- 31 Jul 2024
- 17 Minutes to read
- Print
- DarkLight
- PDF
Reveal Hold Version 1.5 Deployment Requirements
- Updated on 31 Jul 2024
- 17 Minutes to read
- Print
- DarkLight
- PDF
Overview
Reveal Hold is a modern and intuitive legal hold notification, preservation, and collection platform. It provides a unique, single pane of glass experience that brings together many critical components, typically solved using multiple and often disparate technologies so teams can self-drive the entire process from a single application.
The purpose of this document is to outline critical aspects of Reveal Hold deployment requirements. These requirements should be reviewed by technical team members that may represent an organization’s Legal, eDiscovery, Information Technology, or Information Security team(s). Careful review is imperative to the overall success of the deployment.
Software Requirements
Reveal Hold is a web-based application that works with most modern web browsers. This means it does not require downloading or installation of any additional software. The licensed version of Reveal Hold contains a personalized application URL.
Supported Browsers
Google Chrome v. 20.0.1130.1 or above is recommended, with cookies, pop-ups, and JavaScript enabled.
Supported Operating Systems for Hybrid Deployment
Reveal Hold can be deployed in a hybrid configuration, where all components are maintained in Reveal’s SaaS environment, except the Plugin Agent. In this type of setup, the Plugin Agent is deployed in the customer environment. Below are the OS requirements required for the Plugin Agent.
Windows Server 2012 R2 or greater
.NET 4.6.2 or greater
Supported Authentication Methods
Local/Built-in
SSO using SAML / OAuth
Hardware Requirements
Supported Hardware for Hybrid Deployment
Reveal Hold can be deployed in a hybrid configuration, where all components are maintained in Reveal’s SaaS environment, except the Plugin Agent. In this type of setup, the Plugin Agent is deployed in the customer environment. Below are the minimum hardware requirements required for the Plugin Agent.
4 CPU cores
32 GB RAM
1 TB (or as needed) local storage
Storage Requirements
Whether Reveal Hold is deployed in SaaS, Hybrid, or On-Prem, the deployment will require storage locations if you intend to use the collection capabilities of the product. The storage location or “Evidence Repository” is the destination path where any collections will be stored. The size of these storage locations is based on historic collection trends and forecasted future collection growth. Below are the storage locations supported by Reveal Hold today:
File Share (this requires a hybrid deployment that utilizes the Plugin Agent)
AWS S3
Azure Blob
Azure File Share
Architecture Example
SaaS
Hybrid
On-Prem
Connectors
For more technical details, setup, or configuration questions, please contact your dedicated Reveal representative.
Authentication
Reveal Hold can integrate with SAML-based authentication methods, providing compatibility with various Identity providers.
SMTP Server
Reveal Hold can integrate with your SMTP server for all email-based notifications. A service account will need to be created with Send permissions for the SMTP Server/Port that is configured. Port 587 (Secure SMTP) will need to be allowed.
Employee/Contact Directory
Reveal Hold integrates with different HRIS tools or directories such as Active Directory, Workday, etc. Typically, Reveal Hold will need a dedicated service account with specific permissions related to the System. Typically, these permissions include Read permissions.
Data Sources
Reveal Hold integrates specifically with many data sources. Each data source has a custom integration and documentation on each data source will be provided based on the sources selected. These sources will need service accounts with permissions related to the data source outlined in the connector documents. Below is a list of Data Source Connectors that we offer Preservation and/or Collection capabilities for.
Storage
Reveal Hold will need read/write permissions for any storage location (on-prem or cloud) that will be configured for use within the platform.
Reveal Review (v11+) Integration
For active Reveal v11+ customers, Reveal Hold can automatically upload collected data to your Reveal-provided S3 buckets. This will configuration requires an account with Limited Read, List, Write access to the S3 Bucket/Folder.
Security
Reveal Hold can be deployed in the cloud as well as on-premises to blend with data sources generating critical corporate data. A hybrid deployment is also supported where a part of the application is hosted on the cloud and another part in the client’s secured data center. The security components and features for secure deployment, development, and operations of Reveal Hold are described in this document, which comprise:
Application Security
Infrastructure Security
Data Security
Application Security
Each component in the Reveal Hold application is protected using an integrated approach. We depend on stringent security standards to protect the application against unauthorized access and modification. Security measures at the application level that include secure coding, authentication, and vulnerability testing are described in this section.
Application Security
The Reveal Hold application supports password based local authentication as well as single sign-on (SSO) with Security Assertion Markup Language (SAML) or OpenID, which are top industry standards for federated authentication. The Reveal Hold application also has the capability to accommodate Multi-factor Authentication (MFA) which provides an additional layer of security to sign in.
