Massive teleworking: GHU Paris Psychiatry & Neurosciences adopts Systancia Gate to allow its hospital staff to work from home without compromising the IT security of the healthcare entity.

Paris, April 20, 2020 – Systancia, a European specialist in cybersecurity and application virtualization solutions, is supporting the University Hospital Group from Paris – GHU Paris psychiatry & neurosciences, with the deployment of Systancia Gate, its teleworking solution. During this health crisis period, the solution is provided free of charge as a Cloud service thanks to OVHCloud. This collaboration allows employees to work remotely, without compromising the hospital group’s entire IT system.  

Amré ABOU ALI, Chief Information Systems Security Officer (CISO) at GHU Paris, speaks about the deployment conditions of Systancia Gate and the benefits of this secure teleworking solution made in France. 

 

Covid-19: Promote teleworking without compromising the IT security of organizations. 

The GHU Paris contacted Systancia to provide employees whose functions allow it, an easy and secure access to their workstations from home: “We had implemented various actions before the announcement of the general containment in order to prepare for the telework context: provision of laptops when possible, securing remote access, etc. We had to give our employees seamless secure access to their own workstations to avoid vulnerabilities. We were already working with Systancia, so we approached the company – like other organizations – from the first weekend of containment,” explains Amré ABOU ALI, CISO of GHU Paris. 

As soon as the general containment was announced, in order to contain the spread of the Covid-19 epidemic, all organizations – including hospitals – had to continue providing working conditions for their staff by allowing them to work remotely.  

Placed in the front line to meet the increased demand for care due to the epidemic, hospitals also had to plan the implementation of massive teleworking, which was new for administrations but also for the hospital sector, which was discovering this practice very widely.  

 

Systancia Gate, for a secure and safe teleworking. 

Thanks to the efficiency and availability of Systancia’s teams and under the guidance of the entity’s Functional Support Coordinator, Antoine BARRACHON, Systancia Gate was deployed and configured very quickly, in just one weekend, allowing around a hundred emplyees working in various departments (HR, invoicing, communication, etc.) to continue their activities as best as possible.  

“It was easy to activate Systancia Gate. The implementation and user training was carried out without difficulty. The double authenticationPrimary or secondary authentication Authentication allows a user to guarantee his or her identity before accessing a resource or service. Primary authentication will give user access to the workstation (Windows login). Several authentication modes can be made available to users: login and password, smart or contactless cards, biometrics, mobile ... To classify an authentication mode it will be enough to rely on the principles of the 3 factors: "What do I have? ", " What do I know? ", " Who am I? ». The answers provided to these questions make it possible to say for a given authentication method whether it is "simple" or "double" factor. Secondary authentication is the access of a user to an application from an open session on a workstation. The application can be of any type: web, client-server, local to the workstation or external...... system protects remote access from 90% of standard attacks. In addition, the use of HTML5 technology allows users to access their remote desktop via their browser, which facilitates the use of the solution. No need to install an extension. On the other hand, it also separates the user’s actions on the desktop from those on the system, thus making both spaces sealed. With Systancia Gate, we are therefore able to allow our employees to work from home – whether they use their personal computer or not – while protecting the hospital’s information system,” adds Amré ABOU ALI, CISO of GHU Paris. 

Not a widespread practice in hospitals, massive teleworking cannot therefore be done to the detriment of hospital IT security while the Covid19 epidemic is still raging and putting the organization under great pressure. Not to mention the growing number of cyber attacks targeting hospitals (denial of service, phishing, ransomware, etc.). 

The Systancia Gate solution, based on the principle of Zero Trust (ZTNAZero Trust Network Access. The ZTNA is a name describing products that apply a "Zero Trust", or lesser privilege, policy in the area of external access. The objective is to provide strictly indispensable access to an external user so that he can carry out the necessary tasks within the framework of his work without giving him superfluous rights or access that could represent a risk for the security of the information system. Access policies are defined according to : the identity of the user, possibly reinforced by two-factor authentication mechanisms, its connection conditions, such as its connection location or the health of the terminal used for the connection. The ZTNA makes it possible to give very fine and granular accesses to the information system differentiated according to the user, whether he is an internal teleworker or a service provider. This approach strongly limits the risks of intrusion or infection of the information system.... – Zero Trust Network Access), allows to use any desktop, including personal computers, to enter the network of companies, administrations or hospitals, which would not be possible with an older technology such as VPNVirtual Private Network. VPN is a technology that simulates a local area network between two trusted networks. In practice this allows two elements (workstations, servers, printers, etc.) to communicate with each other even though they are not physically located in the same computer network. Since communication between these two networks passes through a public network in most cases, VPNs incorporate security mechanisms to ensure that communication between the two networks cannot be intercepted by a third party to ensure confidentiality. This technology is very practical in the context of companies deployed in several locations that need to share computer resources, such as file sharing. For ease of use, this technology has been adopted by IT departments in cases where teleworking is used by considering the remote user's workstation as an extension of the company's computer network even though this workstation is not part of a trusted network.... (Virtual Private Network). Deployed in just a few hours, Systancia Gate allows the provide to several thousand workers the same working environment as the one used daily at the office.  

