Data Security

Merlin's unique single-tenant architecture offers security, redundancy, high availability and disaster recovery options unique to our industry.

We are committed to data security.

We know security is critical to our clients and to their business, so at Merlin we incorporate security into the very fabric of our software platforms and engage leading industry experts to assess every aspect of our security architecture.

To increase flexibility and maximize our ability to separate client data, we’ve implemented a single-tenant architecture. With a single-tenant environment, each Merlin deployment is unique to a client, using dedicated encryption keys to protect all data at-rest and in transit, ensuring that your sensitive data is never accessible to others. We can also offer clients a range of additional security measures including customizable control over the environment, enhanced access restrictions and special monitoring.

We build our operations practices to meet and typically  exceed applicable industry standards for privacy and data security both in the U.S. and around the world. To support that objective, all Merlin deployments are hosted in  Amazon Web Services (AWS), the pre-eminent supplier of cloud infrastructure and services.  Like many of the world’s leading cloud based software providers, we use AWS to provide infrastructure, networking and advanced security services. In addition, we integrate security best practices into software design and data management.

From the beginning, our goal has been to create a cloud-based solution that drives business value while meeting or exceeding our clients’ data protection requirements. Merlin works every day to earn the trust of our clients to host their data in the cloud more securely than if it was behind their own firewalls.

Application Security

We offer a host of security options designed to ensure control over access to your data from upload to archive. In addition to cloud monitoring and active firewall management, we use these best practices to protect data from improper access:

Encryption in Transit and at Rest

Data is encrypted in transit and at rest to ensure maximum security using industry leading protocols including TLS and AES-256. This ensures that data is protected at all times on the Merlin platform and in transit between Merlin and its users.

Secure Document Lockdown

Requests to view a document must be accompanied by a time-limited Authorization Ticket before access is granted. This keeps users from improperly sharing files and hackers from traversing file servers.

Permission-Based Roles

Merlin provides granular Role-Based Access Control (RBAC) in which every function in the Merlin software platform is available as a permission that can be assigned to a role. Administrators can create roles for any combination of functions, limiting the fields and actions available for each user.

Single Tenant Environments

Our systems run securely in dedicated environments where client data is never co-located. Each matter runs on separate database, search and storage servers that can be protected from both inside and outside intervention.

Secured for Multi-Participants

We provide private fields and shared folders in our standard deployment. User groups get private tag sets and shared searches so they can work together while protecting group work products.

Complete Logging and Auditing

We provide full auditing and logging capabilities so site administrators can track each person's use of the site. Document views, tags, searches and other actions are tracked throughout.

Cloud Security

Those new to the public cloud may wonder whether they are compromising security for speed, scalability and cost savings. In fact the opposite is the case. AWS pioneered secure public cloud services and is the leader worldwide on cloud security. From the beginning, we have purpose-built Merlin’s software platforms to run on the Amazon cloud and to take advantage of the the many enhanced security features and services it offers:

1. Physical Security

AWS maintains highly-secure facilities which are locked-down and monitored at all times. We have decades of experience managing our own environments across private data centers and find AWS to be more secure for a number of reasons, including the fact that they are staffed with many of the best information security professionals in the world.

2. Certifications

AWS has been providing infrastructure for government agencies and other large entities around the world for more than a decade. As a result, it carries an extensive list of security certifications, from multiple ISO badges, to FedRAMP (U.S. government required), to PCI, HIPAA, SOC and dozens of other certifications. AWS carries over 40 U.S. and international audit certifications.

3. Encryption

AWS simplifies the use of industry leading encryption technology for securing data in transit and at rest. Encryption ensures that data is only accessible by authorized identities and/or services regardless of the location of that data.

4. Redundancy

AWS provides a highly available infrastructure spanning the entire globe. Each AWS region contains several availability zones made up of multiple distinct and highly secure data centers. Deployments on AWS can leverage these data center resources to maximize service availability in ways that couldn’t otherwise be reasonably achieved.

5. Security Services

We take advantage of multiple additional services offered by AWS to protect client data to augment our security practices.  If you need custom security for your site, we can offer a wide range of special options to further strengthen the protections inherent in a single-tenant environment. Ultimately, you can take control of your complete site.

Our Goal

Our goal in developing the Merlin IS platform was to create a cloud-based software solution that drives business value while meeting and typically exceeding our clients’ data protection and privacy requirements. The Merlin team works every day to earn the trust of our clients to host their data in the cloud more securely than if it was behind their own firewalls. 

If you would like to know more about our security practices, reach us at 

"There’s no silver bullet solution with cyber security, a layered defense is the only viable defense.”

James Scott, Institute for Critical InfrastructureTechnology

Ready to Believe?

Software is the magic of the Twenty-First Century. Contact us to learn more about Sherlock and our Merlin Integrated Search.
Scroll to Top