In order to help prevent unauthorized access to user accounts and information, Cloud Elements has implemented a number of information security procedures and best practices.
- Cloud Elements and best practices require that all access to any information systems containing sensitive and/or customer information, including our platform, use multi-factor authentication.
- Any user account that isn't used for 90 days will be disabled.
- After five failed attempts to sign in to a user account, the account will be disabled. A locked account will automatically reactivate after at least 30 minutes.
- Manager approval is required before access or privileges to Cloud Elements information processing systems can be granted.
- You are strictly prohibited from using shared or group accounts, or sharing credentials.
- Except for password resets, all changes to user accounts—including termination, creation, or privilege modification, must be approved by a superorg or org admin.
- For security, user passwords must include at least 10 characters, including at least 3 of the following 4 types of characters:
- a lower-case letter
- an upper-case letter
- a number
- a special character (such as !@#$%^&*)
(Note: no more than 2 identical characters in a row are allowed; eg 111)
Best Practices for Users
We also recommend that your organization implement the following best practices:
- Because users are responsible for all actions performed using under the context of their identity, ensure that all users have their own respective, unique credential. Regardless of its form—a username, badge, or token—this credential must never be shared with any other person, regardless of whether or not they are also part of the same organization.
- Limit administrator privileges to the fewest staff possible to perform sensitive duties. For each person who has administrator rights to any part of the Cloud Elements platform, you must have documented justification for their inclusion.
- If a user is terminated, their access to the Cloud Elements platform should be immediately revoked.