PAM should not exclude SAP Before starting to play a board game, it’s customary to read the game rules. As part of an outsourcing service, it is also very important to establish the “rules of the game” between parties. In [01], the ANSSI (French National Cybersecurity Agency) states that, when using managed services, security should not be incompatible with outsourcing. For an organization whose IS administration is handled by a service provider, the inherent risks are generally related to the loss of control of the… Read More >>
The Cleanroom concept for a safe and secure administration A bastion is a military structure projecting outward from the wall of a fortress. In computer science, we can extrapolate the term “bastion” to a host deliberately exposed to an external, not trusted, network. In general, the purpose of a “cyber bastion host” is to protect a network or part of a network from external threats; it is therefore the most exposed element, the one that is most likely to be attacked . If a bastion “falls down”, the whole… Read More >>
Security is not an obstacle I hurry to laugh at everything, for fear of having to cry about it. Pierre DAC There are three main areas of information systems security (ISS): awareness, physical security and information technology (implementation ways). About awareness, here is a small selection of sentences I have already heard over the past twenty years (unfortunately, this is not an exhaustive list): Security is useless and expensive! There’s nothing secret about what we do. It’s complicated! You’re frankly paranoid… Regarding the complexity of… Read More >>
Once upon a time in Cyberland If the fool warns of a risk, run away. Teke proverb In [01], I mentioned that the risk can be internal to the organization you are managing/administrating/supervising. I had vaguely in mind (but without really quoting it) the Trojan Horse story, which is one of the greatest war tricks, you will agree. Now, let us look at the case of a user with high rights, acting clumsily and, of course, involuntarily. Before starting, it should be noted that any resemblance… Read More >>
Continuous authentication in Cyberia Security is a matter of compromise, a balance between confidentiality and convenience, control and efficiency. While it would be easy to restrict access to an Information System in order to protect sensitive business data, it would become impossible to make it a tool for productivity and growth, especially at a time when openness and collaboration are taken for granted. At the same time, the strict control and monitoring of “power” users has become of crucial importance given the recent cases… Read More >>
I LOVE GDPR ♥ Security is everyone’s concern. Edouard PHILIPPE Since 25 May 2018, the General Data Protection Regulation (GDPR) has been applied for all European Union countries. The main objective of this regulation is to standardize the protection of individuals’ personal data. The GDPR is clearly a technical, legal and organizational subject. In my opinion, this regulation is an undeniable opportunity to control our data and to regain control of our digital life. It is a beautiful tool that will however be necessary… Read More >>
Telework: how to access your enterprise IS securely from home? On my way to telework, I got telepunched for over speeding on the information highway… and it cost me a hell of a telefine! Philippe GELUCK (“Le tour du chat en 365 jours”) Starting with the Macron Ordonnance of September 2017, any employee can request to telework in France. Besides revolutionizing managerial rules, telework allows an adapted organization of professional time by and for an employee. It should be reminded that, by definition, telework is performed outside the employer’s premises… Read More >>
Soliloquy around a consistent monitoring approach Over the last few months, many articles in the specialized press or on various blogs have reported the increase of cyber attacks. Indeed, in 2017, it was noted that attacks in the cyber domain have increased by more than 20%. It is clear that, for any organization, the security of information systems must be considered as a capital issue of governance, or even survival in certain situations. In a previous interview, I have already had the opportunity to say that,… Read More >>
In the age of artificial intelligence, nothing new… really? The year 2017 was marked by numerous issues in the cyber domain. We can mention the successive ransomware waves but also the imminent arrival of the GDPR (General Data Protection Regulation) which is the subject of many conferences, posts, forum topics, etc. Another great subject was the “second birth” of artificial intelligence and machine learning. Concerning the artificial intelligence (AI), we are still far from Skynet from Terminator, I can assure you. However, it has to be said that a… Read More >>
Feedback on the ANSSI’s qualification of IPdiva Secure, now Systancia Gate One of the keys to securing the information system of an organization is to deploy security products. Because of their importance in the security system, it is essential to have confidence in these products. Confidence refers to the idea that you can trust someone or something. The best way to measure confidence in a security product is to have a security evaluation, conducted by a recognized and independent body in order to “validate” the response to a specific problem. IPdiva… Read More >>