Zywave MFA Model
Zywave MFA Model
In efforts to strengthen our security positioning, IT is continuing to onboard all SaaS applications through Single Sign On (SSO) and MFA where it is deemed appropriate.
While adding MFA to every application increases security, it can also create MFA fatigue on the part of the end user. With this in mind, we are taking a new approach to how we classify and group applications into the model below.
Low Risk Applications:
These are applications that do not contain sensitive business data, or systems which require more generalized access and pose minimal risk.
These applications will be structured as laid out below:
- Access will be allowed from any device (Zywave managed and personal devices, alike)
- MFA will be required when accessing the application from any unmanaged (personal) device
- 1 hour grace period from personal device
- MFA will not be required if traffic originates from a Zywave managed device
High Risk Applications:
These are applications that may contain sensitive business data or assets. These can range from marketing tools to sales tools and more.
These applications will be structured as laid out below:
- Access will be permitted only from a Zywave managed device
- MFA will be required when the first application of this grouping is accessed each day.
- After the first application is accessed, an 8-hour grace period will be applied for other apps within this grouping
- After an 8-hour grace period, the next application accessed will prompt for MFA
Privileged User Authentications:
These are applications where we keep sensitive information regarding configurations and possibly other credentials.
These applications will be structured as laid out below:
- Access will be permitted only from a Zywave managed device
- MFA will be required when the first application of this grouping is accessed each day.
- After the first application is accessed, a 2-hour grace period will be applied for other apps within this grouping
- After a 2 hour grace period, the next application accessed will prompt for MFA
Application MFA Level Classification - Application MFA Level Classifications.xlsx