Sage 100

I feel the answer to this question is 'NOT' but told customer I'd ask anyway.

His request: 

Our insurance underwriter is requiring us to use MFA to retain our cyber insurance.  It appears that MFA is native to Sage.  Could you help us get started using it?


Ideas?  They don't use Unified Logon.  They are On-Premise Server (not hosted), not sure if they are even using virtual servers.  
Underwriters can't expect all software to have the MFA capabilities can they?  I could see implementing MFA at time of logging into Windows?  But how many people never log out of their computers at night?

Thanks in Advance
N

------------------------------
Nancy Hanson
Blytheco LLC
Eagan MN
------------------------------

It's native to Sage Intacct not Sage 100.

------------------------------
Doug Higgs
Midwest Commerce Solutions, Inc
(312) 315-0960
Chauffeur, Chef, and Personal Assistant to Sprinkles
------------------------------

I go through the same “audit” each year with a high security customer in healthcare. Their auditors provide a questionnaire with similar questions.

- we use unified login
- in turn we can answer that our password policy is the same as their network policy including forced changes and rules against reusing passwords
- we use Premium which allows safeguarding of the database

The biggest question we now get is over the Sage Administrator password and who has it ( I don’t ) and why.

From what I can tell this is mostly a checklist exercise and they don’t seem to get very many additional questions.

My takeaway from these exercises - unless retained to do otherwise - answer only the questions asked and don’t get into “did you know” or “what about”.

---------------------------------
Wayne Schulz
Schulz Consulting
860-516-8990
---------------------------------

@Wayne Schulz  Great comment  "My takeaway from these exercises - unless retained to do otherwise - answer only the questions asked and don't get into "did you know" or "what about"."​

When I had my first job out of college working in public accounting in the tax department, I thought I was doing a great job by being very detailed in my explanations on tax forms.  The partner reviewing my work told me to not be so detailed.  In fact be as vague as possible revealing only the minimum explanation needed. Don;t open yourself up to additional scrutiny.


------------------------------
Doug Higgs
Midwest Commerce Solutions, Inc
(312) 315-0960
Chauffeur, Chef, and Personal Assistant to Sprinkles
------------------------------

Original Message:
Sent: 10-01-2021 07:35
From: Wayne Schulz
Subject: MFA & Sage

I go through the same "audit" each year with a high security customer in healthcare. Their auditors provide a questionnaire with similar questions.

- we use unified login
- in turn we can answer that our password policy is the same as their network policy including forced changes and rules against reusing passwords
- we use Premium which allows safeguarding of the database

The biggest question we now get is over the Sage Administrator password and who has it ( I don't ) and why.

From what I can tell this is mostly a checklist exercise and they don't seem to get very many additional questions.

My takeaway from these exercises - unless retained to do otherwise - answer only the questions asked and don't get into "did you know" or "what about".

---------------------------------
Wayne Schulz
Schulz Consulting
860-516-8990
---------------------------------