Security Best Practices
With the evolving threat landscape, we strongly encourage our clients to take action that helps prevent unauthorized access to their Mitratech cloud products. Mitratech provides high availability and a responsive application experience, while behind the scenes there is a heavily secured environment with a multi-layered security approach protecting client data. Mitratech is committed to helping our clients be more secure when accessing our cloud service offerings, and we provide the following security features – available with Mitratech products – that provide additional layers of end-user validation or authentication:
Single Sign-On and Multi-Factor Authentication
- Single Sign-On allows for your company to implement your authentication best practices, such as password complexity, login attempts.
- Multi-Factor Authentication requires all login attempts to have both authentication credentials and additional authentication factors.
- Mitratech has partnered with the industry leading cryptography provider for our FIPS 140-2 compliant encryption at-rest solution. This partnership protect client data within Mitratech’s cloud environment.
- With the cooperation of our partner we have developed a unique solution for the key management. Mitratech has no access to export or modify these keys.
Security Awareness Training
- As part of Mitratech’s priority on security we have instituted intensive security awareness training for all employees, which includes more advanced training on security depending on the level of access to sensitive client information. All employees are required to pass an exam to continue within their job.
- Mitratech highly recommends phishing education for all Mitratech cloud client users. Many security incidents happen due to clicking on links or opening attachments of suspicious emails; this type of security attack is called phishing.
Session Timeout Thresholds
- One of the most common vulnerabilities involves session management. They key to effective session management is to find the shortest timeout that will still allow for productivity. Mitratech currently suggests a 15-30 minute timeout period. Avoiding persistent logins and enforcing reasonably short session timeouts help to secure key business data and prevent unattended sessions from attracting wrongdoers.
Report a Security Concern
For security-related questions, information, or reporting, contact security by emailing firstname.lastname@example.org