Laptop with padlock password and scanning unlock and access to business data network cloud biometric
laptop-with-padlock-password-scanning-unlock-access-business-data-network-cloud-biometric

Security

Cerenade main logo

At Cerenade, we understand the importance of dependable security to our users across confidentiality, integrity, availability, and more. We are a proud leader in security among our peers and continue to invest in strengthening our secure posture as a key organizational priority.

Quick Navigate

Cerenade

30+ years of security excellence

Shield icon

Technology company with security in our DNA

In today’s environment, software buyers should be weary to distinguish between genuine technology providers with proven track records and sub-par solution vendors, who often lack engineering talent, integrate many sub-solutions to create bug-prone and less secure “Frankenstein” solutions, and typically mask such solutions with heavy marketing (since the product cannot substantiate itself). For over 30 years, Cerenade has developed cutting-edge software solutions for thousands of organizations and has relied on high product quality to carry its reputation. While our product offering has evolved over time, our commitment to maintaining industry-leading security standards for our users and their clients has remained constant.

Badge icon

Trusted by US Department of State, NASA, and thousands of other organizations

Cerenade has developed best-in-class software solutions for clients of all sizes in security-intensive sectors such as legal, government, and healthcare. Former customers include the US Department of State, NASA, other federal / state / local governmental agencies, and corporate enterprises (including thousands of law firms) across the globe.

24/7 hours open icon

Operated by internal security experts available 24x7x365

Cerenade proudly employs top software engineering talent with deep domain expertise across data security, infrastructure security, product security, policy and access control, monitoring, and compliance. We find it critical to internally employ our development and maintenance functions (rather than farm them out) to maintain accountability and prevent our users from needing to worry about jurisdiction or indemnification issues in the unlikely event of a security breach. Our skilled technical team is always available and prepared to respond to security incidents.

Best seller icon

Underpinned by best practices in design, development, and incident response

Cerenade’s software development process revolves around leveraging security-first best practices and conducting regular reviews to ensure secure design from high-level architecture to low-level code. Our team also leverages best practices in incident response to quickly mitigate escalation and to keep our users operational with minimal downtime.

User protection icon

Maintained by organizational security with tight employee security protocols

While ensuring strong security postures within our products is critical, we know that security begins with us. Cerenade’s organizational security protocols and policies for its employees include limitations to accessing customer data, SSO + 2FA authentication for our business operations and development environments, technical protection policies including firewall and encryption, and physical + administrative controls for workplace resource access.

Staying Ahead

Persistent R&D, updating, testing, monitoring, and certifying to remain on the cutting-edge

Research icon

Regular R&D, management, updating of posture

Security has been and continues to be a key area of research & development investment at Cerenade. Our security posture is actively managed to comply with the best industry standards across PCI DSS, ISO 27001, SOC TSP, and more. Our technical team makes it a priority to stay on top of the latest security trends, resources, and vulnerability-related news (both through regularly planned internal reviews and external check-ins with security consultants) to keep our security posture ahead of the curve.

Testing icon

Continuous testing and monitoring

Cerenade’s products, development environments, and business operations environments are continuously tested and monitored by a robust set of security tools, including Microsoft Defender for Cloud for our Azure servers, to protect against malware, exploits, and other digital threats. Azure also maintains firewalls, constantly monitors user sessions (including activity and IP tracking), and deploys sophisticated intrusion detection mechanisms to catch and stop suspicious activity.

Cloud storage icon

Annual penetration testing

Each year, Cerenade hires a certified cybersecurity agency to conduct penetration testing across our products and environments. While we are proud of our security posture, we remain humble in the face of the unknown, and take this extra step to further ensure that we are protected against vulnerabilities to the greatest extent possible.

Advanced Data Security

Cerenade invests heavily to retain a unique, first-class security posture for protecting user data
and maintaining high data availability

Single-tenant database model

Cerenade houses each customer’s data in its own separate database instead of a shared database between all customers – in IT technical terms, this is referred to as a “single tenancy” data model. This physical isolation of data provides for significantly stronger security postures and a sounder risk mitigation. Note that most case and practice management software vendors do not justify investment in single tenancy models due to increased costs associated with the production environment; however, Cerenade’s eIMMIGRATION, eCMS, and other case and practice management products have leveraged this methodology since their inception and have therefore absorbed additional costs in exchange for delivering superior security to our users.

On-the-fly data geo-replication (failure and disaster recovery)

Regular (at least daily) data backups are critical to ensuring data is recoverable should any be corrupted or lost via an infrastructure failure or natural disaster. Cerenade takes data back-ups for its users a level further by securely replicating their data and backing it up on-the-fly (continuously, at most every 15 minutes) from a primary Microsoft Azure server location to additional server locations in different geographic regions. Note that this is not the same as nightly backups to a remote location, which is a more common industry standard: in the standard scenario, an organization could lose up to a day of work (a large organization with 100 users can lose 100 man-days of work!). On-the-fly data replication, which at most will result in a loss of 15 minutes of work, therefore provides users with much stronger resilience and superior disaster recovery. And though the on-the-fly geo-replication architecture is more costly than the standard alternative, Cerenade justifies the investment to provide best-in-class resilience and recovery to our users.

