ATAWAD: What about security? The term ATAWAD, which stands for “Anytime, Anywhere, Any Device”, refers to a fundamental trend made possible by the hyper-connectivity and interoperability of devices used by everyone. However, this expression omits an essential aspect, which in this case involves hyper-connectivity and interoperability: security. ATAWAD: What is it? ATAWAD is the fact of having access to your applications regardless of the device used, anywhere and anytime. For example, if you watch a program on a VOD platform such as Netflix at home in the evening on your TV and then continue the next morning on the train from your smartphone, that’s ATAWAD. “Anytime” implies that you can access your applications whenever you want: on a business day, a holiday, during the day or in the middle of the night. “Anywhere” means that you can access these applications from any network, wired, Wi-Fi, 4G, etc., whether controlled or not. “Any Device” applies to any connected object, mainly PCs, smartphones or tablets, but also to connected watches, smart TVs, etc. In a private context, ATAWAD has almost become a standard. For individuals, the security issues are lower than for organizations, and this is one of the reasons why ATAWAD has become so popular. The security issue in a professional context It is in a professional context that the concept of ATAWAD can be problematic from a security point of view. For companies and administrations, the stakes in terms of data protection or integrity of the information system are hardly compatible with this hyper-connectivity and interoperability. Among the challenges of ATAWAD within companies there are non-controlled workstations. The BYOPC (Bring Your Own PC), is a trend that has increased in the last few weeks with the massive deployment of teleworking due to the containment. Many employees use their personal computer to access their organization’s information system from home. This raises the question of the compliance of the workstation accessing the information system. If the IT department is unable to control the device used by the employee, it must then be able to control the compliance (integrity and security) of these workstations that connect to the organization’s resources. This may involve rules validating, for example, the presence of an antivirus, a firewall or updates. The use of a ZTNAZero Trust Network Access. The ZTNA is a name describing products that apply a "Zero Trust", or lesser privilege, policy in the area of external access. The objective is to provide strictly indispensable access to an external user so that he can carry out the necessary tasks within the framework of his work without giving him superfluous rights or access that could represent a risk for the security of the information system. Access policies are defined according to : the identity of the user, possibly reinforced by two-factor authentication mechanisms, its connection conditions, such as its connection location or the health of the terminal used for the connection. The ZTNA makes it possible to give very fine and granular accesses to the information system differentiated according to the user, whether he is an internal teleworker or a service provider. This approach strongly limits the risks of intrusion or infection of the information system.... (Zero Trust Network Access) solution such as Systancia Gate allows to check the compliance and integrity of these workstations. Furthermore, the network accessing the information system must also be taken into account. The concept of ATAWAD implies access to the information system from a potentially non-controlled network. In this case, the ZTNA has a role to play as well. For example, the Systancia Gate solution will provide secure access to selected information system resources, regardless of the type of user and the network to which he is connected, via a single access, with no incoming flow and no port opening. The situation of the last few weeks shows us that the ATAWAD concept was approved by the organizations to continue their activity. Nevertheless, it must be accompanied by solutions ensuring the security of workstations and networks that are not controlled by the organization.