Security Settings
Enforce Minimum Password Length | This enforces passwords to be a number of characters no less than length value entered |
Lock out users for 5 minutes after invalid password attempts | locks out users after the number of attempts has been reached |
Enforce password history | forces users to no use the same password as a previous password, up to the number of passwords remembered |
Enforce password expiry | passwords will expire in the number of days specified |
Escape Excel Formulas | This option is to avoid unintended formula evaluation. When this option is enabled, an apostrophe is inserted at the front of any value beginning with +, -, @, and =. |
length of Access Code generated | specify the character length of the random access code. This Access code is always one-way encrypted upon generation (and when in storage) |
Enable extended login sessions | Allows API login to remain for the number of days specified |
Data Encryption Key | See section below |
Parent urls that can Iframethis site | Entries get added to the "Content-Security-Policy" response header in the frame-ancestors section. This tells the browser to allow these sites to have Produce in an iframe. Be aware that this also lowers the security on cookies as they have "same-site" set to "none". Multiple urls can be added by separating them by a space. |
Data Encryption
WARNING: Do NOT lose the key material
If SmartIQ is no longer able to contact the chosen key wrapping technology, SmartIQ will NOT be able to decrypt or unwrap the DEK. Therefore, your data will be lost.
By default, SmartIQ enables Data Encryption for all cloud environments as well as all new installations by employing an industry standard technique known as key wrapping. Key wrapping is the process of encrypting one key using another key when transmitting and storing data.
SmartIQ uses the Data Encryption Key (DEK) to encrypt the data, which is then encrypted or wrapped using a Key Encryption Key (KEK). The wrapped DEK and KEK are stored/managed in distinct locations. Using key wrapping technologies ensures separation and provides another layer of encryption for different parties.
For example, SmartIQ has the DEK and the customer or tenant has their own KEK. This applies to the SmartIQ environment, as a whole. However, for multi-tenant environments, individual tenants have their own DEKs.
SmartIQ can integrate with the following key wrapping technologies:
Configuration Settings
Contact SmartIQ Support for information on how to configure the settings.
- Azure Key Vault
- AWS Key Management Service (AWS KMS)
- Hardware Security Modules (HSMs) via the PKCS#11 standard
Enabling Data Encryption
The Encrypt Data option will always be on by default for all new installations.
Rotating the Data Encryption Keys
Key rotation is the process of moving to a new Data Encryption Key (DEK). SmartIQ automatically rotates the key every 12 months for compliance with standards.
SmartIQ recommends rotating the DEKs regularly because DEKs are designed to encrypt and decrypt data multiple times. And from the moment of rotation, encryption is performed with the new/current DEK. Stored data might be encrypted using several DEKs over time.
To manually rotate the keys:
User Permission
Only users with Manage Security permission will be able to access the Security settings in Manage and manually rotate the key.
you will see the version and expiration date of the current Data Encryption Key. Rotate and save.
Note
The system may take up to ten (10) minutes for the previous key to be deactivated from the cache. Restart the site to force the system to use the new key.
Updated about 1 month ago