download the Lithium security datasheet

Lithium Technologies 

security overview 

At Lithium, security is our strength and one of our core competencies. 

Many Lithium customers and end-users are extremely tech-savvy and 

demand the highest standard in security from our products and services. 

As such, Lithium reaffirms its commitment to security by adhering to 

security best practices in every aspect of our product development and 

deployment life cycle. Security is incorporated into the design of our 

products and services and tested rigorously before rollout to production. 

We also conduct regular security audits and security vulnerability 

testing of our products and our production hosting environment to 

ensure continued compliance with our strict security standards. Below 

is a brief overview of security measures used at Lithium. 

application security 

The Lithium application itself has several layers of security, some of 

which include: 

▪ An extensive input and output validation layer checks and validates 

for proper and expected input and output. All user-provided content, 

such as the URI, query string parameters, form submissions, 

cookies, etc. are validated through this framework before the 

underlying application layers are allowed to handle the request. All 

non-validated input is either escaped or rejected as necessary. 

▪ The application has a robust permission system which allows 

granular control over user, role, and group level access. 

Permissions and roles can be applied at the global community level, 

on categories, boards, and individual users. The fine granularity 

of the permissions ensures that users can be granted the specific 

access they need, without having to grant them excessive rights. All 

unauthorized access attempts are logged in the audit logs. 

▪ User provided content is also checked and validated using an 

intelligent HTML parser. Administrators can specify which HTML 

tags are allowed, including tag attributes and sub-tags. This 

intelligent parsing protects against many forms of attacks such as 

cross-site scripting, script insertion, style hijacking, cookie theft, 

etc. By providing such extensive HTML parsing, we can allow our 

users to safely use HTML tags for rich and lively content creation 

without forcing them to learn custom or proprietary markup 

languages. 

▪ On the application layer, we also employ a fail-safe countermeasure 

called “ticketing”, whereby secure, encrypted, and time sensitive 

tickets are assigned to user requests. All form submissions which 

result in an administrative action require valid and matching tickets 

to proceed. The ticketing system is completely transparent to the 

user and helps protect against certain classes of attacks called 

cross-site request forgery. This measure protects against attacks 

that originate from external content outside of the application’s 

control. 

application security 

done right: 

Extensive I/O Validation 

Layer Checks 

Robust Permission 

System 

Intelligent HTML Parser 

Ticketing System 

Lithium BlackBox



▪ A Lithium proprietary safeguard called BlackBox is also used on 

Lithium communities. Similar to the black box recording systems 

used on airplanes, it records key information about the system and 

user requests including, request parameters, URLs, IP addresses, 

etc. In case of a security breach Lithium can playback these 

recordings to identify exactly how the breach took place, as well 

as any actions and damage that the intruder may have inflicted. 

If necessary, BlackBox recordings can be used to rollback the 

community to a specific point in time and undo any damage caused 

due to malicious activity. 

network security 

At the network level, Lithium’s production environment is designed to 

provide maximum security based on security best practices. 

▪ Our servers are protected by redundant 

firewalls. 

▪ The front-end application and web 

servers are isolated from other services 

such as DNS and SMTP. 

▪ The databases are further protected in 

a separate data island firewalled from 

the front-end servers. No direct access 

from the Internet is allowed to the 

database servers. 

▪ Intrusion Detection Systems are 

deployed to monitor unauthorized 

access or detect malicious traffic. 

▪ Only relevant ports are allowed such as port 80 (HTTP), port 443 

(HTTPS), and a 5xxx range port for customers using the chat 

application. 

security at its finest, on 

all levels: 

Application Security 

Network Security 

Host Security 

Physical Security 

Access Security



host security 

At the host level, Lithium servers are fine-tuned or “hardened” 

according to security best practices. 

▪ Only necessary services and software are installed. 

▪ Servers are regularly updated with the latest security patches. 

▪ All management traffic to the servers is encrypted. 

▪ Where applicable, malware detection tools are also used for good 

measure. 

▪ Administrative access to servers is restricted to authorized staff 

and must occur over a secure encrypted session. All administrative 

access is logged and monitored. 

