Jusmundi — 4 Years in Review

Security & compliance

Vulnerability management, IdP SSO, and certifications

Vulnerability & CVE reduction

• Vulnerability remediation target: <7 days for critical CVEs; container scan pass rate >95%.
• Vulnerability management: weekly vulnerability scanning and remediation of critical vulnerabilities. Using OpenVAS, Trivy and Semgrep.
• Semgrep SAST, GitLeaks secret scanning, Mega-Linter and GitLab Ultima Sec for code security.
• Implement Cloudflare WAF and DDoS protection for the website, rate limiting and bot detection.
• Use Vault for secrets management, secret rotation, certificate automation and in transit encryption for user documents

IdP SSO with Keycloak

• Keycloak authentication modernisation: migrated from legacy auth and upgraded through 4 major versions (v22 → v26).
• SSO integration with Microsoft Entra ID and other internal services; 2FA and brute-force protection enabled.
• Keycloak in HA mode; token expiration and high-latency incidents resolved in production, and across multiple regions.
• Use of Keycloak in API Gateway mode for authentication and authorization of microservices.

ISO, SOC & compliance

• ISO 27001 preparation and support; Server hardening and firewall reviews.
• Platform aligned with SOC II certifications achieved by Jusmundi.
• First IA Tech implementing and maintaining ISO 42001 compliant security frameworks for IA.
• Annual firewall reviews, access control, and EDR/XDR agents on new servers.

SEO improvements

• Anti-scraping and WAF implementation tuned to preserve SEO: legitimate crawlers whitelisted (AhRefs, SemRush, Oncrawl, Google Analytics, etc.).
• WAF behaviour and SEO impact monitored throughout rollout; bot traffic reduced by ~75% without impacting real users or search visibility.
• SEO drop issues investigated and addressed; since AI bots shift, SEO has been stable and improved over the years.

SLA & reliability improvements

Uptime, alerting, and incident response

• Alerts based on SLAs for critical services; SLO-based alerting for availability monitoring.
• Platform availability maintained at 99.9%+ for critical legal research; target 99.9% uptime for core services.
• MTTR reduced from hours to minutes (P1 ~30 min average) through observability and runbooks.
• Alert noise reduced by ~60% via intelligent filtering.

Platform & infrastructure

• Infrastructure v2 assessment, US hosting (DNS, Kubernetes, network), cost optimisation and Kubernetes migration from Nomad to Kubernetes.
• Observability: Victoria Metrics, Loki, Grafana dashboards, DataDog APM and tracing across services.
• Network: Migration to Magic WAN, VPC peering and VPN and Cloudflare WARP.
• Database: PostgreSQL tuning, autovacuum and cache hit improvements; 20+ critical disk-space incidents resolved.
• Jus AI support: Elasticsearch clusters, GPU nodes, assistant and document-classification services.
• CI/CD: pipelines optimised, automated with templating, container scanning, code linting; Infrastructure as Code (Terraform and Ansible) with ~90% reduction in manual configuration errors.