Keeping customer data safe and secure is of fundamental importance to Litera and one of our most critical responsibilities. This security FAQ table outlines our risk-based approach to security and data privacy for Litera CAM.
Based on your specific licensing plan and features used, CAM can store the following data:
Folder Structure (name description) but no documents
First and Last Name
Created and Last Modified Date
Company, Department, Title, Office
Post Code, City, Email address and secondary email
*This data stored depends on the configuration and licensing of the firm, and your stored data may be a subset of this.
Name Email Address Email
Practice Area, Department, Sub Practice Area, Matter Type, and Sub Type
The above plus:
CAM can sync the following metadata which are all configurable. A customer can control which data are synced.
Systems: iManage, NetDocuments, Office 365, FileShare, and others
Workspace metadata and structure
Document metadata including audit and security information ( no actual document content)
Folder structure and related metadata
Site, Teams, Channel folder information and metadata
Project and documents metadata and structure
Where is the data stored?
Litera CAM is a cloud-hosted multi-tenant application. The Litera CAM application is hosted in remote AWS (Amazon Web Services) data centers with industry-leading resiliency to prevent data destruction and access disruptions, while promoting rapid scalability and recovery. Data and files are hosted in segregated AWS S3 buckets, Dynamo DB, ElasticSearch, and Aurora DB dedicated to each customer.
Workspace, Folder and Document Structure and Metadata
Metadata fields, e.g., Client ID and description, matter ID and description etc.
Metadata (Client, Matter, Department, Practice, Type etc)
CAM currently support following regions
North America (US East)
EU ( Ireland)
North America (Canada)
North America (US West)
How is data encrypted? What key strengths are used?
Data processed and stored by Litera CAM is encrypted and protected when at rest and in transit. AWS provides the encryption infrastructure.
For encryption in transit, only TLS 1.2 and above is authorized. Certificates are generated and maintained by Amazon Certificate Manager (ACM) using RSA keys with a 2048-bit modulus and SHA-256. All data access requires the use of HTTPS. HTTP connections are disabled. Inside the platform, all data is transmitted using HTTPS. For encryption at rest, the Litera CAM database and customer data stored in AWS S3 buckets are encrypted with AES 256. User account passwords are stored inside the database using an asymmetric non-reversable algorithm.
Private keys are generated, stored, rotated, and revoked using Amazon KMS. They are deployed and used on production systems as needed via our change control process.
Certificates are obtained through a reputable vendor and follow the built-in and industry standard renewal/rotation process based on expiry or revocation as needed.
Who has access to the production cloud environment? What kind of access does the DevOps team have and how do we ensure safety of the data?
We use authorization procedures to ensure that users only have access to those services and networks which are appropriate for their role and their business needs. Litera staff and all our data center partners’ personnel are screened, bound by strict confidentiality agreements, and have reference and background checks, where applicable.
The DevOps team manages the Litera cloud infrastructure and theoretically has access to data. However:
All DevOps team access is audited and they can only access the cloud through the managed Azure SSO System.
Access is granted based on a need-to-know basis. Each member has access to different accounts with varying access and utilization of the least privileged accounts for need is prioritized.
The security team monitors all access logs. Any identified outliers are investigated and justified.
Support and 1st level DevOps teams also use the CAM application to perform most of the customer's requests, thus further limiting the direct access to the backend.
All DevOps Engineers go through background checks.
If CAM is a multi-tenant environment, how do you ensure tenant data are separated logically?
CAM is a multi-tenant platform where some data are stored in a single tenant database and some data are stored in a shared database. All multi-tenant data storage has a “TenantID” column. This data is then logically filtered at every low-level API to ensure that all data returned are compartmentalized. Upon each login, the tenant-id is set as part of the authentication token. We separate the user's and customer's authentication using AWS Cognito services. Each tenant gets a Cognito account. This is then enforced on all APIs. This is also regularly tested as part of our automation testing framework-
CAM is also Pen-Tested with a third party pen testing application.
What access does Amazon(AWS) have?
