Security

What are the password security policies available on Mithi SkyConnect?

Password  complexity can be defined and enforced e.g. password should have 3  alphabets, 2 numeric characters and 1 special character. Minimum Password length  can be specified. Password age can be defined. After which it will  expire and force the users to reset their password. Password history can  also be defined to dissuade users from reusing recent passwords.

In  our environment, users sometimes need to share their credit card  numbers in the email. At no point this information should be available  to anyone working on the server (not even in logs). How does Mithi  ensure this content security in Mithi SkyConnect?

The solution components do not store any part of the message body in any of the logs. This will ensure that no part of the message is visible in the logs. Only the subjects are stored for troubleshooting and reporting. The only place the mail is delivered in its entirety is to the user's inbox and to the archival system (if configured). If you plan to host your domains on our cloud setup, you may want to  read more about the measures we have put in place to secure access to  your data. For more information refer the links Mithi SkyConnect SLA

Can we disable mobile access for certain set of users in SkyConnect?

SkyConnect supports standard protocols for services, which are used by the  clients, both desktop and mobile. Since the last mile connection to the  services happen over the same protocols, irrespective of where the  connection comes from (desktop, mobile or web), it is not possible to  enforce a policy for disabling mobile access for certain users.

The  workaround to this is to allow such users only web client access and  disable their POP/IMAP completely. This will ensure that these users  cannot access their mail neither from mobile nor from desktop clients  like Thunderbird or MS Outlook.
User set 1: Web client access only, no mobile, no desktop client access
User set 2: Web client access, mobile access, desktop client access
User set 3: No Web client access, mobile access, desktop client access.