Robust Automation Enablement icon

Internal forms technology

Forms management, a key component of case management, is conducted on Cerenade’s solutions via our secure internal e-forms engine. Our technology stems from years of development efforts in e-forms end markets other than case management (e.g., enterprise forms management for governmental agencies); therefore, Cerenade is uniquely distinguished in that other case management vendors will commonly rely on third-party e-forms engines. An internal e-forms technology provides for considerably enhanced data security since form data does not need to travel (and potentially be intercepted by a malicious party) between the case management vendor’s infrastructure and a third-party form engine vendor’s infrastructure. Further, once the form data sits within the third-party vendor’s infrastructure, the third-party can exploit the form data for its own benefit, go on to share / sell form data with other (unauthorized) vendors, or in a less malicious case, can have their infrastructure infiltrated and data stolen by a hacker / malware all while the case management user has no idea. Preventing third-party vendors from accessing confidential form data keeps Cerenade liable, and is yet another unique data security advantage offered to product users.

Infrastructure Security

Cerenade partners with Microsoft Azure to provide bank-grade security on heavily fortified infrastructure

Microsoft Azure for cloud

To ensure the highest possible security and availability, Cerenade uses the world-class services of Microsoft Azure for hosting its products in the cloud. Azure’s infrastructure and operations takes advantage of multiple levels of redundancy to protect your data against hardware failures, enforces rigorous backup and disaster recovery plans, and deploys sophisticated intrusion detection mechanisms and firewalls to protect your data. More than 66 percent of Fortune 500 companies rely on Azure, which offers enterprise grade SLAs on services, 24/7 tech support, and round-the-clock service health monitoring along with redundancy and rigorous backup and disaster recovery plans.

Protection icon

Bank-grade encryption in-transit and at-rest

Cerenade product user data (e.g., cases, forms, client info, and more) is encrypted both in-transit (i.e., when sending and receiving data between your personal device and Microsoft Azure servers) and at-rest (i.e., while the data is housed on the Azure servers) using the most secure protocols found in security-intensive contexts such as banks and governmental agencies. In-transit encryption is accomplished via Transport Layer Security (TLS), the most up-to-date and secure protocol for transferring data across the internet. The data is then stored and encrypted on Azure servers using TDE (including 256-bit AES, among other algorithms), the gold standard for at-rest encryption that would take the world’s fastest supercomputer trillions of trillions of years to break (while the known universe is estimated to be less than 14 billion years old).

Guarantee icon

Azure physical security certifications and measures

Cerenade data is protected by Azure’s state-of-the-art physical infrastructure security. Microsoft Azure runs in datacenters managed and operated by Microsoft. These geographically dispersed data centers comply with key industry standards, such as ISO/IEC 27001:2013 and NIST SP 800-53, for security and reliability. The data centers are 24x7x365 managed, monitored, and administered by Microsoft operations staff with decades of experience delivering the world’s largest online services. Additional layers of security include (but are not limited to) robust (needs-based) access request and approval processes, persistent security guard patrols and video surveillance throughout datacenters and facility perimeters, and 2FA requirements including biometrics for employees.

Product Security and Access Control

Cerenade products are loaded with a variety of additional security and control mechanisms

Fingerprint scanner icon

Advanced Authentication: 2FA + SSO

Users of all Cerenade solutions take advantage of advanced authentication for more robust login safeguarding. Two-factor authentication (2FA) is available across platforms and devices with flexible verification delivery options including text and email. Cerenade also allows for convenient single sign-on (SSO) and provides flexible optionality, including Microsoft Azure AD SSO and Google SSO, to many clients with SSO requirements in their organizational policies.

Profile icon

Role-based permissions and administration

Cerenade products include administrative tools to configure visibility, access, and permissions across users. This can be applied to a variety of data types, including forms, cases, and much more, to enforce information availability on a need-to-know basis.  Admins can also take advantage of role-based permissions (available on both an individual and group level) to seamlessly orchestrate access control across their enterprises.

Padlock icon

Password policies and log-in locks

Cerenade product administrators can require users to set strong passwords and regularly reset passwords at a given interval. After multiple attempts of logging in with an incorrect password, users will be locked out of log-in attempts for a defined period of time, which administrators can bypass.

Compliance

Credit Card icon

PCI DDS

Cerenade is fully compliant with PCI DSS. PCI DSS (Payment Card Industry Data Security Standard) Compliance is a set of information security standards designed to ensure that businesses who accept, process, store or transmit credit card information maintain a secure environment as defined by the PCI Security Standard Council. Cerenade products adhere to PCI compliance in tandem with our payment processing partners, PayPal’s BrainTree and LawPay.

Account icon

GDPR

Cerenade is fully compliant with GDPR. GDPR (General Data Protection Regulation) in plain terms, is a European Union wide protection that gives individuals more control over their data. GDPR sets guidelines for the collecting and processing of personal information of persons within the EU. While Cerenade is an American company, based in California, these regulations pertain to us because we serve customers all over the globe, including the EU. GDPR standards are met for all Cerenade end-users (both EU and non-EU).

Medical Report icon

HIPAA

Cerenade is fully compliant with HIPAA. According to the HHS, “the HIPAA (Health Insurance Portability and Accountability Act) Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes.” While HIPAA compliance is mostly relevant for users who are or work with healthcare entities and / or patients, Cerenade’s adherence to HIPAA standards applies to all its users.

ISO certification icon

ISO27001, SOC 1/2, FedRAMP, and additional compliance via Azure

Cerenade solutions are hosted on Microsoft Azure, who we partner with to meet many legal and regulatory standards. Azure meets a broad set of international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2, as well as country-specific standards like Australia IRAP, UK G-Cloud, and Singapore MTCS. For more on Azure compliance: https://learn.microsoft.com/en-us/azure/compliance/