Technical Security

Encryption at rest mail flow
Granular roles for controlled access
Simple password hashing

The following technical controls support LiveOffice’s infrastructure, application and data security policies.

These include:

  • Infrastructure Security
  • Application Security
  • Data Security

Redundant Firewalls
 

LiveOffice uses best-of-breed, redundant firewalls to block Internet-based attacks from its network and maintain high availability.

Redundant Load Balancers
 

LiveOffice’s data centers are outfitted with top-of-the line, high-traffic throughput load balancers. Its network is designed with multiple layers of redundancy for both performance and availability.
 

Minimum System Baselines
 

LiveOffice standard server builds align to industry best practices, i.e., CIS and NIST benchmarks. Only the required services are enabled on a server.
 

Role-Based Access Controls
 

LiveOffice’s cloud-based email archiving solutions contain a number of roles, including built-in roles and custom roles, for users, account managers, policy managers, role managers, administrators and auditors.

Two-Factor Authentication
 

Users must login to LiveOffice services with a username and password. With LiveOffice’s Trusted Networks capability, companies may choose to “lockdown” access for certain services, so only users logging in from specified IP address ranges are permitted to login to any given domain.

LiveOffice also leverages the Security Assertion Markup Language (SAML) 2.0 standard to enable single sign-on for authentication federation. SAML 2.0 ensures that a user’s credentials are maintained by the client organization (not LiveOffice), and that a token is securely transmitted for authentication.
 

Password Hashing
 

LiveOffice leverages password hashing to encrypt all user passwords before they are stored. This is important in the unlikely event that the database is comprised and can be an area of considerable exposure for the enterprise. In addition, this means no LiveOffice employee can login to a customer’s archive without the customer’s permission.


Audit History
 

Administrators can conduct audits and review the history of their LiveOffice archiving applications to review important statistics and user actions. They can also setup email alerts to receive notification of any new hits to active surveillance searches, e-discovery downloads or other areas of concern.

LiveOffice employs a variety of security measures to ensure its databases and data are secure.

Encryption in Transit (TLS)
 

When clients send data to LiveOffice for archiving, they typically use a 256-bit TLS-encrypted tunnel. Transport Layer Security (TLS) is an encryption protocol that provides security for communications (e.g., email and IM) sent via the Internet as well as other types of data transfers. TLS encryption maintains the data integrity of emails, so they can’t be modified, intercepted or altered while in transit.

Encryption at Rest (AES)
 

LiveOffice uses the industry-leading Isilon clustered Network Attached Storage (NAS) solution to store data. Isilon’s proprietary oneFS clustered file system technology stripes (also known as sharding) data across every hard drive and node in a given Isilon cluster. This means any given email message or file is spread across the drives and nodes in the system.

In addition, LiveOffice’s innovative data at rest architecture uses an Advanced Encryption Standard (AES) of 256-bits, while using unique encryption keys for each client. LiveOffice stores and maintains the keys separately from the physical data. This separation ensures data is only accessible when the two components come together, which only occurs via the application service. (LiveOffice clients may select this service.)

If clients select this option, LiveOffice can hash user passwords in storage. This is important in the unlikely event that the database is compromised. Password hashing also ensures that no employees are able to login to a customer’s archive without the customer’s permission.

Secure Virtual Client Domains
 

LiveOffice archiving solutions are physically multitenant solutions but use application security to protect client data. Client data segregation in the archive is controlled across multiple layers, including a unique client journal address, unique database IDs and storage partitions. Each client’s data is stored in a company unique folder on a common/shared storage cluster infrastructure.