Customer Responsibilities

“It takes a village…”

Elastica CloudSOC™ (“CloudSOC”) security operations service (“Service”) provides broad functionality for enabling organizations in securing the cloud services adopted as part of their “Extended Enterprise Infrastructure”. Elastic’s CloudSOC is provided as a multi-tenant, cloud-based service, accessible on the Internet via popular web browsers such as Internet Explorer, Chrome, and FireFox.

As a member of the Elastica CloudSOC community, subscribers should be proactive in recognizing the value, sensitivity, and need to safeguard the information provided by the service and access to the policy enforcement capabilities.

This document details CloudSOC user and customer responsibilities as they relate to acceptable usage of Elastica’s CloudSOC security operations service. It is the responsibility of Elastica customers and CloudSOC users to familiarise themselves with the information and procedures set forth below and comply with the service usage and notification requirements which are intended to maximize protection of CloudSOC users information assets and cloud service security posture.

Safeguarding of Assets and Information

“Keep your doors and windows locked…”

To safeguard information assets and policy enforcement capabilities available in the Elastica CloudSOC service, the subscribers’ IT governance processes should include end-user training regarding appropriate use and awareness of the need for securing access to their CloudSOC service account credentials.

As with most cloud services, access to Elastica’s CloudSOC service requires a login ID and password. When an organization subscribes to the Elastica CloudSOC cloud service, it is the client’s responsibility to manage which end users should be given access. Clients should also define when access should be taken away from the end users. For example, access must be revoked upon end users’ separation from employment or as part of departmental changes that result in change of duties or responsibilities. Only valid account credentials should be used by authorized users to access the Elastica CloudSOC service.

Elastica’s CloudSOC service should be considered sensitive and confidential by CloudSOC users. Users should follow information security best practices in ensuring access to their account credentials is appropriately limited, as well as ensuring that the information and functionality provided by the Elastica CloudSOC service is protected and restricted from unauthorized use.

Elastica CloudSOC service users are responsible for maintaining the security and confidentiality of their user credentials (e.g., Login ID and Password), and are responsible for all activities and uses performed under their account credentials whether authorized by them or not.

By establishing user credentials and accessing the CloudSOC environment, end users of the CloudSOC service agree to comply with these requirements to safeguard assets and account information.

Password Management

“Change the locks…”

Cloud-based services are accessible to the global Internet public, as a result, great care must be exercised by Elastica CloudSOC service users in protecting their CloudSOC subscriptions against unauthorized access and use of their credentials.

By establishing user credentials and accessing the CloudSOC environment, service end users agree to proactively protect the security and confidentiality of their user credentials and never share service account credentials, disclose any passwords or user identifications to any unauthorized persons, or permit any unauthorized person to use or access their Elastica CloudSOC accounts.

Any loss of control of passwords or user identifications could result in the loss of “Personally Identifiable Data (PII)” and the culpable account owner(s) may be liable for the actions taken under their service account credentials whether they authorized the activity or not.

Additionally, when establishing CloudSOC account credentials, end users are required to establish strong passwords following password strength and complexity best practices; passwords should not be easily guessable.

Process for Reporting Operational Issues

“Participate in Neighborhood Watch…”

On the occasion that Elastica CloudSOC users observe performances issues, problems, or service outages, users should contact Elastica immediately. Proactive reporting of operational issues provides “fixed for one, fixed for all” benefit for the entire Elastica CloudSOC community.

Incidents and Breach

“Call the authorities…”

By establishing CloudSOC account credentials or accessing Elastica’s CloudSOC service, end users of the service agree to notify Elastica immediately of any security incident, including any suspected or confirmed breach of security. Also, users of the service agree to logout or exit the service immediately at the end of each session to provide further protection against unauthorized use and intrusion.

Elastica CloudSOC users should also notify Elastica immediately if they observe any activity or communications in other forums that may indicate that other Elastica customers have had their CloudSOC accounts compromised.

Lastly, Elastica encourages users to practice responsible disclosure by notifying Elastica of any identified security vulnerabilities. Elastica is dedicated to providing secure services to clients, and will triage all security vulnerabilities that are reported. Furthermore, Elastica will prioritize and fix security vulnerabilities in accordance with the risk that they pose.

Complaints and Other Concerns

Elastica customers and CloudSOC end users are encouraged to communicate any complaints and concerns related to the Elastica CloudSOC solution. To facilitate thorough investigation and appropriate response, compliance should be provided in writing and provided via email or fax and contain as much detailed information as possible including:

  • Summary description of the issue
  • Contact details for all participants related to the complaint
    • Including company, full name, telephone numbers, email addresses, address
  • Date and time of complaint submissions
    • As well as related activities, observations, and events
  • Origin of the complaint
    • Including Elastica website information, function, mail headers, relevant CloudSOC module, function, effect, etc.
  • Any additional detail or information useful for understanding and investigation

Elastica encourages complainants to supply names and contact details and will not release this information except were required by legal mandate. Elastica will review all submitted complaints where sufficient detail has been provided but cannot commit to managing or resolving all complaints reported anonymously or submitted by individuals that are not current Elastica customers, or do not have active service contracts, or for issues that have been created by other networks, cloud service providers, technology vendors, or other contributing factors outside of Elastica control.

If Elastica CloudSOC users have other concerns they would like to discuss, please contact Elastica using the information below.

Contact Information

To notify the appropriate Elastica incident response or support personnel, please use the contact information listed below:

Elastica Address and Contact Information:

If you do not agree with these terms, please do not use this site.

Compliance Issues

“Obey the law…”

Regulatory requirements and industry mandates are continuously increasing in scope & depth and can vary from industry to industry. Elastica CloudSOC users agree to abide by the regulatory requirements, industry mandates, and other compliance requirements imposed on their organizations and understand that use of cloud-based services does not exclude the organizations from responsibilities for restricting access to application information and functionality.