Is Steno Connect Secure?

Security measures designed for sensitive legal matters

Steno Connect was purpose-built to meet the need of attorneys who want to take depositions where all parties are in remote locations. Steno Connect combines both videoconferencing and exhibit sharing into one convenient web application to eliminate any confusion and maximize the ease of use.

 

We also focused on building a product that could accommodate participants operating with the most stringent security requirements. Most video conferencing platforms present the same primary issue: they require the participant to download software and install an application on their computer to facilitate the videoconferencing part of the deposition or other proceeding. This process can expose them to various security issues. Given that concern, we designed our platform to allow all participants to join the videoconference using any modern web browser — no download required. This development choice alleviates the need for any application besides a modern web browser. 

 

We follow standard security practices when developing our applications and their underlying infrastructure and network. Our considerations include:


    • On/Off Record is controlled only by the host and court reporter.
    • Any document shared during the session is stored securely on AWS.
    • All data to and from our system is encrypted, and all data at rest in our database is encrypted.
    • At the application tier, we incorporate best practices from OWASP to ensure we are not introducing coding vulnerabilities during our software development process.
    • We built our technology on a product certified under ISO/IEC 27001, a management system that provides specific requirements and practices intended to bring information security under management control.
    • We built our system on a product guided by ISO/IEC 27017 and ISO/IEC 27018, internationally recognized codes of practice addressing cloud-specific information security threats and the protection of personally identifiable information (PII).
    • Our in-house engineering team rigorously manages Steno Connect, bringing a wealth of knowledge in information security protocols.