Complying with the NIS2 directive

GDPR, CSA, CRA, NIS (NIS 2), DORA, LPM, SOX, PCI-DSS, SOC2, HIPAA, TISAX, IEC42663, NIST800-53, ISO27001/27002, ANSSI PA022/PAMS, … Whether legal, industry-specific or cybersecurity-related, regulatory obligations are multiplying, and increasing the pressure on a growing number of companies and organizations. This is obviously the case with the NIS 2 directive, whose national transposition is expected to come into force in October 2024, to become applicable in the months and years to come. In this article, we unfold the NIS2 directive, and… Read More >>

Simplified and secure identity management: the keystone of your zero trust strategy

How to secure the access of an employee working from home who uses a computer not controlled by the company, and who has access to your internal resources? With working form home employees accessing their applications located inside the company network, the usual protection offered by the company’s internal network (FireWall, VPN) is no longer sufficient. At the same time, how to secure access to applications for a group of employees whose rights are suddenly modified after a major change… Read More >>

pam évolutif

Scalable PAM: adapting the control level to the context of the interventions

Privileged Access Management (PAM) is a major security issue for organizations insofar as it allows the IT department to control who does what on its information system and to ensure the total security of privileged accounts. However, some PAM solutions offer a wide range of functionalities that are sometimes not suitable for some organizations that may have limited use of these privileged users. For this reason, deploying a scalable PAM product that adapts to the organization’s current context and can… Read More >>

ztna as a service

ZTNA as a Service: Guarantee business continuity in any situation

If Covid-19 proved that allowing remote access to the information system was essential to the continuity of an organization’s activity, the multiplication of cyber attacks and the constant evolution of needs show the importance of ZTNA as a Service. ZTNA (Zero Trust Network Access) allows to secure remote access by applying the principle of least privilege. Its deployment as a cloud service allows it to adapt to the need for flexibility of companies that must deal with external constraints and… Read More >>

mots de passe

Passwords: good practices to follow

Although they are regularly criticized, passwords are still the most widespread means of authentication. If the passwordless approach tends to develop and to limit their use, they will remain, in many cases, the only means of authentication. To overcome the vulnerabilities of passwords, several good practices must therefore be implemented in order to strengthen the access security. Secure your passwords in 4 steps When it comes to passwords, you probably already know the most common best practices. However, not all… Read More >>

télémaintenance

Remote maintenance: Which tools should you choose?

Although remote maintenance is essential to the proper operation of organizations, it has certain cyber risks related to remote accesses. These risks can be reduced or even eliminated by using the right IT tools. Several solutions are commonly used for remote maintenance, such as remote-control software, VPNs, ZTNA (Zero Trust Network Access) or PAM (Privileged Access Management) solutions. However, these solutions are not equal in terms of cyber security. Remote maintenance: a performance challenge but also a cyber risk The… Read More >>

fraude au président

Fake President fraud: a scam that takes advantage of the teleworking boom

Like ransomware, the Fake President fraud has taken advantage of the massive telework due to the health crisis to take off again since 2020. While in the case of ransomware, remote access technologies unsuited to telework are to blame, in this case it is the lack of face-to-face social interaction that is one of the major causes of the increase in this type of scam. How does a fake president fraud work? In a fake president fraud, a swindler who… Read More >>

Logiciels de prise de contrôle à distance

Remote Control Software: A Dangerous Practice in a Telework Situation

Although not suitable for teleworking, remote control software is unfortunately one of the tools used by companies to allow their employees to access their office workstations from home, from a personal computer. The relatively simple use of remote control software has sometimes made the security risks associated with this type of product seem less important. Remote control software is intended for remote maintenance with a user responsible for initiating the connection and monitoring the actions performed and is therefore clearly… Read More >>

Fuites de données

Data Breaches: Can We Avoid Them?

Data breaches are one of the most feared events for companies, since they discredit the company’s ability to protect its confidential data, including the personal data of its customers. If computer attacks are to blame, these data breaches are also sometimes due to the company’s employees: in most cases, they come from a simple human error, but it can also be a case of data theft ordered to an employee by a competitor of the target company, or an employee… Read More >>

Comment lutter contre le shadow admin ?

How to Fight Against Shadow Admin?

When it comes to privileged accounts, traceability is essential, but it is sometimes compromised by the use of shadow admin. This traceability, as well as real-time or a posteriori control of the administration actions allowed by the PAM (Privileged Access Management) should however be exhaustive to effectively protect the information system…. Read More >>