Simplified and secure identity management: the keystone of your zero trust strategy How to secure the access of an employee working from home who uses a computer not controlled by the company, and who has access to your internal resources? With working form home employees accessing their applications located inside the company network, the usual protection offered by the company’s internal network (FireWall, VPN) is no longer sufficient. At the same time, how to secure access to applications for a group of employees whose rights are suddenly modified after a major change… Read More >>
Fake President fraud: a scam that takes advantage of the teleworking boom Like ransomware, the Fake President fraud has taken advantage of the massive telework due to the health crisis to take off again since 2020. While in the case of ransomware, remote access technologies unsuited to telework are to blame, in this case it is the lack of face-to-face social interaction that is one of the major causes of the increase in this type of scam. How does a fake president fraud work? In a fake president fraud, a swindler who… Read More >>
Least privilege: a key principle for the security of the Information System The least privilege principle consists in limiting the rights/authorizations of any individual on the information system to only those applications/data that are necessary for his missions. This principle appears in many guides relating to cybersecurity, in particular in documents published by the National Cybersecurity Agency of France – ANSSI (PA-022 – recommendations relating to the secure administration of information systems or PG-040 – recommendations for the implementation of system partitioning) or in the rules issued by the French MPL (Military… Read More >>
Workplace Experience, a challenge for companies in 2020? The Workplace Experience corresponds to all the experiences of an employee within an organization. These experiences will be decisive for his professional development, his ability to create value by aggregating skills and knowledge through a maximized collaboration, and ultimately to participate to the achievement of the organization’s objectives. Keys to a successful Workplace Experience The availability of a unique work environment, regardless of the access device, regardless of whether the user is at the company’s premises or on the move,… Read More >>
ZTNA : A look back to the Zero Trust concept In its Market Guide for Zero Trust Network Access (ZTNA), Gartner estimates that by 2022, 80% of new business applications open to a partner ecosystem will be accessible via a ZTNA solution. According to Gartner, by 2023, 60% of companies will have replaced their remote VPN access with the ZTNA remote access. Zero Trust is therefore emerging as one of the key issues for CIOs and CISOs in the coming years. ZTNA / Zero Trust : what are the origins… Read More >>
Cybersecurity: a cost that generates savings For organizations, the deployment of cybersecurity solutions represents a significant and yet essential cost. The challenge is to avoid cyber attacks (internal or external to the organization) and therefore their financial consequences (among others). However, this cost must be seen in the context of potential savings that can be realized when a cyber attack fails thanks to the cyber security solutions deployed by the target organization. In their ninth annual study “The cost of Cybercrime” [01], Accenture Security and the… Read More >>
The Rosetta Stone of Identity Management and Governance Identity and Governance Administration (IGA) is commonly defined as a centralized orchestration, through the application of security policies, identity management and user access control to an information system. This is the foundation of IT security and regulatory compliance for companies. In other words, it consists in setting up a formal framework to ensure that the right people have access to the right information, at the right moment and for the time strictly necessary to accomplish their missions. It seems simple… Read More >>
Identity and security Security is a global issue. The security approach has not changed much since Roman times. The idea behind defense-in-depth is to create concentric security circles around the sensitive assets to be protected. Each circle being designed to slow and potentially weaken the enemy’s attack until it is repelled or at the very least detected. We all know the structures of castles, moats, drawbridges and dungeons. Today, the defenses of equivalent modern information systems are called physical security, firewalls, authentication and… Read More >>
The human face of the workplace A world without users? “Automation”, “DevOps”, “Robotic Process Automation” (RPA), bots, chatbots and other robots, “artificial intelligence” (AI), … According to some people, users will disappear from the scene: the omnipresence of computing, called “digital”, will eventually replace them, do everything for them, and even do more and better than they do. Clearly, as the French song goes, “we are very little things, …”. Will dematerialization go so far as to dematerialize the user? Is there anyone still behind the… Read More >>
Identity management within Hospitals cluster The GHT (Hospitals cluster in France), created by the Health Act 2016, bring together several hospitals in the same region in order to strengthen their collaboration. This involves, in particular, a shared management of hospital staff, but also the gradual unification of the Information Systems (IS) of hospitals in the same hospitals cluster. Identity management is one of the first building blocks to be implemented as part of IS merge, which must then adapt to a multi-LE (multi legal entity) context…. Read More >>
Digital Confidence Management of privileged accounts: 5 key recommendations to protect your Information System