Software Products
- Identity and Access Management (IAM)
  - Systancia Access
    SSO authentication access control solution to make the access of applications simple and secure
    
    Discover the product
    
    Request a trial
  - Systancia Identity
    Centralize and monitor user account and authorization management
    
    Discover the product
    
    Request a trial
- Privileged Access (PAM)
  Learn in this ebook how to respond efficiently to service provider access issues thanks to PAM (Privileged Access Management).
  Download the ebook
  - Systancia Cleanroom
    Sterile and disposable virtual desktop for the administration of all your resources, on premise or cloud
    
    Discover the product
    
    Request a trial
- Virtual access (VDI)
  - Systancia Workplace
    Immediate access to your virtual desktop and all your applications, on premise or cloud
    
    Discover the product
    
    Request a trial
- Remote Access (ZTNA)
  - Systancia Gate
    Private network access solution “zero-trust” certified by ANSSI (National Cybersecurity Agency of France)
    
    Discover the product
    
    Request a trial
Cloud services
- Systancia Workroom
  - Systancia Workroom Session Service
    The secure remote access portal for all your applications in any situation (telecommuting, mobility, on-call, outsourcing, services, etc.).
    
    Discover the service
    
    Try for free
  - Systancia Workroom Desk Service
    The secure remote access portal to your virtual desktops and all your applications in any situation ( telecommuting), mobility, on-call, outsourcing, services, etc.).
    
    Discover the service
    
    Request a trial
- Systancia Cleanroom
  - Systancia Cleanroom Session Service
    Monitoring the access of empowered users and administrators to information system resources.
    
    Discover the service
    
    Try for free
  - Systancia Cleanroom Desk Service
    The sterile and disposable virtual administration office for monitoring access to information system resources by empowered users and administrators.
    
    Discover the service
    
    Request a trial
Solutions and use cases
- Telework
  
  In order to adapt to new practices in terms of mobility, teleworking or outsourcing, companies and organizations must allow employees to access the information system from outside via a transparent user experience in terms of ergonomics and performance, while guaranteeing the security of access from an uncontrolled workstation or network....
  Read the use case
- Regulatory compliance
  
  Compliance with multiple regulations is sometimes perceived as a constraint, but it is nevertheless necessary to ensure an effective IS security....
  Read the use case
- “SaaSifying” Applications
  
  Application virtualization allows organizations to make all their business applications available in SaaS mode....
  Read the use case
- Third party access (provider, ecosystem)
  
  To guarantee the adoption of users and the IT department, any IT solution must guarantee an optimal access and use experience while enhancing IS security and not be perceived as a constraint by the user....
  Read the use case
- Replacing an existing solution
  
  Regardless of whether it is a matter of guaranteeing IT security, optimizing the work experience or simplifying application management, companies and organizations may need to modernize and replace their obsolete IT solutions which no longer provide the innovations required to meet the challenges of digital inclusion....
  Read the use case
- Agility of access management
  
  Employee movements (turnover, internal rotation, outsourcing and mergers-acquisitions) require that the IT department benefits from real agility in order to facilitate these movements and increase the level of IS security....
  Read the use case
- Desktop or application virtualization
  
  Provide access to applications independent of the operating systems and devices used by an organization’s employees....
  Read the use case
- Access monitoring (traceability and access audit)
  
  Information system security (ISS) is mainly based on the security of its weakest link, which is also the essential element: the human being....
  Read the use case
- Digital Risk and Data Protection
  
  Due to the growing amount of data within companies and organizations, and the fact that these data are sometimes sensitive, it is essential to protect them against any potentially devastating risk of leakage, as we are reminded daily by the press....
  Read the use case
- The cloud as a lever
  
  For organizations, the cloud is a vector of flexibility and transformation of digital use, both for employees and the IT department. Contact us Photo credits : https://writix.co.uk Massively migrate the operating environment Today, IT departments must manage the rapid and asynchronous evolution of the various components of technologies such as server operating systems, applications, and workstations. Thus, server OSes progress at a different speed from the OS versions of the client devices, and an even different speed from business applications... Read More >>
Customer Success
Partners
Events
- Events
- Webinars
- Replays
Press
Blog

SystanciaBlogCybersecurityZero Trust, a modern and agile defense paradigm?

Zero Trust, a modern and agile defense paradigm?

For those who are responsible for the management of a company’s IT infrastructure, it is quite clear that the moat technique, i.e. the old idea of building a moat around a castle to keep intruders at bay, is no longer relevant. This is not only inefficient but also hardly feasible given the number and diversity of entry points into the IS of any company with a reasonable size today.

Indeed, the risks and threats to the information assets of companies and healthcare institutions come as much from the organization’s staff and collaborators as from external enemies. Therefore, focusing on defending the network perimeter gives a partial view of the threat and does not provide a global view of the risks.

In other words, checking the identity of the person or object (machine, IoT) before receiving the authorization to access an IT resource of the company is no longer sufficient. On the one hand, because the delimitation of the perimeter to be protected has become vague and imprecise. On the other hand, because the usurpation of the identity of a legitimate user allows an attacker to pass the castle drawbridge without obstruction and move through the network without being detected as hostile.

For example, the fact that there is no demarcation line between the “inside” and “outside” of the company is particularly sensitive with the ubiquity of “Cloud” services [i], whether public, private or hybrid. In such conditions, how and who can you trust? It is certain that the initial authenticationPrimary or secondary authentication Authentication allows a user to guarantee his or her identity before accessing a resource or service. Primary authentication will give user access to the workstation (Windows... More of any partner (human or IT) of a company who wishes to access sensitive resources of the company must be of high quality, i.e. multi-factorial or strong cryptography.

One of the keys to trying to solve the problem is to trust no one a priori. Even if authenticated once trustworthy, it is necessary to continuously measure the degree of trust assigned to any IS user, as mentioned in a previous article [01]. This dynamic index is constantly compared to adaptive alert thresholds. They depend both on the criticality of the actions to be carried out and on the context in which these actions are carried out (the degree of requirements to carry out a given operation from a fixed workstation or a mobile phone).

The complexity of running a company’s infrastructure today means that it is often not humanly possible to fully review all the alerts triggered by a system. Machines must help to analyze this data and this is where artificial intelligence (AI) comes in, to constantly look for unusual behavior after “learning” what is usual and normal in the network. In this way, filtering events is faster, more comprehensive and, ideally, should produce fewer false positives.

Finally, there is another way to improve the security level of the infrastructure and move away from the fortified castles model, which will eventually become like sand castles. It is a question of reversing roles: rather than having an entry point that publishes resources and increases the attack surface of the IS, it is more secure and robust to set up a reception service whose role is to mediate between users and the company’s resources.

Deployed in a demilitarized zone (DMZ), this mediation server is responsible for verifying the identity of requesters and, in the event of successful authentication, contacting a gateway allowing access to the company’s shared resources.

Thanks to this architecture, the IS attack surface is reduced to the strict minimum via the mediation server and there is no connection to the company IS but only from it. Shared resources can therefore not be seen by potential attackers.

Systancia Gate, formerly IPdiva Secure, the ZTNAZero Trust Network Access. The ZTNA is a name describing products that apply a "Zero Trust", or lesser privilege, policy in the area of external access. The objective is to... More (Zero Trust Network Access) solution from Systancia, uses this architecture to guarantee a selective access “on demand” to internal resources of the company, anywhere, for any type of system, to any type of user, internal or external, while ensuring the same security level.

[i] Many companies have servers connected to their networks that they are not even aware of.

Discover Systancia Gate