Legal

Tech Tips

Building Data Security Step-by-Step

Best Practices from the Applied Discovery Experts on Protecting Client Data

Al Cushon, Vice President, Product Operations

As the Internet continues to impact more and more areas of our lives, controlling data security continues to be at the top of everyone’s list of concerns. To build a secure Internet application, a company must take a holistic and security-centric approach to application design and product operations. The building blocks of a complete and mature security posture are based on an organization’s ability to take proactive steps to manage risk associated with the physical environment, electronic data, authorized personnel, systems design, and policies and procedures that are conducive to security. To ensure the imperviousness of data security each of these components must be adequately addressed.  

Physical Security 
Implementing extensive electronic security measures is useless unless a stable physical security foundation has first been established. After all, if an intruder can get access to a computer and, with a few keystrokes, retrieve any desired data directly from the source, electronic security measures are pointless. In the physical security arena Applied Discovery employs a 24/7 professional security staff, biometric scanners to restrict physical access, video surveillance for auditing, and traditional methods to ensure physical security. To further bolster our physical security posture, Applied Discovery limits which employees have physical access to its data center. After establishing the physical safeguards of the facility, the next line of defense is electronic security.  

Firewalls 
Redundant firewalls are central to our electronic security measures and prevent unauthorized access to client data. These firewalls act as gatekeepers and allow only safe and authorized traffic to and from servers. To ensure that customer data is safe while in transit, all communications between client browsers and servers is encrypted using 128 bit SSL certificates—meaning the data is translated into a form that is unintelligible to anyone who intercepts traffic destined for the Applied Discovery firewalls. Once the communications have been decrypted at the firewalls, a network intrusion detection system continuously monitors the production facilities and corporate network and scans for malicious traffic. To protect our customers from known vulnerabilities, each individual server receives a vulnerability check before being made available for public use. Additionally, third party information security professionals run quarterly vulnerability scans against our servers to protect against the ever-growing list of security exploits. Lastly, Applied Discovery scans all incoming data for viruses and periodically checks virus signatures which have been updated daily. Even with the best electronic security measures in place, a company must be still more diligent and uncompromising about the integrity of its people. 

Personnel 
Prior to being hired, each Applied Discovery employee must successfully pass a background check. While the vast majority of the employees probably will never directly handle customer data, this step helps to ensure the authenticity and integrity of our employees. The Applied Discovery security staff includes CISSP-, CCSE- and MCSE-certified full time employees with over 75 years of combined experience in the information security field.  

Application Development 
The security of our physical environment, electronic data, and personnel serve as an outstanding foundation for the actual application that our customers interface with. Applied Discovery’s development organization considers all of these elements and works closely with the people who actually operate the product to ensure that both our environment and our application provide our clients with an exemplary model of safe, secure operation. During the application design phase our development organization performs security reviews of the programming completed by our design team to make sure that our newest features operate securely.  

Auditing 
At Applied Discovery, we typically go through three to four major security audits per year. These include rigorous third-party code reviews and physical data center audits. We also invite current and potential clients to audit and review our physical and network security as well as tour our facilities.  

Policies and Procedures 
The final element of security—policies and procedures—may be the most important piece of all. Even with all other building blocks of security firmly established, an organization’s data security can quickly be compromised due to poor or non-existent policies and procedures. At Applied Discovery, we understand the importance of keeping our clients’ data isolated and secure. When we initially receive a customer’s data in our offices we begin by handling that data with the same care we give our own. All incoming media is bar coded, inventoried and entered into a custody log before being stored in our secure vault. All client media is contained in a matter-specific receptacle and stored in a cardkey-secured vault accessible only by authorized Applied Discovery personnel. Client media goes directly into the vault upon receipt at our facility and does not leave the vault unless it is being shipped back to the client or elsewhere upon client request.

Security will continue to be a challenge for the foreseeable future and Applied Discovery has risen to the challenge on all fronts. From physical security of the facility, to electronic measures, staffing, and application design and policies, we take the protection and security of our data—and yours—very seriously. As a result, our clients experience the benefits of the most efficient, advanced data processing, enabling them to “move up” to a new level of confidence.

^ Return to top

Author Bio:

Al Cushon is responsible for the technical operations of the company, including application design, system design, network design, hardware acquisition, and overall system maintenance. Mr. Cushon has more than 15 years of leadership experience and 20 years of computer experience in both the military and private sectors. He earned his B.S. in computer science and electrical engineering from the United States Military Academy at West Point .