We use Amazon’s infrastructure, so theoretically all data we store are in Amazon’s data center and they have access. However, AWS is a level 4 data center with one of the most mature and security-centric cloud platforms available. Our agreement with Amazon states that they do not look at customer data unless approved by the customer or in a criminal investigation case compelled by a supreme court or equivalent body in a given country.
What access does CAM have to iManage or Office 365?
In order to access iManage or any downstream access, CAM needs to connect to these systems over the web. Typically OAuth is used to connect to these systems. CAM needs a limited admin equivalent account to these systems to perform the CAM admin jobs such as creating workspaces, folders, teams, channels, etc.
Customers can control what type of access the CAM account should have in the downstream systems such as iManage. For Example in iManage, you can remove “View Document” permission for the CAM user’s role. This will ensure that while the Litera account can access and perform all administrative actions, this account can not download a document. You can also remove “Role Management” features from CAM the user to prevent the CAM user from doing role management. This will prevent CAM from creating new roles or managing roles.
How is user access controlled?
Customers access Litera CAM through an authenticated user account. Corporate logins and passwords are under the control of the Account Administrator with the option for other identity providers like Azure Active Directory, ADFS and Okta.
Does CAM stores any password of downstream systems like iManage and Office 365?
If the downstream system supports oAuth then CAM does not store any password. Instead an OAuth token is stored and renewed every 30 minutes. The downstream systems can also add further restrictions such as IP based restrictions, granular permissions, concurrency access etc.
What about iManage or Office 365 Full-Text Search?
As an limited administrative account, CAM has access to iManage and Office 365 APIs. This means using APIs, CAM can also do full-text searches. One way to prevent full-text search is by restricting CAM IPs in the iManage platform
If you restrict the full-text search, the following features will not be supported:
Documents Search (service desk feature) - no search by full text. If you don’t sync the document name, then users can't search by document name or see the name. Users can still search by other document metadata synced from iManage.
Does CAM need to connect to Office 365 as a Global Admin?
No, CAM only needs to be an Admin on SharePoint, OneDrive, and Teams (as well as Planner and OneNote if those features are used)
If CAM is not storing documents then how does it sync from Teams to iManage, move documents between two iManage libraries, or provide business continuity features for iManage content?
Litera’s philosophy has always been to store only the data necessary to run the application and avoid unnecessary data storage. In that spirit, we have decided to not store any documents in CAM.
To perform Business Continuity, Sync from MS Office 365 to iManage and vice versa, archive or move workplaces, folders, and documents within two databases, etc., we require customers to create their own AWS account and install a portion of CAM code. (Litera provides all instructions and the installation package). Documents are then synced or stored temporarily in the customers' AWS account. Litera will never have access to those documents. Even with Business continuity, a customer has to log in and use 2FA to authenticate by email or text message before they can access the account. So Unless Litera accounts are registered in the customers' email domain or cell-network, Litera cannot access any documents.
(CAM has a feature to sync all documents and offer users an alternative means of downloading documents in the event the iManage system is not available)
What certifications (if any) does Litera have? Is CAM ISO compliant? Do Litera’s service offerings undergo auditing?
Litera’s CAM is a SOC2 TYPE2 compliant platform. Litera’s CAM application is included in the scope of our ISO 27001:2013 certification and controls. Independent audits are conducted by a registered third party as part of our compliance program. Also, independent audits are conducted by a registered third party as part of our compliance program.The results of these processes are tracked through our improvements process. The methodology and tools used to conduct penetration testing are tailored to each assessment for specific targets and attacker profiles. AWS, as the infrastructure provider, has the highest levels of infrastructure and information security certifications.
CAM also is participating in the CSA Program.
Is CAM Pen Tested?
Yes, CAM is Pen-Tested by a third party.
Does Litera need access to a client’s internal network for Data Uploader (DU)?
No, The only time we need access is when our consulting services team is implementing CAM for you. This access can be removed after the implementation or arranged to do the installation via remote sessions (check your SOW: the installation and installation via remote access takes additional time).
