The security of eLuminate, our web-based client management system, is our top priority and something we take very seriously. To ensure utmost protection, eLuminate is protected through multiple layers of security.
All users accessing an eLuminate account must go through an authentication process. Additionally, different privileges can be assigned to different user roles to further protect data for authenticated users.
All files accessible in eLuminate are stored on the cloud. We also maintain at least two recent backups of all eLuminate data in the event of a hardware failure or for integrity checking. We do not offer the option of storing files accessible within eLuminate locally.
We are able to monitor and track activities on our server through our host-based intrusion detection system (HIDS). This system monitors all aspects of our server including system activity with file integrity monitoring, log monitoring, rootcheck and process monitoring. If something suspicious is detected, we are promptly alerted for further investigation.
Data during Transmission
We utilize a secure connection when passing data between an internet browser and our server. Through a secure socket layer (SSL) certificate data during transmission is encoded with 128-bit Advanced Encryption Standard (AES) encryption.
Data at Rest
Custom fields for leads, contacts, matters and tasks are encoded with 128-bit AES encryption during rest and uploaded and generated documents are encoded with 256-bit AES encryption during rest. The default fields First Name, Last Name, Phone, Alternate Phone, Email, DOB, Address, City, State, Zip and Case Description are not encrypted.
To protect our server against attacks and exploits we utilize an intrusion prevention system (IPS). The firewall uses a combination of static rule based policies (allow/deny an address), connection based stateful policies (allow/deny packets based on connection type) and sanity based policies (detect malicious traffic patterns). Since an IPS focuses on the network and transport layers, we utilize a web application firewall (WAF) to prevent attacks that are undetected. The web application firewall protects custom web applications against vulnerabilities such as cross-site scripting (XSS) and code injection.
We do not host the files or data of eLuminate internally. The website of our hosting company, InMotion Hosting, states "Our data centers are some of the most secure places on earth with armed guards, hand scanners and locked vaults – just like stuff you see in sci-fi movies.” http://www.inmotionhosting.com/about-us
Our server is held to the requirements of Payment Card Industry Data Security Standard (PCI) compliance and is scanned for vulnerabilities on a regular basis. The scan checks for open ports that could be a potential target, outdated versions of software, insecure web applications and misconfigured networks.
Hopefully, the above gives a solid overview of the security measures we have taken to safeguard eLuminate. We are happy to answer any other questions related to the security of eLuminate. For more information please fill out the form on the left side of this page or call us at 617.800.0089.