ManageEngine Identity360' shared security and privacy responsibilities with customers
Identity360 provides seamless, one-click access to enterprise applications. It drastically reduces the administrative burden by automating provisioning, deproviosioning, and providing a centralized directory to manage identities across various platforms. Identity360 also offers valuable insights on user activities, application usage, access, and more.
As we strive to give you the best cloud experience, your security and privacy is also given the importance it deserves. ManageEngine, as the cloud service provider, and you, as the customer, have various roles to play to ensure data privacy and security. Let's take a look at the individual roles of ManageEngine, customer(you), and the shared responsibilities between ManageEngine and the customer to understand how this works.
Customer's responsibility
- Permissions given to users
- Setting strong passwords
ManageEngine's responsibilities
- Availability of services
- Application level controls
- Data storage
- Data security
- 24*5 technical support
- Disaster recovery
- Reporting any breach incidents
Shared responsibility
- Data management
- Encryption
- Awareness and training
- Policy and compliance
Shared responsibility
The following responsibilities require the combined efforts of both ManageEngine and the customers.
Data management
ManageEngine provides you with:
- Ability to set privileges for modules to prevent one user from accessing other user data based on privileges.
Customer's responsibilities:
- Report incidents of data breach to ManageEngine immediately.
- Notify your users and data protection authorities in case of any breach.
- Check the legal requirements for adding and processing data using our system.
- Assign appropriate privileges for those handling your data.
- Periodically review your users' access permissions.
Encryption
ManageEngine's responsibilities:
- Encryption of PII at rest and in transit.
Customer's responsibilities:
- Enable disk encryption on your devices.
Awareness and training
ManageEngine's responsibilities:
- Educate our employees about data-handling requests from the customers.
- If required, access a customer's data and log it for support purposes with the customer's approval.
- Regularly conduct security and privacy training for all employees to ensure they adhere to our security and privacy standards.
Customer's responsibilities:
- Educate your users on the risks related to a cloud environment, as well as standards and procedures for the use of our services.
Policy and compliance
ManageEngine's responsibilities:
- Adhere to policies and laws like GDPR, CCPA, and more depending on the region to ensure our customer data is handled appropriately.
- Review privacy policies and terms of service for third-party integrations and carries out operations.
- Securely migrate data from one region to another while following necessary guidelines for that region.
Customer's responsibilities:
- Enable or disable third-party integrations after reviewing what data will be shared with them.
- Review the terms and privacy policies of how your data would be stored, handled, and used in third-party apps.
- Evaluate all regulations and laws that are applicable to you and review our compliance with regulations and standards that are needed for your business.
- Before processing personal data, assess your lawful basis. If your lawful basis is consent, get the consent of your customers as well.