While Data Uploader (DU) runs on the internal network. DU is also configured with OAuth. DU only uploads the contents that are configured to be uploaded (users, groups, workspace information etc). DU does not upload any documents from the network. DU need limited read rights to the billing/practice management database or HR database.
Our Support or DevOps teams does not require direct access to your environment. All troubleshooting can be arranged via online screensharing sessions.
How does Data Uploader connect to CAM?
Data Uploader (DU) connects to CAM via OAuth. Initial tokens are obtained during the initial setup and then renewed on a regular interval. Token can not be used to directly log into UI. Tokens are stored encrypted locally.
What other security measures are in place to prevent bruteforce and DDOS attacks?
CAM is deployed on AWS. the platform itself is leveraging all AWS managed services. AWS managed services are hosted in tier-4 data center. All services have 3 availability Zone redundancy. Most of the external attacks are managed and monitored by AWS at infrastructure level. Please refer to this whitepaper on more information: https://d1.awsstatic.com/whitepapers/Security/DDoS_White_Paper.pdf
CAM also uses AWS Cognito for authentication. There is an built-in account-lock, throttling and alert after x number of invalid attempts.
Does CAM support TLS 1.0/1.1/1.2?
Currently, CAM supports and uses TLS 1.2 by default. TLS 1.0/1.1 is technically supported, however:
On June 28, 2023, AWS dropped all support for TLS 1.0/1.1. This affects users using Windows Server 2012 or older with the use of Data Uploader.
Windows Server 2016 and above are the natively supported versions with 1.2.
How do data centers comply with security standards?
Litera CAM can be hosted in a multitude of geographic regions to support data sovereignty requirements as follows:
North America (US East)
North America (Canada)
North America (US West)
Each environment is contained within a network security Virtual Private Cloud (VPC), which provides ingress network filtering from the broader Internet. The application is multi-tiered, consisting of an application front-end, worker backend, database, and storage repository; each tier is further isolated by security group and made resilient with availability zones. Our service agreement with AWS ensures the safeguarding, confidentiality, integrity, and availability of Litera’s customer data and guarantee controlled access of their own employees. (For more information: AWS Physical Security).
What other services are available for integration?
How is network traffic filtered, logged and monitored?
Several systems are used to monitor the performance and security of the Litera CAM application.
Performance: Application Performance Monitoring (APM) is enabled. Monitoring allows the Litera team to track overall application load and the performance of application worker servers, while planning for future server capacity.
AWS Security: CloudWatch event logs are monitored. Alerts are sent to the Litera team for immediate resolution. CloudWatch alarms are setup for database and disk space to alert for capacity planning.
Application Errors: Custom scripts are used to monitor the web, worker, and API systems for any errors. Alerts are sent by email to the Litera team to resolve.
Server Security: AWS Guard Duty is used to monitor the servers and other infrastructure in AWS for intrusions and threats. Alerts are configured to send email alerts to the Litera team. Additionally, VMWare CloudHealth is used to ensure secure infrastructure.
Vulnerability Scanning: SonarCloud, Veracode, and GitHub CodeQL vulnerability scanning is configured to scan and identify points of weakness on a regular basis. Additionally, AWS advisor is used to ensure all AWS configurations and systems are set up correctly.
Penetration Testing: Penetration testing is conducted annually in order to safely identify any vulnerabilities in the Litera CAM, systems, network, configurations, or services.
Intrusion Detection Scanning: Litera CAM has implemented real time monitoring of the application servers for any exploits and inspects all packets before they reach the server.
Event Logging: CloudTrail event logs are collected and maintained for 12 months.
What policies and systems do you have for managing risk?
Litera maintains a comprehensive set of policies that guide our procedures and practices for ensuring compliance with our information security obligations and requirements. Our policies align directly with the relevant ISO 27001:2013 framework controls.
How does risk management apply to employees?
