moindre privilège

Least privilege: a key principle for the security of the Information System

The least privilege principle consists in limiting the rights/authorizations of any individual on the information system to only those applications/data that are necessary for his missions. This principle appears in many guides relating to cybersecurity, in particular in documents published by the National Cybersecurity Agency of France – ANSSI (PA-022 – recommendations relating to the secure administration of information systems or PG-040 – recommendations for the implementation of system partitioning) or in the rules issued by the French MPL (Military… Read More >>

Workplace Experience

Workplace Experience, a challenge for companies in 2020?

The Workplace Experience corresponds to all the experiences of an employee within an organization. These experiences will be decisive for his professional development, his ability to create value by aggregating skills and knowledge through a maximized collaboration, and ultimately to participate to the achievement of the organization’s objectives. Keys to a successful Workplace Experience The availability of a unique work environment, regardless of the access device, regardless of whether the user is at the company’s premises or on the move,… Read More >>

ZTNA

ZTNA : A look back to the Zero Trust concept

In its Market Guide for Zero Trust Network Access (ZTNA), Gartner estimates that by 2022, 80% of new business applications open to a partner ecosystem will be accessible via a ZTNA solution. According to Gartner, by 2023, 60% of companies will have replaced their remote VPN access with the ZTNA remote access. Zero Trust is therefore emerging as one of the key issues for CIOs and CISOs in the coming years. ZTNA / Zero Trust : what are the origins… Read More >>

Cybersecurity: a cost that generates savings

Cybersecurity: a cost that generates savings

For organizations, the deployment of cybersecurity solutions represents a significant and yet essential cost. The challenge is to avoid cyber attacks (internal or external to the organization) and therefore their financial consequences (among others). However, this cost must be seen in the context of potential savings that can be realized when a cyber attack fails thanks to the cyber security solutions deployed by the target organization. In their ninth annual study “The cost of Cybercrime” [01], Accenture Security and the… Read More >>

La pierre de Rosette de la gestion et la gouvernance des identités (IGA)

The Rosetta Stone of Identity Management and Governance

Identity and Governance Administration (IGA) is commonly defined as a centralized orchestration, through the application of security policies, identity management and user access control to an information system. This is the foundation of IT security and regulatory compliance for companies. In other words, it consists in setting up a formal framework to ensure that the right people have access to the right information, at the right moment and for the time strictly necessary to accomplish their missions. It seems simple… Read More >>

Identité et sécurité Security

Identity and security

Security is a global issue. The security approach has not changed much since Roman times. The idea behind defense-in-depth is to create concentric security circles around the sensitive assets to be protected. Each circle being designed to slow and potentially weaken the enemy’s attack until it is repelled or at the very least detected. We all know the structures of castles, moats, drawbridges and dungeons. Today, the defenses of equivalent modern information systems are called physical security, firewalls, authentication and… Read More >>

The human face of the workplace

The human face of the workplace

A world without users? “Automation”, “DevOps”, “Robotic Process Automation” (RPA), bots, chatbots and other robots, “artificial intelligence” (AI), … According to some people, users will disappear from the scene: the omnipresence of computing, called “digital”, will eventually replace them, do everything for them, and even do more and better than they do. Clearly, as the French song goes, “we are very little things, …”. Will dematerialization go so far as to dematerialize the user? Is there anyone still behind the… Read More >>

La gestion des identités dans les GHT

Identity management within Hospitals cluster

The GHT (Hospitals cluster in France), created by the Health Act 2016, bring together several hospitals in the same region in order to strengthen their collaboration. This involves, in particular, a shared management of hospital staff, but also the gradual unification of the Information Systems (IS) of hospitals in the same hospitals cluster. Identity management is one of the first building blocks to be implemented as part of IS merge, which must then adapt to a multi-LE (multi legal entity) context…. Read More >>

les dangers du social login

The risks of Social Login

You have seen it before, or even already used it to connect to a website, the social login seduces because of the simplification and time saving it provides to Internet users. This is a unique authentication form that allows users to connect to different sites or applications through identity providers, for example via their Facebook, Twitter, Google, Apple or LinkedIn accounts, to name just a few. Technically, behind the social login, there are identity federation technologies, which allow to use… Read More >>

reasons to deploy SSO

6 reasons to deploy an SSO solution

The Single-Sign-On (SSO) allows users to access their applications by logging in only once. They then have access to all their resources without having to enter their credentials for each application. Companies and organizations have many reasons to implement this type of solution; among them, we can mention the following six major advantages: Time saving: By logging in only once per session, users will save time, as well as the IT support which will be less likely to be contacted… Read More >>