Private Cloud Database Password Management

Intro

As part of our standards to ensure the health and safety of your environments, we undergo rigorous routine audits, penetration testing, react quickly to new vulnerabilities, and follow industry best practices.

How does this impact my system?

For the most part, it doesn't. This should be relatively transparent for multi-tenant customers. Only those Private Cloud customers who have read-only database credentials need to be concerned with this.

Your account should either look like:

  • [customer name]_customer_user_ro or
  • [customer name]_ipaas_user_ro

Account Owners

When your organization requested this access, you should have been sent an encrypted email with the server's name, user name, password, and databases you will use to access the system. If you are a Private Cloud customer who doesn't already have this and is interested in it, you can request the service here and learn more about accessing the system here and here. TeamDynamix should ask you about a verified account owner(s). This person or small group should be the one who is primarily responsible for requesting that we add new IPs to the allow list, handle disseminating the credentials to anyone within your organization.

We do encourage you to pick more than one account owner in case the primary owner either leaves your organization or transitions to a new job title, but we do prefer to keep that list lean so it's easy to communicate and coordinate.

Will you regularly change my password?

No, we won't regularly change your password. While regular password rotation was once a common security practice, it can actually increase risks if not managed carefully. Here's why:

  • Verification Challenges: In the past, we rotated passwords annually. However, verifying the identity of the recipient at the customer end can be challenging. This creates a risk of credentials falling into the wrong hands.
  • Security Through Obscurity: We prioritize the secure internal storage of your credentials and the strength of the initial password. This approach, known as "security through obscurity," can be more effective than frequent rotation with weak verification processes.
  • Reduced Disruption: Regularly rotating passwords can be disruptive to your operations, requiring updates to various systems and applications. Our approach minimizes this disruption.

If for some reason we feel your password does need to change, we will contact the account owners.

What if I need my password changed?

You may reach out to us to rotate the user/password. This could be due to folks leaving the organization or just to get ahead on compliance. Please contact our Support Team by submitting a ticket here if you need your password changed.

Print Article

Related Articles (1)

Accessing Your TeamDynamix Private Cloud Database
A quick guide to what you can use to access your TeamDynamix database with customer read-only credentials (Private Cloud customers only). Contains serveral examples of how to connect and links out to additional resources on important tables, refresh schedules, and querying.
Loading...