There are a variety of companies leveraging Workplace to meet their security and compliance needs, each requiring different degrees of control over data and systems access. The role of a Workplace Company Manager is to specify standards in accordance with their company's cybersecurity policies.
Companies should consider the amount of risk they are willing to accept when determining how they allow data to cross the Workplace environment.
Let's have a look at some of the key features you'll consider when configuring access to Workplace for your company and users.
Feel free to take notes as you read through this module, in case there are changes you would like to apply to your company settings.
Company-wide Security Options
- Password policy: At minimum, we recommend your company password policy includes:
- Password expiration: which allows you to set the user password to expire every 90 days,
- Password reuse: prevents users from reusing passwords after reset or expiration of previous x number of password.
You do have the option to allow a password reset so that the user can click "forgot password?" at login, and go through a password reset process without administrative intervention. There is some risk involved because the user receives a non-secure SMS code to reset their password. This might cause data to be compromised if a malicious actor obtained that user's phone number and was able to reset their password.
- Multi-factor authentication (MFA): Multi-factor authentication is critical to maintaining an overall secure environment. Remember, a chain is only as strong as its weakest link! Workplace supports a few different options for MFA:
- Workplace Sign-in Verification: Sign-in Verification is the recommended solution for MFA. When logging into Workplace, users will simply receive a notification on their phone or other mobile device which they can allow or deny a login.
- Symantec VIP: Symantec VIP is another secure solution for MFA. Login approval requires end users to enter a randomly generated code to approve their login. Workplace supports various Symantec VIP apps or physical tokens. For more information or licensing, contact your Customer Success Manager for assistance.
- Web app and Desktop app timeout: you will provide greater security by setting a user's Workplace Web, Windows and Mac apps to time out after a certain amount of idle time.
User Security Options
A few key features that company managers will want to consider enabling or disabling for their people are:
- SAML federated websites, which can enforce the restrictions that are applied via the conditional access policies.
- Location-based restrictions, where users are limited to using Workplace in specified countries only.
We'll demonstrate these features in a later module.