Secure Access Service Edge

Secure Access Service Edge: A Paradigm Shift

The network and network security world is experiencing, like any other technology, its digital revolution. The traditional vision of “inside the firewall” and “outside the firewall” has been shattered: Internet has become the network of the extended enterprise. Secure Access Service Edge: Trends Leading to a Paradigm Shift Moving from a “network-centric” architecture to a “user-centric” and “application-centric” architecture. On the one hand, the cloud and the decentralization of servers and applications in disparate clouds; on the other hand, the… Read More >>

vpn

VPN vs ZTNA

Since the democratization of Internet at the end of the 1990s, the VPN (Virtual Private Network) has been used by companies to provide their employees with private and secure remote access to their information systems. Nowadays deployed in many organizations, the VPN still presents some risks to the integrity of information systems. To overcome this issue, ZTNA (Zero Trust Network Access) solutions, which are much more secure, are gradually replacing the VPN within organizations. VPN: connecting two networks of trust… Read More >>

La pierre de Rosette de la gestion et la gouvernance des identités (IGA)

The Rosetta Stone of Identity Management and Governance

Identity and Governance Administration (IGA) is commonly defined as a centralized orchestration, through the application of security policies, identity management and user access control to an information system. This is the foundation of IT security and regulatory compliance for companies. In other words, it consists in setting up a formal framework to ensure that the right people have access to the right information, at the right moment and for the time strictly necessary to accomplish their missions. It seems simple… Read More >>

Identité et sécurité Security

Identity and security

Security is a global issue. The security approach has not changed much since Roman times. The idea behind defense-in-depth is to create concentric security circles around the sensitive assets to be protected. Each circle being designed to slow and potentially weaken the enemy’s attack until it is repelled or at the very least detected. We all know the structures of castles, moats, drawbridges and dungeons. Today, the defenses of equivalent modern information systems are called physical security, firewalls, authentication and… Read More >>

The human face of the workplace

The human face of the workplace

A world without users? “Automation”, “DevOps”, “Robotic Process Automation” (RPA), bots, chatbots and other robots, “artificial intelligence” (AI), … According to some people, users will disappear from the scene: the omnipresence of computing, called “digital”, will eventually replace them, do everything for them, and even do more and better than they do. Clearly, as the French song goes, “we are very little things, …”. Will dematerialization go so far as to dematerialize the user? Is there anyone still behind the… Read More >>

La gestion des identités dans les GHT

Identity management within Hospitals cluster

The GHT (Hospitals cluster in France), created by the Health Act 2016, bring together several hospitals in the same region in order to strengthen their collaboration. This involves, in particular, a shared management of hospital staff, but also the gradual unification of the Information Systems (IS) of hospitals in the same hospitals cluster. Identity management is one of the first building blocks to be implemented as part of IS merge, which must then adapt to a multi-LE (multi legal entity) context…. Read More >>

European Cybersecurity Act

European Cybersecurity Act : What certification process ?

In 2017, the European Commission published a series of initiatives to strengthen the EU’s resilience, deterrence and defense against cyber attacks. These measures include the proposal for a Regulation on ENISA and the certification of information and communication technologies for cybersecurity (European Cybersecurity Act). This regulation gives ENISA a permanent mandate and strengthens its expertise in prevention, consultancy and cooperation. The European Cybersecurity Act also includes a second component aimed at creating a European cybersecurity certification framework, in which ENISA… Read More >>

Cybersecurity Act

Cybersecurity Act : What’s going to change?

After being approved by the European Parliament on March 12, 2019, the Cybersecurity Act was finally adopted after its publication in the Official Journal of the European Union on June 7, 2019. The Cybersecurity Act strengthens the European Union Agency for Cybersecurity (ENISA) and establishes a European framework for the certification of cybersecurity products and services. A permanent mandate and more resources for ENISA With the Cybersecurity Act, ENISA, the European Union Agency for Cybersecurity, created in 2004, receives a… Read More >>

Zero Trust

Zero Trust, a modern and agile defense paradigm?

For those who are responsible for the management of a company’s IT infrastructure, it is quite clear that the moat technique, i.e. the old idea of building a moat around a castle to keep intruders at bay, is no longer relevant. This is not only inefficient but also hardly feasible given the number and diversity of entry points into the IS of any company with a reasonable size today. Indeed, the risks and threats to the information assets of companies and… Read More >>

les dangers du social login

The risks of Social Login

You have seen it before, or even already used it to connect to a website, the social login seduces because of the simplification and time saving it provides to Internet users. This is a unique authentication form that allows users to connect to different sites or applications through identity providers, for example via their Facebook, Twitter, Google, Apple or LinkedIn accounts, to name just a few. Technically, behind the social login, there are identity federation technologies, which allow to use… Read More >>