In order to help prevent unauthorized access to user accounts and information, Cloud Elements has implemented a number of information security procedures and best practices.
- Cloud Elements and best practice require that all access to any information systems containing sensitive and/or customer information, including our platform, use multi-factor authentication.
- Any user account that isn't used for 90 days will be disabled.
- After five failed attempts to sign in to a user account, the account will be disabled. A locked account will automatically reactivate after at least 30 minutes.
- Manager approval is required before access or privileges to Cloud Elements information processing systems can be granted.
- You are strictly prohibited from using shared or group accounts, or sharing credentials.
- Except for password resets, all changes to user accounts—including termination, creation, or privilege modification, must be approved by a superorg or org admin.
- The password configurations for length and complexity, managed from the Security tab, identify the minimum requirements of a usable password. For example, the following length and complexity requirements mean that user passwords must be at least eight characters, and include at least one uppercase and lowercase character, one number, and one symbol.
The Symbol Character Set defines the allowed symbols. If you require symbols as part of your password policy, you can use this field to add or remove specific symbols.
Best Practices for Users
We also recommend that your organization implement the following best practices:
- Because users are responsible for all actions performed using under the context of their identity, ensure that all users have their own respective, unique credential. Regardless of its form—a username, badge, or token—this credential must never be shared with any other person, regardless of whether or not they are also part of the same organization.
- Limit administrator privileges to the fewest staff possible to perform sensitive duties. For each person who has administrator rights to any part of the Cloud Elements platform, you must have documented justification for their inclusion.
- If a user is terminated, their access to the Cloud Elements platform should be immediately revoked.