The new security perimeter for organizations Slowly but surely, we are experiencing a radical change in the world of networks and access security. To illustrate this in a caricatured way, we are moving from a situation when an organization’s network was inside its walls and the Internet outside, to a situation where everything is based on the Internet, which is shared by all organizations’ networks. The networks of companies are now permanently installed in the Internet network via cloud infrastructures that go beyond the physical boundaries… Read More >>
What measures should be implemented to secure teleworking? Today, more than ever, the way organizations manage to secure teleworking has an impact on the overall security of information systems. Teleworking is no longer a project or a temporary exception; it is now strongly anchored in organizations’ practices and represents an additional challenge for IT departments: it is no longer a question of being able to secure the remote accesses of certain employees on a temporary basis, but rather of being able to secure the remote accesses to the… Read More >>
What are the regulations for OVI and OES? The multiplication of attacks and threats to organizations’ information systems has prompted the French government and the European Union to implement recommendations and rules for private companies and public administrations. The requirement level of these rules and recommendations varies according to the importance of the target organization. They are optional for organizations considered as non-sensitive, but, at different levels, mandatory for OVI (Operators of Vital Importance) and OES (Operators of Essential Services). Limiting the cyber risk of OVI and OES… Read More >>
Making the administration workstation incorruptible with a hardened thin client terminal The terminal allowing administrators to access the administration network is a key element for the global security of organizations’ information systems. A possible corruption of this terminal is a major risk for companies. The use of a hardened thin client terminal communicating with administration virtual desktops allows you to take advantage of the specific and secure architecture of a hardened thin client terminal while benefiting from the functionalities of Privileged Access Management (PAM) solutions thanks to virtualization. Prerequisites for using… Read More >>
Least privilege: a key principle for the security of the Information System The least privilege principle consists in limiting the rights/authorizations of any individual on the information system to only those applications/data that are necessary for his missions. This principle appears in many guides relating to cybersecurity, in particular in documents published by the National Cybersecurity Agency of France – ANSSI (PA-022 – recommendations relating to the secure administration of information systems or PG-040 – recommendations for the implementation of system partitioning) or in the rules issued by the French MPL (Military… Read More >>
The human face of the workplace A world without users? “Automation”, “DevOps”, “Robotic Process Automation” (RPA), bots, chatbots and other robots, “artificial intelligence” (AI), … According to some people, users will disappear from the scene: the omnipresence of computing, called “digital”, will eventually replace them, do everything for them, and even do more and better than they do. Clearly, as the French song goes, “we are very little things, …”. Will dematerialization go so far as to dematerialize the user? Is there anyone still behind the… Read More >>
Identity management within Hospitals cluster The GHT (Hospitals cluster in France), created by the Health Act 2016, bring together several hospitals in the same region in order to strengthen their collaboration. This involves, in particular, a shared management of hospital staff, but also the gradual unification of the Information Systems (IS) of hospitals in the same hospitals cluster. Identity management is one of the first building blocks to be implemented as part of IS merge, which must then adapt to a multi-LE (multi legal entity) context…. Read More >>
European Cybersecurity Act : What certification process ? In 2017, the European Commission published a series of initiatives to strengthen the EU’s resilience, deterrence and defense against cyber attacks. These measures include the proposal for a Regulation on ENISA and the certification of information and communication technologies for cybersecurity (European Cybersecurity Act). This regulation gives ENISA a permanent mandate and strengthens its expertise in prevention, consultancy and cooperation. The European Cybersecurity Act also includes a second component aimed at creating a European cybersecurity certification framework, in which ENISA… Read More >>
Cybersecurity Act : What’s going to change? After being approved by the European Parliament on March 12, 2019, the Cybersecurity Act was finally adopted after its publication in the Official Journal of the European Union on June 7, 2019. The Cybersecurity Act strengthens the European Union Agency for Cybersecurity (ENISA) and establishes a European framework for the certification of cybersecurity products and services. A permanent mandate and more resources for ENISA With the Cybersecurity Act, ENISA, the European Union Agency for Cybersecurity, created in 2004, receives a… Read More >>
6 reasons to deploy an SSO solution The Single-Sign-On (SSO) allows users to access their applications by logging in only once. They then have access to all their resources without having to enter their credentials for each application. Companies and organizations have many reasons to implement this type of solution; among them, we can mention the following six major advantages: Time saving: By logging in only once per session, users will save time, as well as the IT support which will be less likely to be contacted… Read More >>