Archived version
The following policy was in effect prior to December 1, 2021 and has been superseded by the current version.
Scope
This Cisco Cloudlock Users and Usage Policy (this “Policy”) is effective as of the date set forth above. Unless Your applicable purchase agreement or order for Cisco Cloudlock explicitly states otherwise, this Policy describes how to count Users for purposes of the various Cisco Cloudlock applications, as well as system usage limitations applicable to Your subscription. Terms used but not defined herein have the meaning set forth in the Universal Cloud Agreement at https://www.cisco.com/c/en/us/products/universal-cloud-agreement.html.
Counting Users
Core Cloudlock Applications
The “Core Cloudlock Applications” are licensed in bundles based on the quantity of applications selected. Each Core Cloudlock Application corresponds to a supported software-as-a-service application such as Box, Google etc. (each a “Covered SaaS Environment”). As of the date set forth above, the Core Cloudlock Applications include Cloudlock for Google, Cloudlock for Salesforce, Cloudlock for Dropbox, Cloudlock for Box, Cloudlock for Microsoft Office365, Cloudlock for ServiceNow, Cloudlock for Spark, and Cloudlock App Connector for Slack.
For the Core Cloudlock Applications, “Users” means the number of unique accounts (active, suspended or otherwise) on the applicable Covered SaaS Environment(s), determined by the Core Cloudlock Application having the highest number of unique accounts. For example, if You want Cisco Cloudlock coverage for Google and You have 10,000 unique accounts on Google and You also want Cisco Cloudlock coverage for Dropbox and You have 5,000 unique accounts on Dropbox, You should purchase a 2 application bundle for 10,000 Users for the Core Cloudlock Applications.
Cisco Cloudlock App Discovery Add-On License
For Cisco Cloudlock App Discovery, “Users” means Your employees and contractors with access to Your network. You require a User license for each employee and contractor with access to Your network and whose network traffic passes through the applicable Data Source(s). “Data Source(s)” means the then-current Cisco Cloudlock supported network data sources for App Discovery.
Cisco Cloudlock for Salesforce Add-On Licenses
A “Salesforce Communities Log-In User” is a User of Salesforce Communities with a login-based license that consumes a login each time he or she logs into the community.
A “Salesforce Communities Named User” is a User of Salesforce Communities with a member-based license allowing such users to log in to communities as often as he or she wants.
Cisco Cloudlock for Okta and OneLofin Add-On Licenses
For the Cisco Cloudlock Add-on Licenses for Okta and OneLogin, “Users” means the number of unique accounts (active, suspended or otherwise) on the applicable Okta or OneLogin environment.
Student Licenses
A “Student License for Higher Ed” covers a User that is a student of a higher education institution. Student Licenses for Higher Ed for the Core Cloudlock Applications include the UEBA and Apps Firewall use cases but not the DLP use case.
A “Student License for K-12” covers a User that is a student of a K-12 institution. Student Licenses for K-12 for the Core Cloudlock Applications include the DLP and Apps Firewall use cases but not the UEBA use case.
Overages
Except as provided below for App Discovery, You are responsible for purchasing additional User licenses if you exceed the purchased quantity during a subscription term. Mid-term purchases will be pro-rated to align with the subscription term remaining as of the purchase date. For App Discovery, You may increase the number of Users by up to twenty percent (20%) of the total number of then current purchased quantity of Users without incurring any additional charges.
Usage Limitations
The following limitations apply to Your use of Cisco Cloudlock:
| Metric | Limit |
|---|---|
| Number of users | Subscription limited to an applicable quantity of Users set forth on the Order in the aggregate across all Tenants (e.g. the User limit is not per Tenant). |
| Number of Tenants* | Unless the Order specifies otherwise, Your subscription is limited to a single Tenant for each of the applicable cloud applications covered by Cisco Cloudlock. A “Tenant” means a single installation, instance, or org of the applicable Covered SaaS Environment. For example, one Tenant is one Google Apps installation or one Salesforce Org. |
| Number of Active Policies* | Up to 30 Active Policies are permitted. “Active Policy” means a predefined policy that comes with Cisco Cloudlock or a policy You create to the extent any such policy is flagged as active within Cisco Cloudlock. |
| Enterprise API Limits* | Up to 100 Enterprise API requests per User license (measured in the aggregate: 100 x number of Users covered under the subscription), but not to exceed 10,000 Enterprise API requests per day in the aggregate. An Enterprise API request is an incoming request to Cisco Cloudlock from an external system. This limit does not apply to other API calls between Cisco Cloudlock and the applicable external application. |
| Retroactive Monitoring Scans* | Retroactive Monitoring scans are available only for certain Cloudlock supported platforms, including Cloudlock for Google, Cloudlock for Microsoft Office365, Cloudlock for Dropbox, Cloudlock for Box, and Cloudlock for Salesforce. Retroactive Monitoring scans must be requested through Cisco Cloudlock Support. “Retroactive Monitoring” is the ability to assess Your entire data set at-rest for policy violations including all historic available data objects in the applicable cloud application. You are permitted up to 1 Retroactive Monitoring scan per quarter for Cloudlock for Google, Cloudlock for Microsoft Office365, Cloudlock for Dropbox and Cloudlock for Box, except for Student Licenses. For Student Licenses and for Cloudlock for Salesforce, You are permitted up to 1 Retroactive Monitoring scan per year. |
| Number of Data Assets* | Up to 1,000 Data Assets per User license (measured in the aggregate: 1000 x the number of covered under the subscription). “Data Asset” means a single discrete file, record, document or other object within the applicable cloud application. |
| Test/Development Environment* | Unless the Order specifies otherwise, each Cisco Cloudlock subscription includes 1 Test/Development Environment. “Test/Development Environment” means an environment on Cisco Cloudlock that You are authorized to use for test and development purposes. You are authorized to have up to the lesser of 1,000 Users in the aggregate or the number of User licenses purchased for the Core Cloudlock Applications. |
| Number of App Discovery Data Source | Not to exceed 2 Data Sources per customer and up to 5 appliances across the Data Sources |
| Average Source IPs for App Discovery | You may have on average up to 5 source IPs per licensed User of App Discovery. |
*Not applicable to App Discovery
Updated over 2 years ago