Faced with the problem of managing rights and privileged access plus the legitimacy of connections, the customer wishes to implement a secure service for their privileged accounts* and a reinforced access procedure to guarantee the integrity of their network data.

Since application and data security can be compromised by human error or malicious behaviour, the customer seeks to benefit from the following features:

• Grant privileges to users or groups of users only for their target resources
• Monitor all privileged access to critical systems
• Secure login credentials and passwords

Sonema recommended that the customer combine two solutions: the «Bastion» and a strong two-factor authentication «2FA».

Both solutions are easy to implement and meet the client’s needs completely.

Sonema proposed the implementation of our proven solution «Bastion» which manages and controls privileged access accounts in addition to securing and storing both passwords and encrypted SSH keys in a password-protected vault.

«Bastion» protects the login credentials that allow access to sensitive bank data.

Configuration of Bastion and 2FA in the Customer’s network

A web access portal has been set up to provide the customer with full visibility and traceability of all connection events on their network: any access and activity of a user with privileged rights is thus identified, monitored and recorded.

The «2FA» two-factor authentication procedure associated with «Bastion», which consists of validating a password by sending a code via SMS or a security key has consolidated the security of access to the customer’s network.

This provides the customer with reliable and essential solutions for the protection of their critical resources, and full monitoring of all privileged account activity to detect any potential malicious behaviour or data breaches.