▪ Security auditing is turned on and logs are sent to a secure log 

collection system. 

physical security 

The Lithium production environment 

is hosted in SSAE16 and ISO27001 

certified secure datacenters. 

Datacenters are equipped with CCTV 

systems, digital recorders, and 

manned by security guards on a 24x7 

basis. Access to the datacenters is 

restricted to authorized staff only 

and reviewed on a regular basis. Multiple forms of authentication are 

required to access the facility such as a valid picture ID, a secret PIN 

code, and biometric identification. Datacenters are also equipped with 

fire, water, and heat detection and protection systems. 

access security 

Physical access to the datacenters is restricted to Lithium Technical 

Operations staff and controlled by access lists held by the colocation 

facility’s security department. Logical access to the production 

environment can only be established via a secure encrypted session 

which is also restricted to Lithium Technical Operations staff. All 

administrative access is logged and monitored. 

battle-tested 

datacenters ensure 

your data is secure: 

SSAE 16 

TYPE II CERTIFIED 

SSAE 16 


ISO 27001 

IS 574923



proactive monitoring 

Lithium monitors all communities and critical infrastructure on a 

24x7 basis. An alert system is tied to each of the community’s health 

statistics, as well as major parts of the Lithium hosting infrastructure. 

All major services such as DNS, firewalls, servers, and Internet 

connectivity are actively monitored. Alerts are also set up to monitor 

security related events and detect security violations. Security auditing 

is enabled on systems, and logs are sent to a secure log collection 

system for retention and safe keeping. 

redundancy and backup 

The hosting infrastructure at Lithium is designed with multiple 

redundancies for maximum uptime. 

▪ Secure datacenters have UPS and generator backup systems for 

power and diverse entry points for key utilities and communication 

facilities. 

▪ At the network edge, Lithium has deployed multiple high-speed 

Internet Service Providers for fast Internet connectivity using the 

BGP protocol for redundancy and automatic failover. 

▪ Beyond the network edge, each critical system in the Lithium 

architecture is set up in a redundant manner to eliminate single 

points of failure. This includes redundant load balancers, firewalls, 

switches, and routers. 

▪ At the system layer, servers are deployed with redundant power 

supplies, redundant network cards, and redundant disk storage. 

▪ At the database layer, data replication is set up from master 

database servers to slave database servers in real-time. Lastly, 

regular backups are made and stored offsite in a secure location for 

safety. 

compliance, audits, and certifications 

▪ Lithium datacenters are SSAE16 certified, ISO 27001 certified, and 

PCI DSS section 9 certified. 

▪ Lithium hosted application solutions are ISO 27001 and SSAE16 

certified. 

▪ Lithium is U.S.-E.U. Safe Harbor and U.S.-Swiss Safe Harbor selfcertified. 

your community is 

certified safe with 

Lithium: 

SSAE 16 


SSAE 16 


ISO 27001 

IS 574923



▪ Lithium has been awarded TRUSTe’s Privacy Seal signifying that our 

privacy policy and practices are complaint with TRUSTe’s program 

requirements including transparency, accountability, and choice 

regarding collection and use of private information. 

▪ Lithium conducts annual security vulnerability and penetration 

testing using independent third party auditors. 

about Lithium 

Lithium helps companies unlock the passion of their customers. 

Lithium software powers amazing Social Customer Experiences for 

more than 400 iconic brands including AT&T, BT, Best Buy, Indosat, 

Sephora, Skype and Telstra. Lithium helps companies grow brand 

advocacy, drive sales, reduce costs and accelerate innovation to create 

social communities that redefine the customer experience. For more 

information, visit lithium.com, or connect with us on Twitter, Facebook 

and our own community–the Lithosphere. Lithium is privately held with 

corporate headquarters in San Francisco, Calif. and offices in Europe, 

Asia and Australia. 

Lithium 

lithium.com | © Lithium Technologies, Inc. All Rights Reserved. 

SSAE 16 


SSAE 16 


ISO 27001 

IS 574923 

contact us 

To learn more about our 

security practices, visit 

lithium.com/security, 

or email us at 

security@lithium.com.

download the Lithium security datasheet

Create successful ePaper yourself

Delete template?

Save as template?