All the passwords of service accounts are encrypted using a private key generated by Triple Data Encryption Standards (DES) or Advanced Encryption Standard (AES) with Cipher Block Chaining (CBC) mode. The passwords of user accounts used to login to the application are hashed and stored. Password hashing is used to verify the integrity of passwords, sent during login, against the stored hash so that the actual password never has to be stored.
The application prompts for a change of password upon first time login by the user. When setting passwords, the application requires the user to choose a strong password that contains at least one uppercase, one numeric and one special character. All user passwords are set to expire after a certain number of days. The number of days can be configured by the user. When a password is about to expire, the application displays warning messages indicating that the user's password is about to expire and must be changed. If the user ignores the warning and allows the password to expire, the user would be required to change the password upon next login.
Additionally, the application allows the Administrator to configure the number of previous passwords that should not be used while resetting the password. All successful logins to the Reveal Hold application are logged. The information logged includes the name of the user who has logged in, what device the user has logged in from, the IP address, as well as the time of login.
Access Control
Reveal Hold utilizes role-based access control, ensuring users are granted access rights only to the information pertinent to their roles, thereby preventing them from accessing information that does not pertain to them. The application also offers distinct project level access permissions, enabling enterprises to define and manage access privileges to view, edit, and execute the contents of a particular project.
If SSO is enabled, user access to Reveal Hold will be based on the access policy followed by the enterprise. If a user has resigned or has been terminated and is denied access to the enterprise email, their access to Reveal Hold will automatically be denied. For users who are managed within Reveal Hold, the application Administrator must ensure that the users are made inactive once they are terminated or no longer active in the organization.
Session Management
If the user is inactive for a certain period (stipulated inactive period plus refresh timeout period) the authentication token expires, and the user will be logged out from the application. If the period of inactivity however has exceeded the inactive timeout period, but it is still less than the refresh timeout period, then automatically, a refresh token is generated, and the user can continue using the application. Both inactive timeout period as well as refresh timeout period can be configured depending on requirements.
API Security
APIs are a critical part of almost all modern web and mobile applications. APIs empower businesses to build more dynamic applications. A hacked API can lead to a data breach and hence API security is very important. All Reveal Hold API endpoints are secured and restricted to only the users who should be allowed to access them, and potentially an application which acts on behalf of the user.
To access any API endpoint, the requesting party must go through a token-based authentication process following OAuth2 protocol. Authorization filters are available to validate each incoming request. The authentication process generates a JWT based authentication token which must be part of the API Request. When required, a unique authentication token is generated and set to expire, expiring after a short period of time.
All passwords are hashed and stored securely which helps mitigate data breaches. The service account passwords are encrypted using strong crypto algorithms such as Triple Data Encryption Standards (DES) or Advanced Encryption Standard (AES).
The APIs are secured by enabling Hypertext Transfer Protocol Secure (HTTPS) and encrypting the data using Secure Sockets Layer (SSL) and Transport Layer Security (TLS) certificates. Cross-origin resource sharing (CORS) has been enabled to allow only valid domains to access the APIs, thus preventing malicious websites from sending requests to the APIs. Anti-forgery tokens have also been created to prevent Cross-Site Request Forgery (CSRF) attacks.
Secure Application Development
The Reveal Hold product team has decades of experience in developing large enterprise software applications and follow strict discipline in various stages of the Software Development Lifecycle (SDLC). Our security architects spend relentless hours building the security fence from every step of the workflow automation throughout our application.
Every line of the code is maintained securely in our Azure Development environment bound by our time tested secure-coding guidelines. We closely monitor and follow OWASP Foundation, the Open-Source Foundation for Application Security standards and recommendations.
Every aspect of coding and architecture, from authentication and authorization to password storage and encryption, are implemented meticulously and tested vigorously. All our data transmission and data storage are properly encrypted with AES256 or stronger methods. All custom controls are coded to prevent cross-site scripting (XSS) as well as SQL injection.
Error Handling & Logging
Reveal Hold maintains a single file to log errors and user activities. All errors are logged by default. If any additional user actions need to be logged as well, the application supports configuring the same. All log files are stored in an encrypted location. It is ensured that error messages do not contain any server related data or sensitive info.
Application Log Backup
Reveal Hold supports a configurable application log backup policy. Depending on requirements, the application logs can either be backed up or archived to a destination of choice. A rollover log policy can also be configured based on size of log files. Once the total size of log files exceeds the configured value, the logs will be rewritten.
File Upload
During file upload, both client-side and server-side validation are done on the file size and file extension. Server-side validation for malicious file content or data signature or code is also done. Files are stored as byte streams in the database and hence not directly accessible by users.
