Case Study
Bastion & 2FA: Privileged Account Management

Created in 2002, the customer is a leading bank in their sector with over 100 branches throughout Central Africa, including the most remote areas.

Sonema has been supporting their development since 2003 and provides VSAT connectivity services for the bank’s main branches, in addition to value- added services such as virtualised server hosting, videoconferencing, IP telephony, bandwidth optimisation and firewall management.

As part of their plan to comply with PCI-DSS requirements, the customer wishes to strengthen the security of their privileged accounts allowing access to sensitive resources on their network. They are looking for an effective solution for the protection and traceability of their information system.

The Challenges

Faced with the problem of managing rights and privileged access plus the legitimacy of connections, the customer wishes to implement a secure service for their privileged accounts* and a reinforced access procedure to guarantee the integrity of their network data.

Since application and data security can be compromised by human error or malicious behaviour, the customer seeks to benefit from the following features:

  • Grant privileges to users or groups of users only for their target resources
  • Monitor all privileged access to critical systems
  • Secure login credentials and passwords

Sonema's Solutions

Sonema recommended that the customer combine two solutions: the «Bastion» and a strong two-factor authentication «2FA».

Both solutions are easy to implement and meet the client’s needs completely.

Sonema proposed the implementation of our proven solution «Bastion» which manages and controls privileged access accounts in addition to securing and storing both passwords and encrypted SSH keys in a password-protected vault.

«Bastion» protects the login credentials that allow access to sensitive bank data.


Configuration of Bastion and 2FA in the Customer’s network


A web access portal has been set up to provide the customer with full visibility and traceability of all connection events on their network: any access and activity of a user with privileged rights is thus identified, monitored and recorded.

The «2FA» two-factor authentication procedure associated with «Bastion», which consists of validating a password by sending a code via SMS or a security key has consolidated the security of access to the customer’s network.

This provides the customer with reliable and essential solutions for the protection of their critical resources, and full monitoring of all privileged account activity to detect any potential malicious behaviour or data breaches.


The combination of «Bastion» and «2FA» solutions, from Sonema’s “Access Protection” range of security solutions has enabled the customer to strengthen the security level of their information system in the context of their compliance with the PCI-DSS standard.

These solutions are reliable, their integration is efficient, and they meet all the traceability and automation criteria required by the standard.

The following major benefits in managing and protecting the rights of the customer’s users were noted:

  • Ease of installation
  • Traceability
  • Meeting increasing compliancy requirements

Vous souhaitez en savoir plus ?

Contactez-nous au +377 93 15 93 15 ou en cliquant ici

Would you like to know more?

Contact us on +377 93 15 93 15 or by clicking here