HomeDocumentation and Guides
Home
Documentation and Guides

Cisco Cloudlock Users and Usage Policy

Effective December 1, 2021

Scope

This Cisco Cloudlock Users and Usage Policy (this “Policy”) is effective as of the date set forth above. Unless Your applicable purchase agreement or order for Cisco Cloudlock explicitly states otherwise, this Policy describes how to count users for purposes of the various Cisco Cloudlock applications, as well as system usage limitations applicable to Your subscription.

Counting Users:

Core Cloudlock Applications:

The “Core Cloudlock Applications” are licensed in bundles based on the quantity of applications selected. Each Core Cloudlock Application corresponds to a supported software-as-a-service application such as Box, Google etc. (each a “Covered SaaS Environment”). For example, Core Cloudlock Applications include Cloudlock for Google, Cloudlock for Salesforce, Cloudlock for Dropbox, Cloudlock for Box, Cloudlock for Microsoft Office365, Cloudlock for ServiceNow etc.

For the Core Cloudlock Applications, Cisco counts the number of Covered Users for the Core Cloudlock Application having the highest number of Covered Users. “Covered Users” means the total number of internet-connected employees, subcontractors and other authorized individuals covered by Your deployment of Cisco Cloudlock. For example, You purchase a subscription to two Core Cloudlock Applications, Cloudlock for Dropbox and Cloudlock for Salesforce. If You have 5,000 Covered Users on Dropbox and 2000 Covered Users on Salesforce, You would purchase a subscription for 5,000 Covered Users for two Core Cloudlock Applications.

Cisco Cloudlock for Salesforce Add-On Licenses:

A “Salesforce Communities Log-In User” is a User of Salesforce Communities with a login-based license that consumes a login each time he or she logs into the community.

A “Salesforce Communities Named User” is a User of Salesforce Communities with a member-based license allowing such User to log in to communities as often as he or she wants.

Student Licenses:

A “Student License for Higher Ed” covers a Covered User that is a student of a higher education institution. Student Licenses for Higher Ed for the Core Cloudlock Applications include the UEBA and Apps Firewall use cases but not the DLP use case.

A “Student License for K-12” covers a Covered User that is a student of a K-12 institution. Student Licenses for K-12 for the Core Cloudlock Applications include the DLP and Apps Firewall use cases but not the UEBA use case.

Overages:

You are responsible for purchasing additional Covered User licenses if you exceed the purchased quantity during a subscription term. Mid-term purchases will be pro-rated to align with the subscription term remaining as of the purchase date.

Usage Limitations:

The following limitations apply to Your use of Cisco Cloudlock:

MetricLimit
Number of Covered UsersSubscription limited to applicable quantity of Covered Users set forth on the Order in the aggregate across all Tenants (e.g. the Covered User limit is not per Tenant).
Number of TenantsUnless the Order specifies otherwise, Your subscription is limited to a single Tenant for each of the applicable cloud applications covered by Cisco Cloudlock. A “Tenant” means a single installation, instance, or org of the applicable Covered SaaS Environment. For example, one Tenant is one Google Apps installation or one Salesforce Org.
Number of Active PoliciesUp to 30 Active Policies are permitted. “Active Policy” means a predefined policy that comes with Cisco Cloudlock or a policy You create to the extent any such policy is flagged as active within Cisco Cloudlock.
Enterprise API LimitsUp to 100 Enterprise API requests per Covered User license (measured in the aggregate: 100 x number of Covered Users covered under the subscription), but not to exceed 10,000 Enterprise API requests per day in the aggregate. An Enterprise API request is an incoming request to Cisco Cloudlock from an external system. This limit does not apply to other API calls between Cisco Cloudlock and the applicable external application.
Retroactive Monitoring ScansRetroactive Monitoring scans are available only for certain Cloudlock supported platforms, including Cloudlock for Google, Cloudlock for Microsoft Office365, Cloudlock for Dropbox, Cloudlock for Box, and Cloudlock for Salesforce. Retroactive Monitoring scans must be requested through Cisco Cloudlock Support. “Retroactive Monitoring” is the ability to assess Your entire data set at-rest for policy violations including all historic available data objects in the applicable cloud application.

You are permitted up to 1 Retroactive Monitoring scan per quarter for Cloudlock for Google, Cloudlock for Microsoft Office365, Cloudlock for Dropbox and Cloudlock for Box, except for Student Licenses. For Student Licenses and for Cloudlock for Salesforce, You are permitted up to 1 Retroactive Monitoring scan per year.
Number of Data AssetsUp to 1,000 Data Assets per Covered User license (measured in the aggregate: 1000 x the number of Covered Users under the subscription). “Data Asset” means a single discrete file, record, document, or other object within the applicable cloud application.
Test/Development EnvironmentUnless the Order specifies otherwise, each Cisco Cloudlock subscription includes 1 Test/Development Environment. “Test/Development Environment” means an environment on Cisco Cloudlock that You are authorized to use for test and development purposes. You are authorized to have up to the lesser of 1,000 Covered Users in the aggregate or the number of Covered User licenses purchased for the Core Cloudlock Application.