Least privilege: a key principle for the security of the Information System The least privilege principle consists in limiting the rights/authorizations of any individual on the information system to only those applications/data that are necessary for his missions. This principle appears in many guides relating to cybersecurity, in particular in documents published by the National Cybersecurity Agency of France – ANSSI (PA-022 – recommendations relating to the secure administration of information systems or PG-040 – recommendations for the implementation of system partitioning) or in the rules issued by the French MPL (Military… Read More >>
ATAWAD: What about security? The term ATAWAD, which stands for “Anytime, Anywhere, Any Device”, refers to a fundamental trend made possible by the hyper-connectivity and interoperability of devices used by everyone. However, this expression omits an essential aspect, which in this case involves hyper-connectivity and interoperability: security. ATAWAD: What is it? ATAWAD is the fact of having access to your applications regardless of the device used, anywhere and anytime. For example, if you watch a program on a VOD platform such as Netflix at… Read More >>
Working from home : Cybersecurity tips to follow The latest transport strikes and the isolation of millions of employees to slow the spread of Covid-19 have been the vectors for massive teleworking in 2019 and 2020. The wide use of telework is not without risks for organizations’ information systems. Companies and organizations have less control over the networks, equipment and actions of their employees and, at the same time, must cope with an increase of cyber attacks from entities hoping to take advantage of this situation. Telework :… Read More >>
VPN vs ZTNA Since the democratization of Internet at the end of the 1990s, the VPN (Virtual Private Network) has been used by companies to provide their employees with private and secure remote access to their information systems. Nowadays deployed in many organizations, the VPN still presents some risks to the integrity of information systems. To overcome this issue, ZTNA (Zero Trust Network Access) solutions, which are much more secure, are gradually replacing the VPN within organizations. VPN: connecting two networks of trust… Read More >>
Workplace Experience, a challenge for companies in 2020? The Workplace Experience corresponds to all the experiences of an employee within an organization. These experiences will be decisive for his professional development, his ability to create value by aggregating skills and knowledge through a maximized collaboration, and ultimately to participate to the achievement of the organization’s objectives. Keys to a successful Workplace Experience The availability of a unique work environment, regardless of the access device, regardless of whether the user is at the company’s premises or on the move,… Read More >>
What exactly is Privileged Access Management? If you work in the IT industry, you’ve probably already heard terms like “Privileged Access Management” (PAM) and “Privileged User Management”. But you didn’t say anything because you didn’t know exactly what it was all about. Don’t worry, in this blog post you’ll learn everything you need to know about Privileged Access Management. PAM according to the Gartner According to the Gartner, “Privileged Access Management” (PAM) solutions are designed to help organizations provide a secure and privileged access to critical… Read More >>
Continuous Authentication : When Behavioral Analysis Guarantees Your Identity Many authentication methods exist nowadays. The most well-known of them is by using the login/password pair. For a better secured access to the information system, many organizations have implemented a multi-factor authentication (MFA), especially for IS administrators. But once authenticated, what guarantees that it is the same person behind the screen, mouse or keyboard? Continuous authentication : what is it ? Continuous authentication is a permanent authentication based on the user’s behavior on the workstation. Via the Machine Learning, a… Read More >>
ZTNA : A look back to the Zero Trust concept In its Market Guide for Zero Trust Network Access (ZTNA), Gartner estimates that by 2022, 80% of new business applications open to a partner ecosystem will be accessible via a ZTNA solution. According to Gartner, by 2023, 60% of companies will have replaced their remote VPN access with the ZTNA remote access. Zero Trust is therefore emerging as one of the key issues for CIOs and CISOs in the coming years. ZTNA / Zero Trust : what are the origins… Read More >>
Cybersecurity: a cost that generates savings For organizations, the deployment of cybersecurity solutions represents a significant and yet essential cost. The challenge is to avoid cyber attacks (internal or external to the organization) and therefore their financial consequences (among others). However, this cost must be seen in the context of potential savings that can be realized when a cyber attack fails thanks to the cyber security solutions deployed by the target organization. In their ninth annual study “The cost of Cybercrime” [01], Accenture Security and the… Read More >>
Password vault : its potential for cybersecurity Are you one of the 83% of Internet users who use the same credentials for several sites? If the answer is 011011110111010101101001, it means that it may be time to consider using a password “vault”. Password “vault”, what is it? By using a password “vault” or password manager, all passwords are secured. For example, it is possible to create unique and robust passwords for all applications, so you don’t forget them. The main features of a password “vault”: Data storage… Read More >>