Share:
Infrastructure security offer
CIDR's offer covers the foundations of operational security. From the lowest layers, such as the network or operating systems, to the data, which in many cases is the source of the company's wealth (patents or customer address books, to name just two examples), our offers - whether packaged or customized - focus on securing these elements by applying best practices. From the first measures to get out of the "humiliation zone" to the complex specifications of sensitive IS (IM900/II901, RGS, etc.).
Cryptographie
Cryptography is ubiquitous in our systems, and in most cases it is invisible to the user (and in this it achieves the goal that all security systems aim for). However, the possibilities of applying cryptography are not always the default choices and are sometimes complex to implement and maintain.
That is why we accompany our clients in :
and all the satellite elements for its proper operation (HSM, CMS, smart card, etc.).
- Application of TLS
- Secure remote access (VPN)
- Device encryption
- Encryption of user data
- Application data encryption
- Machines (on the network or between machines)
- Users (MFA with certificates, e.g. for Windows logon with SmartCard Logon)
Discover some of the technologies we work with:
- PKI/IGC/IGC: ID PKI (Atos), AD CS, EJBCA (KeyFactor), Entrust
- Hardware Security Module (HSM): TrustwayBull Proteccion (Atos), YubiHSM (Yubico), nShield (entrust)
- Data encryption: ZoneCentral (Prim'X), Oodrive, Stormshield Data Security
- Device encryption: Cryhod (Prim'X)
- Cloud encryption: Google EKM, Data Security Manager (Fortanix)
- Remote access encryption: GlobalProtect (Palo Alto), Prisma Access (Palo Alto), FortiClient (Fortinet), Netskope
Infrastructure
By "infrastructure" we mean everything that supports the end services of the IS, from "high-level" activities - such as design or consulting - to the most technical ones (OS hardening, for example).
Most of our projects include a design phase, definition of the architecture and its integration into the existing IS of the company.
However, certain needs and certain contexts require that particular or even exclusive attention be paid to this aspect (the "technological" components of the project either not being of a certain size or being fixed). This is particularly the case for the creation or compliance of sensitive information systems. With extensive experience in these particular contexts, we assist our clients in studying the relevant texts for their regulatory constraints (IM900/II901, IGI1300, RGS, etc.) and define with them the architecture choices that guarantee compliance, and therefore the security of their activities.
On a more "micro" scale, our infrastructure activities also consist of securing Operating Systems, in existing environments or in creating a reference image (master) - whose deployment on the park can be orchestrated and automated, or in techniques and processes related to backups or to the implementation of a PRI/PCI.
All these activities are combined (when relevant) on-premise and in the cloud.
Data
As mentioned above, we support our clients in managing the right to know - which can be achieved through encryption. But this is not the only area of data protection, and it is not the first either: to protect an asset, you must first know it, quantitatively and qualitatively.
If inventory is a problem for systems, it's a colossal task for data, as volumes explode and so do storage locations - between on-premise history and multiple CSPs.
- Inventory and data mapping;
- Data Classification;
- Monitoring and protection against data leakage;
- Right-to-know management;
- Management of legal requests and obligations (RGPD, right to be forgotten, etc.).
Discover some of the technologies we work with:
- ZoneCentral (Prim'X)
- Oodrive
- Stormshield Data Security
- Cryhod (Prim'X)
- Google EKM
- Data Security Manager (Fortanix)
- Symantec
- DigitalGuardian
To support companies and organizations of all sizes, we also offer a package: GOENCRYPT - turnkey data encryption offer:
Encryption via ZoneCentral and/or Cryhod - of devices and user data (local, collaborative and "In transit" by email).
To support user authentication with a certificate on these solutions.
- Symantec
- DigitalGuardian
Networks
Our teams of experts support our customers at all levels of the network. Whether it is theapplication of best practices or recommendations on an existing network, the installation or migration to new firewalls, the review of filtering rules or the automation of their deployment, or the securing of remote access in a "historical" operation (VPN) or in ZTNA models (SASE / CASB), we support companies and organizations in securing their network projects.
That is why we accompany our clients in :
FireWall : Fortinet, Palo Alto, Stormshield
Automation : Tufin
SASE : Netskope, Prisma Access (Palo Alto)
Secure remote access GlobalProtect (Palo Alto), FortiClient (Fortinet)
Through our CIDR offer, we support our customers in the implementation of their IS security, securing their business operations. Thanks to this collaboration, healthy foundations are built, allowing companies to add new solutions and new services with peace of mind.
