Software Products
- Identity and Access Management (IAM)
  - Systancia Access
    SSO authentication access control solution to make the access of applications simple and secure
    
    Discover the product
    
    Request a trial
  - Systancia Identity
    Centralize and monitor user account and authorization management
    
    Discover the product
    
    Request a trial
- Privileged Access (PAM)
  Learn in this ebook how to respond efficiently to service provider access issues thanks to PAM (Privileged Access Management).
  Download the ebook
  - Systancia Cleanroom
    Sterile and disposable virtual desktop for the administration of all your resources, on premise or cloud
    
    Discover the product
    
    Request a trial
- Virtual access (VDI)
  - Systancia Workplace
    Immediate access to your virtual desktop and all your applications, on premise or cloud
    
    Discover the product
    
    Request a trial
- Remote Access (ZTNA)
  - Systancia Gate
    Private network access solution “zero-trust” certified by ANSSI (National Cybersecurity Agency of France)
    
    Discover the product
    
    Request a trial
Cloud services
- Systancia Workroom
  - Systancia Workroom Session Service
    The secure remote access portal for all your applications in any situation (telecommuting, mobility, on-call, outsourcing, services, etc.).
    
    Discover the service
    
    Try for free
  - Systancia Workroom Desk Service
    The secure remote access portal to your virtual desktops and all your applications in any situation ( telecommuting), mobility, on-call, outsourcing, services, etc.).
    
    Discover the service
    
    Request a trial
- Systancia Cleanroom
  - Systancia Cleanroom Session Service
    Monitoring the access of empowered users and administrators to information system resources.
    
    Discover the service
    
    Try for free
  - Systancia Cleanroom Desk Service
    The sterile and disposable virtual administration office for monitoring access to information system resources by empowered users and administrators.
    
    Discover the service
    
    Request a trial
Solutions and use cases
- Telework
  
  In order to adapt to new practices in terms of mobility, teleworking or outsourcing, companies and organizations must allow employees to access the information system from outside via a transparent user experience in terms of ergonomics and performance, while guaranteeing the security of access from an uncontrolled workstation or network....
  Read the use case
- Regulatory compliance
  
  Compliance with multiple regulations is sometimes perceived as a constraint, but it is nevertheless necessary to ensure an effective IS security....
  Read the use case
- “SaaSifying” Applications
  
  Application virtualization allows organizations to make all their business applications available in SaaS mode....
  Read the use case
- Third party access (provider, ecosystem)
  
  To guarantee the adoption of users and the IT department, any IT solution must guarantee an optimal access and use experience while enhancing IS security and not be perceived as a constraint by the user....
  Read the use case
- Replacing an existing solution
  
  Regardless of whether it is a matter of guaranteeing IT security, optimizing the work experience or simplifying application management, companies and organizations may need to modernize and replace their obsolete IT solutions which no longer provide the innovations required to meet the challenges of digital inclusion....
  Read the use case
- Agility of access management
  
  Employee movements (turnover, internal rotation, outsourcing and mergers-acquisitions) require that the IT department benefits from real agility in order to facilitate these movements and increase the level of IS security....
  Read the use case
- Desktop or application virtualization
  
  Provide access to applications independent of the operating systems and devices used by an organization’s employees....
  Read the use case
- Access monitoring (traceability and access audit)
  
  Information system security (ISS) is mainly based on the security of its weakest link, which is also the essential element: the human being....
  Read the use case
- Digital Risk and Data Protection
  
  Due to the growing amount of data within companies and organizations, and the fact that these data are sometimes sensitive, it is essential to protect them against any potentially devastating risk of leakage, as we are reminded daily by the press....
  Read the use case
- The cloud as a lever
  
  For organizations, the cloud is a vector of flexibility and transformation of digital use, both for employees and the IT department. Contact us Photo credits : https://writix.co.uk Massively migrate the operating environment Today, IT departments must manage the rapid and asynchronous evolution of the various components of technologies such as server operating systems, applications, and workstations. Thus, server OSes progress at a different speed from the OS versions of the client devices, and an even different speed from business applications... Read More >>
Customer Success
Partners
Events
- Events
- Webinars
- Replays
Press
Blog

SystanciaBlogVirtualisationShould you outsource the administration of the Information System?

