.svg)
Infrastructure
& Security
Enterprise-grade security controls, built on Microsoft Azure and tailored for the law firm environment.
The Oddr Secure Cloud architecture employs industry-leading practices to protect your data and systems. Our approach encompasses encryption, multi-factor authentication, rigorous access controls, continuous monitoring, and proactive threat detection — providing a resilient and secure environment for your firm’s critical financial data.
Network Architecture
All data and resources within the Oddr Secure Cloud sit inside a private Azure Virtual Network (VNet). There is no direct public access to internal services.
The sole entry point for external traffic is a WAF-enabled Azure Application Gateway, which enforces secure TLS protocols, inspects incoming traffic for threats, and helps prevent unauthorized access and common web exploits.
Outbound network traffic is strictly controlled using firewall and network security rules. Egress is limited to approved and trusted destinations required for platform operations — such as essential Azure services and vetted third-party providers. This helps prevent unauthorized data exfiltration and reduces the risk of lateral movement in the event of a compromise.
Web Application Firewall (WAF)
The WAF-enabled Application Gateway is the only publicly accessible endpoint for the Oddr Secure Cloud. It provides protection against common web threats including SQL injection, cross-site scripting, and other OWASP Top 10 vulnerabilities.
Malware Protection
Oddr uses Microsoft Defender for Cloud to scan all customer-uploaded assets and all build and deploy artifacts. This ensures that end users and systems are protected against potential viruses and malware before content enters the platform environment.
Access Control & Authentication
.png){kind=icon}
Oddr provides role-based access controls that let firms configure user permissions according to their internal governance requirements. User management allows firms to set password controls that fit their business needs.
.svg){kind=icon}
SSO connectivity is available throughout the Oddr Secure Cloud, supporting providers such as Okta, Microsoft Entra ID (Azure AD), Google, and Duo. SSO simplifies user management, encourages stronger passwords, and provides a reliable mechanism for removing access when an employee leaves the firm.
.png){kind=icon}
Oddr integrates with the firm's identity provider using OIDC for secure, standards-based authentication.
.png){kind=icon}
End clients of law firms access the Oddr Client Portal using a secure one-time code login flow, eliminating the need for passwords while maintaining strong authentication.
.png){kind=icon}
Oddr employees with access to production infrastructure are required to use multi-factor authentication for Azure console and system access.
Secure Development Practices
Oddr maintains and enforces secure development and deployment practices across the software development lifecycle.
All code changes require mandatory peer review before acceptance into the release codebase.
Code reviews, testing, and deployment are performed by separate individuals, enforcing segregation of duties.
Application development and testing occur in environments that are separate from production.
Third-party libraries and tools are updated on a regular cadence to ensure the latest security patches are applied.
Access to the codebase and deployment pipelines is centrally managed with role-based permissions.
Changes are submitted with risk assessment, implementation plans, and rollback procedures.
Penetration Testing
Oddr follows OWASP best practices to mitigate potential application vulnerabilities. Oddr engages with an independent third-party vendor to perform penetration testing on at least an annual basis. Significant findings are remediated promptly, and retests confirm closure.A summary of the most recent penetration test report is available upon request under NDA.
Security Patching
The Oddr Secure Cloud primarily uses managed Azure services — including Managed PostgreSQL Database, Azure Storage Accounts, Azure App Configuration, Azure Key Vault, Azure Service Bus, and Container Apps — which are patched regularly by Microsoft as part of the Azure Cloud infrastructure.
For Oddr-managed components, patches and updates are tested for stability and availability before deployment to the production environment. Critical and security-rated patches are applied as they become available.
Security Auditing & Logging
All authentication events and service logs that track user and system activity are managed centrally. Oddr invests in log analysis to detect and respond to suspicious behavior or security incidents. Security monitoring systems are in place to monitor the production environment for possible or actual security breaches, with alerts configured for anomalous activity.
Continuous Monitoring
Oddr maintains continuous, around-the-clock monitoring of the Oddr Secure Cloud to identify and respond to issues before they impact customers. Monitoring covers.
.svg){kind=icon}
CPU utilization, memory consumption, disk space, and network traffic are tracked in real time across all production services via Azure Monitor. Alerts fire when metrics breach predefined thresholds.
.png){kind=icon}
Application Insights provides end-to-end visibility into request latency, error rates, dependency performance, and exception tracking. Degradations trigger automated alerts to the engineering and operations team.
Authentication failures, unusual access patterns, and configuration drift are monitored continuously. Microsoft Defender for Cloud provides threat detection and security posture management across the environment.
.svg){kind=icon}
Synthetic health probes continuously verify that all public-facing endpoints are responding and healthy. Any failure triggers immediate investigation and, when applicable, automated recovery.
.svg){kind=icon}
Customers will be able to monitor the current operational status of Oddr services, view historical uptime data, and subscribe to email notifications for planned maintenance and incidents.