CAM is designed to help firms manage cloud-based content across the full matter life cycle and ensures data is accessible, usable, and secure. CAM uses leading cloud service provider Amazon Web Services (AWS) - a secure scalable cloud computing platform with high availability and dependability.
How CAM Works
The CAM Architecture is built and maintained through AWS Cloud Formation templates. The template is used to create a collection of AWS resources and to provision a set of standardized infrastructure components in an automated manner across all accounts. The following AWS resources are provisioned:
Amazon Cloud Formation for infrastructure deployment.
Amazon Cognito for secure tenant creation and sign-in.
AWS Identity and Access Management (IAM) for secure access to AWS services.
Amazon Simple Email Service (Amazon SES) to send notification emails.
Amazon Route53 is a Domain Name System (DNS) web service for name resolution.
Amazon CloudFront is a content delivery network (CDN) for faster data delivery.
AWS Certificate Manager to secure the identity of the websites.
Amazon API Gateway to process API calls.
Amazon Virtual Private Cloud (VPC) for private virtual network to create a private sub-net for the database. The following AWS resources are placed in the VPC:
AWS Lambda offers the benefit to run the code without provisioning servers.
Amazon DynamoDB offers the benefit of a NoSQL high-performance database service.
Amazon Relational Database Service (Amazon RDS) as a database service (Amazon Aurora).
Amazon Elastic Search Service (Amazon ES) to operate ElasticSearch.
Amazon EC2 with Elastic Load Balancing and Auto Scaling to maximize performance.
Amazon CloudWatch for notification alerts and service monitoring.
Amazon Simple Notification Service (Amazon SNS) for platform notifications.
Amazon Simple Storage Service (Amazon S3) for cloud storage and retrieving data.
Important: Currently, CAM supports and uses TLS 1.2 by default, but allows TLS 1.0/1.1 if the Data Uploader is run on a Windows 2012 Server.
On June 28, 2023, AWS is dropping all support for TLS 1.0/1.1 and this could affect users using Windows Server 2012 or older with the use of Data Uploader.
Windows Server 2016 and above are the natively supported versions with 1.2.
Access CAM: CAM is accessed over HTTPS from any modern browser.
Access to client on-premises Database: CAM does not make any changes to your on-premises database and access to the database is restricted to authorized roles only.
Data Encryption in Transit and Rest: All the data in transit and rest are encrypted. CAM ensures robust data protection across endpoints and networks to protect data in both states.
Virtual Private Cloud: The data servers are placed in a secure private sub-net that cannot be accessed from the internet.
High Data Availability / Disaster Recovery: AWS has a worldwide network of data centers and data is replicated across different regions. This speeds up the availability of your data by connecting you to the nearest data center location and retrieving data faster. This in turn ensures data is always available and avoids any negative impact due to service outages or natural disasters.
Data Sync: CAM can be configured to continuously sync data from your on-premises database to the cloud. This ensures a live cloud copy of your data is always available in case of any service outages.
SOC 2 certification: Litera is in the process of obtaining SOC 2 certification for CAM directly which will further confirm our service is specifically designed and managed to maintain the highest level of data security. Litera does have ISO 27000.1 certification for its products.
Scalability: CAM is designed to scale out and handle variable workloads and peaks in activity without impact on performance.
Security is a critical part of any application. CAM security measures are configured to protect data and manage authentication rules for individuals and groups to ensure the confidentiality of your data. Our security features include:
SAML-based SSO (Single Sign On): SAML authentication is the process of verifying the user’s identity and credentials. It provides a very secure method of passing user authentications and authorizations between the identity provider and CAM. All CAM users are authenticated and sessions are audited within the application. CAM has a strong Identity and Access Management solution (IAM) that prevents any unauthorized users from connecting to the system.
Data Access Control: CAM provides role-based access control to set user / group-specific access and editing permissions for data.
Monitor User Activity: CAM allows you to monitor and generate reports to track any irregular user activities such as the mass download of data or cabinets and workspaces regularly accessed and updated.