Should you outsource the administration of the Information System?

As mentioned in some of my articles ([01], [02]), IT security is not an option and must be a strategic focus for any organization. Indeed, in my opinion, IT security is both essential and fundamental in order to, among other things, protect the information assets of an organization.
Now, let’s focus only on outsourcing the administration of a network or part of a network. Indeed, due to a lack of human or financial resources, the executive committee of an organization may decide to entrust the administration of its Information System or dedicated applications to an external service provider (outsourcer).
Outsourcing is a fast way to improve performance, reduce costs or increase flexibility, but it must not be implemented without a minimum level of security and guarantees. Outsourcing administration does not clear customs or remove responsibility from the outsourced organization.
The following questions should be asked when outsourcing the administration of the Information System (non-exhaustive list):

Has the scope of actions entrusted to my external service provider been properly defined?
What is valuable for my organization?
What are the risks involved?
To what extent do I control these risks?
What are the feared threats?
What are the “security measures” taken by my service provider?
Does my service provider have (or should have) limitations concerning his actions?
To what extent can I control, monitor, and manage my service provider?
How should I manage (and protect) login credentials and authenticators?
How not to lose control of my IS?
Is my service provider familiar with IT security?

When it comes to risk management, the loop “know yourself – estimate yourself – insure yourself – reassure yourself” must always be the center of reflections and actions. To answer some of the previous questions, article [03] refers to the Security Assurance Plan as an important step to implement within an outsourced/outsourcer relationship.
In articles [04] and [05], I presented Systancia Cleanroom solution, which provides an answer to the remote administration issue and therefore to the need for controlled, managed, monitored and supervised outsourcing services.
The principle of Systancia Cleanroom solution is to provide a privileged user with virtualized environments (which are controlled, managed and initialized at each connection), in order to perform resource administration tasks in a secure, logged and monitored environment.
This disruptive solution therefore makes it possible to protect and supervise the privileged users’ work, but also to guarantee the security of the information assets of the outsourced organization.
Outsourcing the administration of all or part of your information system to a third party is therefore possible from a technical point of view (with a solution such as Systancia Cleanroom) but must not exempt the outsourced organization from having to ensure compliance with good security practices and a seamless collaboration with its external service provider. In the cybersecurity field, “trust” is the key word and it is not contradictory to outsourced administration activities. Finally, the contractor’s vigilance must be materialized by drafting the most explicit and exhaustive contractual clauses possible, whose application and rigorous monitoring are essential to the success of this collaboration.
Antoine COUTANT – Chief Cybersecurity Officer
References
[01]       Security is not an obstacle, Antoine COUTANT, November 2018.
https://www.systancia.com/en/security-is-not-an-obstacle/
[02]       Once upon a time in Cyberland, Antoine COUTANT, October 2018.
https://www.systancia.com/en/once-upon-a-time-in-cyberland/
[03]       PAMPrivileged Access Management. PAM is a technology for managing access and authentication of authorized users, usually information system administrators, to administrative resources or applications. The main objective is to secure... More should not exclude SAP, Antoine COUTANT, March 2019.
https://www.systancia.com/en/pam-should-not-exclude-sap/
[04]        How to secure IT administrators’ desktops?, Antoine Coutant, February 2018
https://www.systancia.com/en/how-to-secure-it-administrators-desktops/
[05]        The Cleanroom concept for a safe and secure administration, Antoine COUTANT, January 2019
https://www.systancia.com/en/the-cleanroom-concept-for-a-safe-and-secure-administration/

Published on 27 March 2019 by Systancia

Themes

PAM cybersecurity CIO CISO CTO

Should you outsource the administration of the Information System?

Do not miss these events:

GITEX 2020 – Xlabs with Redington Gulf “Never Trust, Always Verify”

How to provide a simple and fast secure access for your IT providers?

Remote Access: Have you asked yourself these 10 critical questions?

These articles may interest you :

Soliloquy around a consistent monitoring approach

How to secure IT administrators’ desktops?

After teleworking, are we heading towards a democratization of flex office?