stay connected facebook twitter YouTube LinkedIn
Exchange eNewsletter
Exchange • Spring 2015 > Learn What's New in ProLaw 2015.1

Securing Your Business Development Data in the Cloud: A Technical Overview

The benefits of cloud computing—such as collaboration, reduced IT costs, and nonstop availability—are prompting many companies to adopt cloud solutions to meet their business needs. As the adoption rate of cloud solutions increases, so does the emphasis on data security. Not all cloud solutions are created equal, which is why it is important to partner with a provider that not only emphasizes the importance of security, but also has a demonstrated commitment to data security.

For nearly a decade, Thomson Reuters Elite 3E® Business Development (formerly Business Development Premier) has helped leading global organizations solve the challenge of mining previously untapped relationships and turning them into business assets and insights.

While the challenges of providing security and privacy are evolving along with the cloud, the underlying principles haven't changed. 3E Business Development is a secure system from software development through service delivery, operations, and support. A key part of this Business Development offering is the 3E Business Development Data Engine. The Data Engine is a multitenant solution hosted in Microsoft® Azure®, coupled to a managed CRM solution built on Microsoft Dynamics® 365 CRM online.

Our goals for this offering are simple: to operate the 3E Business Development in the cloud with the security and privacy you expect from Thomson Reuters and to give you accurate assurances about our security and privacy practices. We have implemented and will maintain appropriate technical and organizational measures, internal controls, and information security routines intended to protect customer data against accidental loss, destruction, or alteration; unauthorized disclosure or access; and unlawful destruction.

3E Business Development in Microsoft Azure

Microsoft Azure helps us take control of cloud security, define security policies, and detect actual threats early.

Microsoft Azure also ensures a 99.9% uptime service level agreement across all of their online assets.

Vulnerability Testing

To ensure that your data is invulnerable to security attacks, 3E Business Development undergoes annual manual penetration tests. Manual testing combines human expertise with professional security testing software and tools, such as automated binary static and automated dynamic analysis. In addition to annual manual penetration testing, 3E Business Development in the cloud additionally undergoes quarterly static and dynamic code analysis and weekly network scans.

Certifications and Audits

Microsoft Azure and CRM are proven platforms and have been certified to ISO 27001, ISO 27018, and SSAE16 SOC1 Type II standards through extensive audits.

Data Center Security

We are committed to helping keep customer data secure, maintain privacy, and meet compliance regulations, while providing high service availability. We have risk-based information security and privacy controls for ensuring that the data center infrastructure meets our commitments to customers to meet their complex compliance requirements.

3E Business Development is hosted as a PaaS multi-tenant application in Microsoft Azure and synchronizes data with Microsoft Dynamics CRM online. Microsoft Azure and CRM are hosted within Microsoft data centers.

Microsoft employs a multidimensional approach to securing their data centers. For more information, please visit Microsoft's Trust Center at

Network Security

Network services are provided by Microsoft Azure. For more information, please visit Microsoft's Trust center at

Azure PaaS helps us mitigate common risks and responsibilities at the physical infrastructure level. We use key management for data governance and rights management.

Security advantages of Microsoft Azure Platform as a Service (PaaS)

Security advantages of Microsoft Azure Platform as a Service (PaaS)

Application Security

To ensure against co-mingling of client data, 3E Business Development provisions each client into physically separated databases and file structures. Data stored in the database is encrypted at-rest to further protect customer data against loss.

User accounts created and administered by the customer can be synced securely to Azure Active Directory. 3E Business Development enables customers to configure password requirements to mirror their own corporate password policies. Furthermore, service accounts to access on-premise client resources are protected using Azure Key Vaults and accessed securely using Azure service relays. Users can only see the data to which they have been granted access.

From a supported web browser, customers connect to 3E Business Development via an HTTPS session that is secured with 256-bit encryption, thereby enforcing encryption of data in transit.


Our standard and custom application health check metrics help identify, remedy, and alert us of system anomalies. We also use native Microsoft Azure Monitor, Application Insights, and Log Analytics to monitor the 3E Business Development production environment. We run reports and analytics on copies of production workloads in Azure without affecting customers.


See the Following for More Security Information for these Microsoft Products

Azure – Introduction to Azure Security

Microsoft Trust Center

Azure Security Best Practices and Patterns

Getting started with Microsoft Azure

Securing PaaS Deployments

Dynamics 365 – Microsoft Dynamics 365

Microsoft Dynamics 365 Security