Many law firms today are moving rapidly to the “Cloud”, by putting their foundational systems such as billing, practice and document management into the virtual world. The concept of the cloud provides the potential for a substantial reduction in the costs and labor associated with traditional technology. With Cloud technologies, oversight for technical compliance and security is entrusted to a specialized team utilizing state-of-the-art hardware and software to maintain your technology infrastructure at a lower cost than doing it yourself. Firm management can be assured that best practices are always in place. This lack of “hands-on” control over a “box with blinking lights” can leave management rightfully concerned about the security of their very important data.

Orion Law Management Systems (OLMS) takes this concern very seriously. Our leadership has more than 100 years of combined experience working with and for law firms. We understand the ethical, fiduciary and practical aspects of safeguarding law firm and client data while at the same time providing access from anywhere, anytime and device. We truly understand that the safeguards put in place must provide constant and reliable security regardless of whether or not a user is working from their office, home or while traveling; 24 hours a day/7 days a week; and from any device capable of running a Remote Desktop Connection (RDC) – e.g., Windows- based PC, Mac, iPad, iPhone or any other smart-phones with active sync capabilities. To balance accessibility, security and privacy, OLMS utilizes multiple strategies are used to provide assurance to our clients.

Superior Physical Security

Strong physical security is one of the first steps to safeguarding valuable intellectual property. The data center used by OLMS provides state-of-the-art manned security with complete access control systems.

Most law firms secure their technology through a door lock and alarm system that is vulnerable to breaches including: burglary, employee theft, fire, power surges and other unforeseen acts. Servers can be stolen and power surges can destroy hardware. These vulnerabilities become even greater if there are any errors in the most recent backup media. In addition, many employees have sensitive data stored on their local machines and are thus subject to theft and destruction outside of the workplace. All of which leave a company subject to potential law suits, loss of credibility and other associated problems and risks.

In contrast, access to OLMS Cloud infrastructure and hardware is controlled 24 hours a day/7 days a week by security guards, cameras and individual key cards linked to biometric hand scanners.

Critical Security Details Provided by OLMS

Application Fix Management: One of the largest security challenges and organization faces is proper and regular scheduled installation of security patches for each desktop and application. OLMS subscribes to up-to-the-minute patch notification and installation. This minimizes potential flaws that can be exploited by various malware and hijack attempts.

Encryption Services: All data transmissions between a user’s device and OLMS services pass through a 128-bit Secure Sockets Layer (SSL) encryption channel. This level of end-to-end protection makes electronic eavesdropping practically impossible, whether the user is working from their law office, home or a public Wi-Fi network. OLMS implements software-enabled internal security built into the Orion software, Worldox and other applications to restrict individual users’ access to specific data or software routines compatible with their employment designation, job responsibilities or need-to-know.

Data Isolation: Each law firm’s software and data resides on its own private Cloud within OLMS data center. Each also has its own individual URL address. Different law firms do not share software applications and each firm’s data is physically segregated from all others.

High Availability: OLMS data center is housed in a state-of-the-art colocation center managed by Cogent Communications, a Tier 1 multinational Internet Services Provider and an undisputed leader in the field. Uninterruptible Power Supply (UPS) and backup generators ensure continuous service should the power grid ever fail. The facility is both SAS 70 Type II and PCI Schedule C compliant. Fully-encrypted backups are performed of each firm’s data continuously throughout the day and periodically sent to three separate data centers (geo-redundancy). This multi-layered backup strategy ensures should one replicate copy of any backup fail, there are multiple other copies available.

Login Credentials: Login Credentials are issued by Orion to each user who must choose and individual password which is both complex – requiring use of both upper and lower case letters, at least one number and one miscellaneous character – and of 8 digits in length or longer. Access to a law firm’s private Cloud server is not possible without entering the correct password to match each user’s individual identification name and each unique URL access address. In addition, we work with each firm to make sure users change their passwords periodically.

Firewall and Anti-Virus/Anti-Spam: The data center is also protected by sophisticated firewall and anti-virus/anti-spam technology which employees both reputation-enabled defenses and virus-spam-malware intrusion protection which blocks and drops potential attacks seeking access to the data entrusted to OLMS. Most viruses and spam are caught and filtered even before entering the internal network. For items that do, OLMS has a secondary anti-virus filtering process for added protection. This multi-tiered approach offers the strongest protection possible. OLMS engages an independent IT security specialty firm to periodically perform penetration attacks and otherwise assess our systems configurations for potential weaknesses or vulnerabilities.

In summary, the usage of modern technology coupled with superior services, provides the law firm with a highly secure environment that is superior to an in-house deployment of strategic software. If management is concerned about security of their most important data, a Cloud deployment is the best choice.