Share :
AM offer
The opening up of the enterprise to the Internet, with the advent of Cloud services accessible to all, the widespread use of teleworking, the opening up of application access to external populations such as partners or customers, the deployment of modern application architectures based on APIs and microservices, the digitization of banking services and the new DSP2 directives are all challenges for the security of logical access.
How can we manage access to applications, data, APIs, etc. in the face of these new challenges, while offering users a simple, fluid and comfortable experience? Synetis, through its Access Management offering, brings you all the expertise of its team of specialists to help you answer this question, in your context and with your specific requirements.
Improved user experience and security
User experience and security are often at odds with each other, as increasing one is often at the expense of the other. However, modernAccess Management solutions offer a wide range of features to improve both these aspects simultaneously:
A single authentication to access all applications: that’s the promise of SSO. Implementing such functionality can be based on multiple approaches: e-SSO, Web SSO, identity federation (SAML2, OpenID Connect, WS-*, etc.), which can be combined to meet different needs. By reducing the number of passwords, deploying an SSO solution strengthens access security while improving the user experience.
As well as playing a key role in setting up an SSO, identity federation can also be used to control authentication and access to SaaS services (OAuth). In this way, authentication to these services is delegated to the Access Management solution, which is responsible for applying the security rules required to authorize access to the requested service.
It enablesend-users to be autonomous in the event of losing or forgetting their password, and thus considerably relieves the support teams in charge of assisting users faced with this type of difficulty. This feature also allows you to set up a password policy to reinforce access security.
It provides users withenhanced authentication tools (certificates, biometrics, etc.) for improved security and a smoother user experience.
It enhances security during authentication by using a second factor (OTP by SMS, push on a mobile application, FIDO2 key, etc.), thus guaranteeing the validity of the authentication provided by the user.
It allows you to define a risk-based access strategy, requiring a more or less stringent level of authentication from the user (second factor, certificate, etc.) depending on the estimated risk of the access requested. This risk may be linked to various metrics – such as the network and geographic origin of the request, the type of terminal used for access, the criticality of the resource accessed, the time and date of the request, etc.
Secure access to API and micro-services back-ends
Modern application architectures rely heavily on APIs and microservices. These endpoints, which expose sometimes critical data, must imperatively be secured.
- Deploying an authorization server enables these endpoints to be secured using the OpenID Connect identity federation protocol (OIDC) and/or the OAuth2 authorization protocol;
- The authorization server can be integrated into an API portal and/or directly into the endpoints;
- The use of standard protocols guarantees compatibility with development frameworks and/or market solutions.
Compliance with DSP2 Directive
Under the impetus of the DSP2 directive, the security and interoperability of online banking services is undergoing radical change: no more SMS OTPs, deemed insufficiently secure for this type of transaction.
- To validate a transaction, several requirements must be met: complete presentation of transaction information, explicit user consent, and strong user authentication;
- In addition, the use of banking data by an online service (merchant site, account aggregator, etc.) is subject to the user's consent from his or her bank. The management of these consents (collection, consultation, revocation, etc.) must be provided to customers by the banking establishment;
- Finally, it goes without saying that access to exposed banking services for partner sites must be tightly controlled to guarantee the security of exposed banking data.
Through standard protocols (OpenID Connect and OAuth2), multi-factor authentication and consent management functionalities, Access Management solutions address all these issues.
Zero Trust Strategy
Increasingly frequent nomadism and telecommuting in the corporate world, the widespread use of Cloud services, and the opening up of access to certain resources to partners (B2B, B2C, outsourcers, etc.) are making system security more fragile. In such a context, access is never totally trustworthy.
A “Zero Trust” strategy guarantees that, whatever the context in which the user attempts to access a resource, the validity of this request will have been checked through a suitable and reliable authentication process.
Governance / Audit and Compliance
From an auditability and compliance perspective, governance offers several approaches:
All actions carried out on accounts and rights are traced, enabling the use of standard reports or the construction of specific reporting.
By defining a risk level for the various rights available, it is possible to target controls at high-risk users.
To ensure that the rights requested and approved correspond to the actual rights in the target systems, automatic comparisons can be set up between these two states.
To ensure that a user’s rights are always in line with his or her activity, regular rights certification campaigns are possible, for example via the line manager or the resource owner.
Access Management at Synetis
More than 45 consultants dedicated to Access Management, with an average experience of over 5 years in the field of cyber security;
More than 8 active partnerships with major market players (Microsoft, Ilex International, InWebo, Okta, Ping Identity, CyberArk, Wallix / Trustelem, Yubico) and real expertise with other software publishers such as ForgeRock, Microsoft, OneLogin, etc. ;
Over 20 publisher certifications acquired;
More than 65 projects underway as of 01/08/2022 - including 40+ new projects in 2022 - of all sizes (from ten days to more than 250 days) and all types (scoping, audit, integration, TMA, CDS), with a commitment to results (fixed-price) or resources (time and materials).