Security Testing
Reveal Hold conducts both internal and third-party vulnerability assessments for identifying and fixing potential weaknesses in the application. Every two months, security as well as penetration testing is done by a third party to identify security related vulnerabilities in the network, infrastructure, and application. The vulnerability reports are shared with the Reveal Hold team. The Reveal Hold team reviews the report and takes necessary action to remediate issues reported. The outcome of these tests helps us continually improve Reveal Hold security and lower the overall risks.
Infrastructure Security
When the Reveal Hold application is deployed on client premises, the application is secured behind the client firewall. The customer IT team is responsible for ensuring the security of the application.
For the SaaS model deployment, the team at Reveal Hold takes care of ensuring security. Reveal Hold uses Microsoft Azure to provide a seamless secure environment for clients. Microsoft Azure provides a collection of integrated cloud services that help protect business assets while reducing security costs and complexity. The following sections provide a comprehensive look into the security made available for the Reveal Hold application with Azure.
Additional details about SaaS security can be provided on request.
Data Security
Data security refers to the protection of data from unauthorized access, modification, and destruction. Protecting both data in transit and data at rest are crucial as attackers continue to find new methods to compromise systems and exfiltrate data. At Reveal Hold, we strive to protect data wherever it is at each step of the Electronic Discovery Reference Model (EDRM) process.
Securing Data in Transit
Data encryption is one of the most effective data protection methods for both data in transit and data at rest. For protecting data in transit, Reveal Hold encrypts data before sending it over the internet or an open network. All to and from communication on Reveal Hold servers are secured with data being encrypted using SSL and TLS 1.2 certificates. For service accounts connecting to third party tools such as Microsoft, Google, etc., encryption is done through SSL certificates. The SSL certificates are automatically renewed on expiry.
Securing Data in Use
To secure data in use, the access to data within the application is tightly controlled. User roles are defined in the application to help restrict access to data. Only specific user roles or specific users are allowed to access and/or modify data. Additionally, the granular permission features in Reveal Hold lets Administrators decide whom to grant access to view, edit, and/or process projects. Access to a project can be granted to individual users or to specific user roles.
Securing Data at Rest
Encryption of data at rest provides an additional layer of security to protect the integrity and confidentiality of data. Reveal Hold encrypts the storage drive using SHA-256 hash function making it significantly more difficult for hackers to access the data on the drive. Additionally, care is taken to ensure that Personal Identifiable Information (PII) is not written into log files or any data location.
The password of all service accounts is stored in encrypted form in the database. All private keys used for encryption are stored as encrypted values or as thumbprints in the database. Encryption of a private key is done either using another private key that is defined in the application or by using a security thumbprint. Only service accounts that are given privileges are allowed to access data and perform read/write operations. Minimum privileges are granted to the service account interacting with the database such as explicit read, write, and delete permission on the database objects. Strong validation rules have been implemented on both client and server side for all input fields and all the text fields are sanitized before storing data in the database. Parameterized queries and stored procedures are used in all transactions. All these measures help prevent SQL injection attacks.
Authentication to Reveal Hold databases is allowed using SQL-level or windows-level authentication. The application users are given the least set of privileges to access the database and database objects. This ensures that the extent of damage will be minimal in case the login credentials are compromised.
Depending on requirements, Transparent Data Encryption (TDE) is applied on the database. TDE uses real-time encryption at the page level. Pages are encrypted before they are written to disk, without increasing the size of data and log files. Pages are decrypted when read into memory. Table level encryption is also supported for database tables that store PII information.
The logic within stored procedures is hidden from plain view with the help of encryption. When a stored procedure is encrypted, its text is converted into a non-readable format. The definition of the stored procedures is not directly visible from the object explorer. Therefore, the procedure cannot be modified or viewed by users who do not have access to system tables or database files.
In addition to server-level permission, database-level permissions are also defined and access to database entities is restricted to specific users and user roles. The latest version of database management software is used and all latest security patches related to OS, SQL Server and .Net framework are continuously applied as soon as they are rolled out from Microsoft.
Depending on requirements, database backups can be configured to be taken monthly or bi-weekly. All backups of the database are stored in highly secure systems and are subject to the equally stringent security controls as the database itself.
Legal Hold Considerations
Legal Hold Templates
There are several different templates, such as custodian or stakeholder hold notices, reminder, escalation, awareness, and release notices. All these templates can be customized. When customizing templates, Reveal Hold provides dozens of Parameters that can be added to a template. Parameters will automatically populate the necessary value when sent to the recipient. Example parameters include Hold Name, Custodian Name, Custodian List, Matter Type, etc. The editor used to manage the content of these notices supports Rich Text so all formats will be preserved whether it is manually entered or pasted from your clipboard through a Word document.
