By Jason Beatty, Chief Technology Officer
Most legal collaboration still hasn't moved beyond email and an occasional shared drive. For companies, this presents a weak security profile; confidential work product ends up in many places outside of the client's boundary and control.
Cloud collaboration on Joinder gives companies control over the security of their work product. Protecting this information is the most important deliverable for the Joinder team. Our commitment to your security is reflected by our architecture, design, coding and operations.
We embrace a ‘Security by Design’ approach which begins with our architecture. All data is encrypted both in transit and at rest. Files stored on the system are encrypted with a separate key for each file so data cannot be directly read by either internal or external users. Services use least privileges to reduce the attack surface along with advanced WAF, GuardDuty, OSSec monitoring. All application requests require strong OpenID Connect authentication and authorization with requests requiring user rights for every bit of data. We use multiple levels of checks in the software from application level security checks, to user permissions and Row-Level Security on the database level to prevent inappropriate access to data internally as well as externally. We ensure that only company owned machines using VPNs are permitted access to our systems and all company devices implement full-disk encryption. For customers that want additional security we provide private single tenancy clients which can support IP restriction and/or a required VPN.
Security runs through our design as human factors pose some of the greatest risk to information security. We strive to design Joinder’s user experience to prevent the risk of inadvertent sharing: requiring extra confirmation when you share outside of your organization; showing you at a glance who has access to files and tasks; and giving you detailed permission controls at every level for every person and object. We give you the tools and protections to ensure that you control your data as Joinder streamlines your workflow and collaboration.
Secure is how we code as we adhere to OWASP standards and best practices for our software development and testing lifecycles. We use pair coding and weekly code reviews to keep the team engaged and aligned. Our code is audited by a 3rd party security team quarterly and our application pen tested for exploits. We incorporate secure coding standards into all life cycle stages of our application development process.
Security is core to Joinder operations. Maintaining SOC2 guidelines touches every part of our team and operations. All employees are vetted with multiple interviews, background checks and security training. We internally host our analytics and help-desk software to ensure that everything stays in our secure, encrypted cloud. Backups and disaster recovery are part of our culture as are quarterly fire drills and incident playbooks.
Keeping your data secure not only takes a commitment of time and money, but also an architecture and culture of security. Learn more (and set up a live briefing with our security team) at https://www.joinderapp.com/trust.