Hospitals information systems are fragile. They are hyper-connected and generate numerous flows, in particular the circulation of highly sensitive health data coveted by hackers who may use it to request a ransom. It is therefore essential to take all possible security measures. 

 

About the University Hospital Group (GHU) Paris psychiatry & neurosciences 

On January 1, 2019, the Maison Blanche, Perray-Vaucluse, and Sainte-Anne hospitals joined forces to become the University Hospital Group (GHU) Paris psychiatry & neurosciences. With 170 places of medical care (ambulatory, hospitalization, emergencies) spread throughout the French capital, the three merged entities have become the leading hospital player in Paris for mental illness and nervous system disorders. A total of 66,000 users, i.e. 1 Parisian out of 40, are welcomed each year by the 5,600 health professionals of the GHU, which employs 600 doctors. With its university character, the GHU Paris stands out for its training, teaching and research in psychiatry, neurological disorders and empowerment www.ghu-paris.fr. 

 

About Systancia 

At Systancia, we value ingenuity to innovate. We blend application virtualization, cybersecurity and artificial intelligence to create unique, award-winning and certified solutions. Behind every workplace, there is a person who deserves to be empowered and trusted. This is our belief and our goal. This is why hundreds of public and private organizations choose Systancia, to unlock the potential of everyone, in full trust. With all our R&D in France, we sell our application virtualization (VDI)An access window to a remote desktop or applications. The virtualization of desktops or applications consists of displaying applications or a desktop on the user's computer, which are installed or run on a group of machines remote and independent of the user's computer. The user's workstation is thus transformed into a simple access window. This group of machines (virtual or not) can be located in an internal corporate network or in the cloud. In the case of application virtualization, the user sees the virtualized applications on his own desktop like other applications. Virtualized applications are independent of the operating system on the user's desktop. In the case of desktop virtualization (VDI Virtualisation Desktop Infrastructure), it is the user's desktop with its applications that is virtualized. The virtualized desktop or virtualized applications are independent of the user's operating system. The advantages of desktop virtualization include speed of execution (the user benefits from the power of remote machines), ease of use for the administrator who manages as many machines as they wish centrally, enhanced security, excellent overall cost, ease of managing updates, etc...., private access (ZTNA), privileged access management (PAMPrivileged Access Management. PAM is a technology for managing access and authentication of authorized users, usually information system administrators, to administrative resources or applications. The main objective is to secure the information system by removing unauthorized access to sensitive resources. This protection is based on two main axes: management of the injection and life cycle of passwords used in administered resources and administration applications, the traceability of all the actions carried out when connecting users with a power of nuisance on the information system, in the form of audit or video traces. The users with malicious power concerned by the PAM may be internal users of the information system, such as system administrators or users handling sensitive data, as well as external users such as infomanagers or remote maintenance personnel....) and identity and access management (IAM)A set of processes that manage a user's identity on the network. Identity and Access Management (IAM) is the set of processes that manage a user's identity on the network. It includes the following different segments: access management (AM), authentication, privilege account management (PAM), identity administration and governance (IGA). It is generally misused to refer to IGA. The functional scope of IAM is very broad. It will include functionalities allowing - to authenticate a user on the network (primary authentication), - manage its authorizations, the life cycle of its identity and the accounts associated with it, - to guarantee the traceability of his rights, as well as the actions carried out by/on him. To illustrate, the IAM makes it possible to simply assign the rights of a collaborator and to make them evolve according to his current situation. The fact that they belong to the company, and the function that determines their access authorization to certain applications, are taken into account in real time and integrated into the information system.... solutions across the globe, with our valued partners.