Questionnaire Templates
Reveal Hold provides the users with the ability to create an unlimited number of custom questions which can then be added to one or more Questionnaire Templates. Users can create questions in the form of free form text, radio button, multi-select and conditional questions. These templates can be optionally sent to custodians with their legal hold notice. When sent alongside the legal hold notice, the custodian must complete the questionnaire alongside acknowledging the legal hold notice.
Email Notification Templates
There are many different email notification templates, such as password changes, password resets, approvals, requests, etc. Many of these templates can be customized. They are used to send specific information messages from Reveal Hold.
Employee Directory Configurations
Reveal Hold requires the following fields by default when creating an employee:
Employee ID
First Name
Last Name
Alias
Department Name
Last Update Date
Employment Status
Primary Email
Reveal Hold supports other employee fields, contact fields and address fields. Additional custom fields can also be configured as needed.
Synchronizations are customizable and are set to a cadence of preference (daily, weekly, monthly, etc).
Employee Change Configurations
Reveal Hold automatically tracks changes that occur to all employee records when changes occur manually or through the synchronization process. In the example below, the title field was updated for Lorraine Banes, therefore the system will automatically highlight the differences. When Employees are subject to a hold, these changes are reportable and can be used for automatic reporting purposes.
Approval Workflows
Reveal Hold includes an approval system which can be enabled or disabled. When enabled a user can select up to two approvers to review the details of a Matter and/or Hold. These approvals can be configured and changed as necessary for the user. These approvals can be used to collaborate with multiple teams and approve holds without the need for multi-mode communications which create workflow inefficiencies.
Migration
Migrations from manual workflows or previous products can be completed in multiple ways. We offer migration via direct data transfer, API integration, or SQL based manual interaction, depending on the previous software.
Direct data transfer typically consists of exporting data from the current application in a compatible format such as CSV, XML, or JSON. This is our suggested route for a migration.
An API integration can be offered if our application already has a connector to the previous solution.
A SQL-based manual interaction can also be done depending on the application and the client's permissions.
Other Technology Considerations
Technology
Reveal Hold is built with an Angular 7 front-end user interface with a Microsoft SQL back-end relational database.
Known File Paths
Any known file path for on-prem collection must be accessible by the Plugin Agent machine and have sufficient permissions. The service account configured for the Plugin Agent needs to read and write permissions into the application.
File/Folder Permissions
Any storage location specified for collections must have Read and Write permissions.
Antivirus
Reveal Hold does not require any changes to known file paths when a Plugin Agent is required.
Firewall
Firewall rules may have to be put in place for agent communication or SMTP communication, but this largely depends on deployment configuration. Typically, Reveal Hold can run without any firewall rules but during onboarding, any required rules will be covered.
Disaster Recovery
A solid disaster recovery strategy is key to business continuity. Site recovery and data backup are key elements of the Reveal Hold disaster recovery plan. Our disaster recovery plan is continuously improved by disaster recovery mock drills and feedback capture processes.
Backup
Reveal Hold databases running on Virtual Machines are backed up to the Azure storage account. The backup period is configurable according to customer requirements. Currently, database backups are taken daily for all the Reveal Hold production servers and stored in Azure Blobs.
The backup is first taken to a local folder on the Virtual Machine with the help of an SQL maintenance wizard. Azure Resource Manager (ARM) PowerShell script that is configured in the task scheduler then moves the backup data to the Azure storage account. The script also takes care of removing previously stored data (old backups) on the Azure storage account.
Snapshots of Operating Systems (OS) or Virtual Hard Drives (VHD) taken are either used as backup, or to troubleshoot Virtual Machine (VM) issues. Currently, hard drives from Reveal Hold Virtual Machines are captured as snapshots in the Azure storage account.
Site Recovery
Azure helps quickly recover the Reveal Hold application in case disaster hits. Azure Site Recovery (ASR) is leveraged to replicate all the VM disks continuously from a primary Azure location (source environment) to a secondary Azure location (target environment) asynchronously. The recovery points are created every few minutes which provides a Recovery Point Objective (RPO) in the order of minutes. Disaster recovery drills can be conducted any number of times without affecting the production application or the ongoing replication.
The replication servers are maintained at different data locations. When an outage occurs at the primary location, a failover can be initiated to the secondary location. The Reveal Hold application can then be accessed from the secondary location. During failover, any recovery point can be used. When everything is running normally again, a fail back can be initiated to continue accessing the application from the primary location.
Technical Support
For any technical support further to what is covered in this user guide, please contact Reveal Hold support by email at [email protected].