Engineered for security

Casefleet uses tried and true web application frameworks to ensure the integrity of communication between the client and the server. Techniques include XSS protection, CSRF protection, signed cookie-based session management, rate limiting, and audit logging.

When possible, data is anonymized via a UUID. By doing so, each component in the Casefleet infrastructure is only aware of the bare minimum required to serve its purpose.

Passwords are never stored in plain text. They are all hashed before storing in the database.

All files loaded into Casefleet are automatically scanned for viruses and malware. This helps prevent the spread of potentially harmful files in your firm.

All external and internal communication requires encryption via TLS. All of our web servers require an SSL connection from end users in order to access the application. Communication between internal systems is also required to be encrypted.

All stored data is encrypted when written to disk. In the case of a physical security breach, the attacker would have no way of reading client data.

Casefleet infrastructure responsible for handling end-user data lives entirely within a virtual network engineered to expose only required components to the public internet. All other components require secure access via the private network.

All code is subject to automated testing for security and integrity. After automated testing, code is reviewed and signed off on by another engineer, then tested in a staging environment — only then is it allowed to be released.

All data stored within Casefleet is automatically backed up on a daily basis and retained for an extended period of time. In the case of a disaster recovery scenario, this data can be used to restore the application to the last known operational state.

All employees are issued a company laptop returned upon termination. Every laptop has disk encryption enabled to prevent theft. Engineers with production-level access additionally have a firewall enabled and network monitoring tools installed.

All access is given under the principle of least privilege and is revoked upon employee termination. Where available, two-factor authentication is required for all work applications. Access is monitored and audited regularly.

Every user account can enable two-factor authentication to add an additional security layer. Every time you log in, you will be prompted to enter a code from your phone in order to access your data.

Enterprise plans have the option to enable single sign-on via SAML2. This integration allows you to manage your users via a third-party authentication provider.

Every administrator within Casefleet can granularly control what data is visible to which users. This ensures privileged and confidential information stays that way, while allowing you to invite all of your collaborators.

Every time you log into Casefleet, a unique session tied to your web browser and IP address is generated. If more than one valid session exists at any time, Casefleet pushes an alert notifying you of the additional login so you can take further steps as needed.

All Casefleet data is stored in Amazon Web Services. For more information regarding their physical security please visit their website.

The Casefleet offices require key card access. All access is monitored via security cameras.