Since our big release of Cloud Elements 2.0 in August, the team has been keeping up the pace on new product development - and we’re super happy to announce a raft of new security features! These changes are the foundation needed to secure SOC 2 & ISO 27001 certification later this year - so stay tuned for more information on our certification in the coming weeks!
Here’s a quick summary of the new security features you’ll see in the Cloud Elements UI.
A new menu has been created on the left column of the UI - here you will find all controls and configuration for security, user management and role-based access control.
Organization Level Controls
- Two-Factor Authentication (2FA)
Organization administrator users can now enable and require two factor authentication for all users within that Organization. Cloud Elements supports two different types of 2FA, SMS and Google Authenticator. Both of these are configured in the Security Menu.
- Password Rules
Organization administrator users can now enable and enforce strict password guidelines for all users. The setup for this is under the main Security Menu.
- User and Developer Accounts
All user management is now configured under the Accounts tab of the main Security Menu. Here, Organization administrator users can create, edit and delete accounts and users.
- Role-Based Access Control (RBAC)
Organization administrator users can now assign specific roles for users within the Organization. Some role examples include “editor” and “read only” access. This is “read-only” at this time - we’ll be making further changes in the next release.
Friendly Password Reset
When users click the Reset Password link in the login screen, they now receive an email with a link to reset their password. This means that all accounts created require a valid email address.
TLS - Coming Soon!
In one month, we will be improving our network security. Part of the security upgrade will require all connections to our application and web servers, including api.cloud-elements.com and console.cloud-elements.com, to use TLS version 1.2. While almost all modern browsers and software are capable of TLSv1.2, older software and browsers--especially those at least 4 years old--are not.
If you would like to test to see if your software is compatible with the security improvements, you can connect to "api-test.cloud-elements.com" or "console-test.cloud-elements.com" (or "api-test.cloud-elemenst.co.uk" or "console-test.cloud-elements.co.uk" for EU users) which has the security improvements already installed. Please contact us for further questions on this transition.
Get started or check out these new features at my.cloudelements.io.