Securing all the Terminals of a Major Government Ministry
The case of the French Interior Ministry*
Challenges
The Interior Ministry provides security and protection for the French population against a variety of risks on a day to day basis. The resources deployed must constantly adapt to the rapidly evolving threats, the new forms of crime and terrorism but also to technological developments.
Several plans have been developed and implemented since 2014 to keep up with this constantly changing situation. First the homeland security modernisation plan (PMSI) was developed with civil security, the gendarmerie and national police forces. […] Two targeted plans were implemented and financed on the heels of the attacks that struck France in January and November 2015.
The Anti-Terrorism Plan (PLAT) announced on 21 January 2015 […] and the Security Pact announced by the President of the Republic to Congress.
For information and communication systems, the projects supported by these programmes focus on several priorities for 2016-2017 […] including the strengthening and securing of IT infrastructures through network and workstation encryption.
Requirements
User services:
- In the first wave: all workstations working with Windows operating systems,
- In the second wave: all workstations working with Linux operating systems (Note: the first wave accounts for over 110,000 computers).
The Ministry is conducting an ambitious project to secure its information systems over 3 years, with one objective: protect its office automation data up to “Diffusion Restreinte” (Restricted Information) level.
Solution
For this purpose and in close collaboration with the Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI), the Ministry is massively deploying PRIM’X software over its entire installed IT base.
The CRYHOD and ZONECENTRAL software enable ergonomic data encryption to guard against data theft or attempted espionage and to restrict access to users authorised and authenticated with their agent card (i.e.: the Ministry’s microchipbased badges).
These tools aim to make encryption of internally and externally shared data systematic while simplifying the use of these sometimes complex technologies.
Benefits
- Encryption on the fly, transparent for users: the user accesses files normally without having to take any particular action and without seeing any difference in treatment between encrypted and unencrypted files. Users must just provide an access key once during the working session to decrypt the encrypted files they have access to;
- Protecting residual information and protection against keyloggers and spyware;
- Products qualified at the ANSSI Standard level and listed in the NATO catalogue;
- Secure Communications: emails and encrypted containers for secure communication, management of encryption on removable media (USB key, external drive…);
- File encryption/decryption as and when they are used (on the workstation and in the memory) when accessing a server over the network. The data in transit is encrypted in a collaborative space, only users with access rights can read the contents of shared files;
- User access via an agent card;
- Simplified integration with the Ministry’s Office Automation Infrastructure.
*All the text in this document comes from the Ministry’s Press Kit released for the meeting in July 2016 between the Minister Bernard Cazeneuve and «the Interior Ministry’s Security Partners» one of whom is Prim’X.
Used products
- Anti-theft
- Perimeter Security
CRYHOD : Drive encryption to protect against theft or loss
- Protection of computers while on the move or working from home,
- Full encryption of computers and drives, physical or virtual
- Authentication at start-up with all types of key
- "Encrypt and forget" solution
- Right-to-Know Management
ZONECENTRAL : Data confidentiality and partitioning
- Protection of data across desktops, sharing and virtual environments
- Partitioning between users, service providers, work groups and departments.
- Very discreet and imposes no changes on user working habits.
