ATAWAD: What about security?

The term ATAWAD, which stands for “Anytime, Anywhere, Any Device”, refers to a fundamental trend made possible by the hyper-connectivity and interoperability of devices used by everyone. However, this expression omits an essential aspect, which in this case involves hyper-connectivity and interoperability: security.

ATAWAD: What is it?

ATAWAD is the fact of having access to your applications regardless of the device used, anywhere and anytime. For example, if you watch a program on a VOD platform such as Netflix at home in the evening on your TV and then continue the next morning on the train from your smartphone, that’s ATAWAD.

“Anytime” implies that you can access your applications whenever you want: on a business day, a holiday, during the day or in the middle of the night. “Anywhere” means that you can access these applications from any network, wired, Wi-Fi, 4G, etc., whether controlled or not. “Any Device” applies to any connected object, mainly PCs, smartphones or tablets, but also to connected watches, smart TVs, etc.

In a private context, ATAWAD has almost become a standard. For individuals, the security issues are lower than for organizations, and this is one of the reasons why ATAWAD has become so popular.

The security issue in a professional context

It is in a professional context that the concept of ATAWAD can be problematic from a security point of view. For companies and administrations, the stakes in terms of data protection or integrity of the information system are hardly compatible with this hyper-connectivity and interoperability.

Among the challenges of ATAWAD within companies there are non-controlled workstations. The BYOPC (Bring Your Own PC), is a trend that has increased in the last few weeks with the massive deployment of teleworking due to the containment. Many employees use their personal computer to access their organization’s information system from home. This raises the question of the compliance of the workstation accessing the information system. If the IT department is unable to control the device used by the employee, it must then be able to control the compliance (integrity and security) of these workstations that connect to the organization’s resources. This may involve rules validating, for example, the presence of an antivirus, a firewall or updates. The use of a ZTNAZero Trust Network Access. The ZTNA is a name describing products that apply a "Zero Trust", or lesser privilege, policy in the area of external access. The objective is to... More (Zero Trust Network Access) solution such as Systancia Gate allows to check the compliance and integrity of these workstations.

Furthermore, the network accessing the information system must also be taken into account. The concept of ATAWAD implies access to the information system from a potentially non-controlled network. In this case, the ZTNA has a role to play as well. For example, the Systancia Gate solution will provide secure access to selected information system resources, regardless of the type of user and the network to which he is connected, via a single access, with no incoming flow and no port opening.

The situation of the last few weeks shows us that the ATAWAD concept was approved by the organizations to continue their activity. Nevertheless, it must be accompanied by solutions ensuring the security of workstations and networks that are not controlled by the organization.