2FA Missing on Quarantine Website

We currently use SEA on-premise and restrict the quarantine site to local IPs. I tested the cloud version, but it does not have 2FA on the quarantine site. SSO does not count as 2FA. Both our government regulatory and cyber insurance company have said we cannot use the cloud version since 2FA is not implemented on the quarantine site. Does Sophos plan to put 2FA on the quarantine site? From a security perspective, I am surprised this is not in place. Also restricting login by IP would be great too.

Thank you,


Edited tags
[edited by: Raphael Alganes at 2:25 AM (GMT -7) on 6 Jun 2023]
Parents Reply
  • Sounds like debates I had 7-10+ years ago lol...even the US Govt is moving to the cloud, GovCloud and other FedRAMP services. As for CyberInsurance we work with some Insurance companies. I wouldn't say being on premise prevents the business from being hacked and sure you wouldn't either. Mailbox compromise doesn't care where the server sits, cloud, premise. I've run corporate systems onsite and in the cloud and while companies may bring some services back in house they cannot sustain inhouse for all services, well unless they are not doing payroll, insurance, 401k, travel, salesforce etc.... thanks for the discussion...