Continuous Authentication : When Behavioral Analysis Guarantees Your Identity Many authentication methods exist nowadays. The most well-known of them is by using the login/password pair. For a better secured access to the information system, many organizations have implemented a multi-factor authentication (MFA), especially for IS administrators. But once authenticated, what guarantees that it is the same person behind the screen, mouse or keyboard? Continuous authentication : what is it ? Continuous authentication is a permanent authentication based on the user’s behavior on the workstation. Via the Machine Learning, a… Read More >>
ZTNA : A look back to the Zero Trust concept In its Market Guide for Zero Trust Network Access (ZTNA), Gartner estimates that by 2022, 80% of new business applications open to a partner ecosystem will be accessible via a ZTNA solution. According to Gartner, by 2023, 60% of companies will have replaced their remote VPN access with the ZTNA remote access. Zero Trust is therefore emerging as one of the key issues for CIOs and CISOs in the coming years. ZTNA / Zero Trust : what are the origins… Read More >>
Password vault : its potential for cybersecurity Are you one of the 83% of Internet users who use the same credentials for several sites? If the answer is 011011110111010101101001, it means that it may be time to consider using a password “vault”. Password “vault”, what is it? By using a password “vault” or password manager, all passwords are secured. For example, it is possible to create unique and robust passwords for all applications, so you don’t forget them. The main features of a password “vault”: Data storage… Read More >>
The Rosetta Stone of Identity Management and Governance Identity and Governance Administration (IGA) is commonly defined as a centralized orchestration, through the application of security policies, identity management and user access control to an information system. This is the foundation of IT security and regulatory compliance for companies. In other words, it consists in setting up a formal framework to ensure that the right people have access to the right information, at the right moment and for the time strictly necessary to accomplish their missions. It seems simple… Read More >>
Identity and security Security is a global issue. The security approach has not changed much since Roman times. The idea behind defense-in-depth is to create concentric security circles around the sensitive assets to be protected. Each circle being designed to slow and potentially weaken the enemy’s attack until it is repelled or at the very least detected. We all know the structures of castles, moats, drawbridges and dungeons. Today, the defenses of equivalent modern information systems are called physical security, firewalls, authentication and… Read More >>
The human face of the workplace A world without users? “Automation”, “DevOps”, “Robotic Process Automation” (RPA), bots, chatbots and other robots, “artificial intelligence” (AI), … According to some people, users will disappear from the scene: the omnipresence of computing, called “digital”, will eventually replace them, do everything for them, and even do more and better than they do. Clearly, as the French song goes, “we are very little things, …”. Will dematerialization go so far as to dematerialize the user? Is there anyone still behind the… Read More >>
Identity management within Hospitals cluster The GHT (Hospitals cluster in France), created by the Health Act 2016, bring together several hospitals in the same region in order to strengthen their collaboration. This involves, in particular, a shared management of hospital staff, but also the gradual unification of the Information Systems (IS) of hospitals in the same hospitals cluster. Identity management is one of the first building blocks to be implemented as part of IS merge, which must then adapt to a multi-LE (multi legal entity) context…. Read More >>
Zero Trust, a modern and agile defense paradigm? For those who are responsible for the management of a company’s IT infrastructure, it is quite clear that the moat technique, i.e. the old idea of building a moat around a castle to keep intruders at bay, is no longer relevant. This is not only inefficient but also hardly feasible given the number and diversity of entry points into the IS of any company with a reasonable size today. Indeed, the risks and threats to the information assets of companies and… Read More >>
The risks of Social Login You have seen it before, or even already used it to connect to a website, the social login seduces because of the simplification and time saving it provides to Internet users. This is a unique authentication form that allows users to connect to different sites or applications through identity providers, for example via their Facebook, Twitter, Google, Apple or LinkedIn accounts, to name just a few. Technically, behind the social login, there are identity federation technologies, which allow to use… Read More >>
TISAX®, an information security mechanism in the automotive industry Based on the standard ISO 27001 and adapted to the requirements of the automotive field, the TISAX® (Trusted Information Security Assessment Exchange) mechanism was developed by the VDA (Verband der Automobilindustrie, the German automotive industry association) in partnership with an association of European automotive manufacturers, called the European Network Exchange (ENX). The TISAX® security audit mechanism allows the mutual acceptance of information security assessments (carried out by trusted and certified third parties) in the automotive industry and provides a common… Read More >>