PAM should not exclude SAP Before starting to play a board game, it’s customary to read the game rules. As part of an outsourcing service, it is also very important to establish the “rules of the game” between parties. In [01], the ANSSI (French National Cybersecurity Agency) states that, when using managed services, security should not be incompatible with outsourcing. For an organization whose IS administration is handled by a service provider, the inherent risks are generally related to the loss of control of the… Read More >>
The Cleanroom concept for a safe and secure administration A bastion is a military structure projecting outward from the wall of a fortress. In computer science, we can extrapolate the term “bastion” to a host deliberately exposed to an external, not trusted, network. In general, the purpose of a “cyber bastion host” is to protect a network or part of a network from external threats; it is therefore the most exposed element, the one that is most likely to be attacked . If a bastion “falls down”, the whole… Read More >>
Continuous authentication in Cyberia Security is a matter of compromise, a balance between confidentiality and convenience, control and efficiency. While it would be easy to restrict access to an Information System in order to protect sensitive business data, it would become impossible to make it a tool for productivity and growth, especially at a time when openness and collaboration are taken for granted. At the same time, the strict control and monitoring of “power” users has become of crucial importance given the recent cases… Read More >>
Telework: how to access your enterprise IS securely from home? On my way to telework, I got telepunched for over speeding on the information highway… and it cost me a hell of a telefine! Philippe GELUCK (“Le tour du chat en 365 jours”) Starting with the Macron Ordonnance of September 2017, any employee can request to telework in France. Besides revolutionizing managerial rules, telework allows an adapted organization of professional time by and for an employee. It should be reminded that, by definition, telework is performed outside the employer’s premises… Read More >>
I AM GDPR The EU’s General Data Protection Regulation (GDPR) intends to strengthen and unify personal data protection for all individuals within the European Union. This regulation imposes totally new requirements on how organizations must process such data, which means that companies must step up their efforts in information security management and associated investments. It is important to specify that the regulation (which is already in force, only the application of sanctions is postponed until March 2018) is binding for all companies, European… Read More >>
Feedback on the ANSSI’s qualification of IPdiva Secure, now Systancia Gate One of the keys to securing the information system of an organization is to deploy security products. Because of their importance in the security system, it is essential to have confidence in these products. Confidence refers to the idea that you can trust someone or something. The best way to measure confidence in a security product is to have a security evaluation, conducted by a recognized and independent body in order to “validate” the response to a specific problem. IPdiva… Read More >>
How to secure IT administrators’ desktops? The weakest link in a chain is the strongest because it can break it. Stanislaw Jerzy Lec Information Systems (IS) have developed considerably and are constantly progressing. The Information Systems Security is crucial from an economic and State standpoint, and even from a personal perspective. However, the Information Systems Security is based mainly on its weakest link, which is also the essential element: the human. The administrator who has a power and a very strong responsibility is no exception to… Read More >>