At onboarding and annually thereafter, all Litera employees must agree to confidentiality terms, participate in annual security awareness training, and must abide by internal policies and standards. Security training covers privacy and security topics including device security, acceptable use, preventing malware, physical security, data privacy, account management, and incident reporting.
What happens in the event of an incident?
Litera has established policies and procedures for reporting and responding to potential security incidents. All incidents are managed by our Incident Response Team (IRT). Our policies provide for notification to customers in the event of a security incident involving the unauthorized use or disclosure of confidential or personal information.
What measures are in place to prevent service disruptions?
Business continuity plans are developed to maintain or restore business operations in the required time scales following an interruption to, or failure of, critical business processes. The Business Continuity Management (BCM) process has a management structure in place to prepare for, mitigate, and respond to, a disruptive event using personnel with the necessary authority, experience, and competence to manage an incident and maintain information security. We have documented plans, and response and recovery procedures, detailing how Litera will manage a disruptive event and maintain its information security to a predetermined level.
Litera CAM is deployed with a fully mirrored recovery site with data stored in separate availability zones to provide data center and geographic resiliency. Litera maintains a robust business continuity and disaster recovery plan that is tested annually. Litera has established runbooks that aid the business continuity team with quick resolution of an event.
What measures are in place to secure my data?
Litera CAM is designed with data privacy in mind. All data stored or processed by the system from a customer, or their collaborators is never inventoried, scraped, or classified. Data is always encrypted, segregated from other customers, and can be stored in specific geographic regions to comply with privacy laws and regulations.
What addresses are correct and what addresses need to be whitelisted?
The addresses provided in the documentation are strictly for the API and what is required for CAM to connect to external systems. The Web UI of CAM uses both AWS Cognito for authentication and AWS Cloudfront as a content delivery network. We (Litera) have no control over those addresses and they would need to whitelist the entirety of the AWS IP blocks for those services if the client is looking to lock down traffic. Those IP blocks would include all AWS-hosted products/sites, not just CAM.
How are resources secured with the Azure Stack?
All resources created by CAM Azure Stack will be secured using the Azure standard security. Permission will only be granted to the CAM function apps and other CAM Azure Stack resources in the same resource group. No users, accounts, or external apps will be granted access by default except what the Azure subscription administrator has setup previously (inheritance rules).
The details of permissions are as follows:
Reader and Data Access Role: the role is granted to all CAM function Apps.
Storage Account Key Operator Service Role: the role is granted to all CAM function Apps.
Storage Blob Data Owner Role: The role is granted to all CAM function Apps.
MySQL Server: no roles assignment or Firewall changes are done by CAM Azure Stack. The database is only accessible by CAM function apps (internally within the same resource group) using the admin username/password created during the deployment process.
All Other resources: no roles assignment or Firewall changes are done by CAM.
Except for the CAM Azure Stack function apps, none of the resources in the resource group will be accessed externally. For the MySQL Database, the option to “Allow access to Azure services” is enabled during the deployment process and all other IPs are restricted by default. Even though the function apps will be accessed externally, those will be accessed by CAM instance only. If you plan to restrict the function apps inbound IP’s, the Litera Customer Care team (firstname.lastname@example.org) can provide the list of IPs that should be whitelisted based on your CAM instance Zone. The current list of IPs can be found at https://pdocs.atlassian.net/wiki/spaces/CCAM/pages/29491219 .
In addition to the strong security provided by MS Azure, Litera strengthens data security by controlling and filtering access to even the virtual private clouds hosted by industry-leading cloud services such as MS Azure. While managing the Azure cloud, customers can also take precautions to detect and prevent suspicious activities. Litera helps you to track and monitor logs, audit system calls, and set up alerts for potential intrusions.
Litera’s systems support the latest secure cypher suites, including TLS 1.2 and later protocols, AES256 encryption, and SHA2 signatures.
Litera ensures the safety of data at rest by encrypting the data using 256-bit Advanced Encryption Standard (AES-256). This standard is applied to relational databases, file stores, database backups, and so on. Litera even safeguards the encryption keys and processes by encrypting them securely.