Question

A Chief Information Security Officer (CISO) implemented MFA for all accounts in parallel with the BYOD policy. After the implementation, employees report the increased authentication method is causing increased time to tasks. This applies both to accessing the email client on the workstation and the online collaboration portal.

Which of the following should be the CISO implement to address the employees' concerns?

A. Create an exception for the company's IPs.
B. Implement always-on VPN.
C. Configure the use of employee PKI authentication for email.
D. Allow the use of SSO.

Answer 1

The CISO should consider implementing Single Sign-On (SSO) to reduce the repeated authentication steps and improve the user experience for employees, in response to concerns over increased time for tasks due to MFA.

Step-by-step explanation:

To address the concerns of employees about the increased time to access systems due to Multi-Factor Authentication (MFA) implementation, the Chief Information Security Officer (CISO) might consider implementing Single Sign-On (SSO). SSO allows users to authenticate once and gain access to multiple systems without the need to log in again, thus decreasing the time spent on repetitive authentication processes.

Creating an exception for the company's IPs can reduce the security of the system by potentially exposing it to insider threats or targeted attacks from inside the network. Always-on VPN and the use of employee Public Key Infrastructure (PKI) authentication for email are both secure options, but they do not specifically address the concern of reducing the time spent on authentication.

SSO helps in simplifying the sign-on process while maintaining security, easing the employees' frustration with MFA, and also encouraging better compliance with the newly implemented BYOD policy. By reducing the frequency of authentication prompts, SSO can improve the overall user experience without compromising security.