticity of the request, Laserfiche will permanently delete all customer data and backups.

Security Processes

Detective Controls

Laserfiche uses several types of detective controls to monitor for potential issues, including daily security alert reviews, backup checks, privileged access review to verify that access is appropriate and that ultimately access is removed when no longer needed, and independent review of privileged access by those with no access to the system themselves.

Security Incident Management

If a security incident is detected, a security response team will put into action a security incident response plan. This involves coordinating a containment process, gathering information, identifying affected hosts and services, determining the scope and impact of the issue, identifying the attack vector, eradicating the threat, and providing a report to Laserfiche management of the incident. This process is documented in a security incident response plan that is reviewed at least annually.

Vulnerability Management

Laserfiche uses a central logging server for customer systems to capture information about system and service access. These systems generate real-time alerts which are reviewed daily.

A host-based intrusion detection system installed on all hosts monitors firewall activity, network services, and other subsystems for threat indicators and suspicious activity. Any alerts are reviewed daily.

On a quarterly basis, Laserfiche performs a comprehensive vulnerability scan of all systems running in Laserfiche Cloud hosting environments. Any issues found are fixed through patching, upgrades, and or configuration changes deployed using the standard change management process. Laserfiche also uses a third-party vendor to continually run dynamic vulnerability scans of Cloud web applications to detect issues, which are tracked, investigated, fixed, and deployed within 30 days of identification.

Product Security

Product Security Testing

In addition to extensive internal security testing performed in-house with every release, Laserfiche uses a third-party vendor to perform external penetration testing of Laserfiche Cloud. Laserfiche provides objectives designed to find weaknesses that could be exploited. This testing, which follows industry-standard guidelines for penetration testing, includes gathering information about threat vectors, mapping targets to potential threat vectors, and identifying known vulnerabilities.

The penetration testing report is classified with the most restrictive data classification, available only to senior staff members responsible for security design. This information is used to address possible vulnerabilities.

Software Development

Service architecture code undergoes code review and quality assurance testing before every release. Laserfiche uses both static code and run-time code analysis to identify possible defects and security vulnerabilities, which are tracked and resolved prior to release.

Laserfiche tests changes to Laserfiche Cloud in an isolated test environment before being deployed. Impacts of each change are assessed and documented before deployment, and we communicate changes with visible user impact prior to deployment.

Shared Responsibility

User Access

Ultimately, security is a collaboration between Laserfiche and our customers. Laserfiche security greatly assists in protecting the data and systems from outside attack. Administrators at customer organizations can use security settings internal to the Laserfiche Cloud system to control access to the documents, metadata, and processes. Administrative users at the customer organization can also control which of their users can access what information in the repository, create or modify processes, and otherwise work with the system. Laserfiche supports this with powerful, granular security tools, and the ability to limit who can access the system. Laserfiche Cloud supports various authentication methods, including a username and password, single sign-on capabilities, and multi-factor authentication.

Upcoming

User provisioning and de-provisioning

Create, update and delete user accounts across applications and systems.

System for cross-domain identity management support for Laserfiche Cloud

Automate the creation, maintenance and deletion of user accounts to reduce the cost and complexity of user management operations and improve security.

Ready to transform the way you work?