Expertise and Trust

Our Expertise Centers - Security

The resources of our security expertise center are seasoned and duly certified consultants. Thanks to this team, Facilité Informatique is able to meet your security needs whatever they are:

OpenTrust Public Key Infrastructure and Smart Card Management


  Our partnership with OpenTrust complements our offer, enabling us to propose comprehensive solutions that will significantly improve the security of our customers' information systems. The OpenTrust software suite comprises 6 different solutions : OpenTrust PKIOpenTrust SCMOpenTrust CNSOpenTrust eMobileOpenTrust eBankingOpenTrust SPI.

Facilité Informatique is proud to announce that OpenTrust PKI has just received the Commun Criteria certification (EAL3+).
For more information about OpenTrust security products and/or to request an OpenTrust presentation, do not hesitate to contact us by email: venteopentrust@facilite.com



OpenTrust solutions allow:

  • To secure a company’s infrastrucures: CISCO routers and switches, VPNs, WiFi secured by certificate, Microsoft domain controllers, application servers, applications themselves, etc.
  • To secure workstations in Microsoft, Linux, Unix and MacOS environments and mobile devices: SmartPhone (WindowsMobile6, BlackBerry, Iphone), PDAs, etc.
  • To secure and encrypt/decrypt data: encryption/decryption of hard disks, of shared disks, encryption of emails, documents, etc.
  • To ensure the non-repudiation thanks to the digital signature: signature of emails, documents, online forms, etc.
  • To reduce the number of user identifiers and passwords by replacing them with a unique digital identity placed in a smart card. This then allows to obtain physical access to buildings, underground parking, printers (RFID) and access to computer data via SmartCard Logon. This represents a convergence project for I.T. access to computer data and physical access.
  • To ensure information and communication confidentiality and integrity.
  • To support the migration and reimportation of an existing solution (Entrust, Microsoft, etc.)
  • To add a layer of strong security to the IAM softwares. OpenTrust works more and more on projects of integration with GIA solutions (IBM, Oracle, SUN, Novell, ...). This allows to strengthen the management of a user account’s life cycle while providing a high level of security. In addition, it allows to ensure and enhance the identity of a person or machine by providing the possibility of strong authentication, to encrypt and decrypt, as well as digital signature.

The same OpenTrust-PKI software can enable you to raise security on user accounts, but also to strengthen the security of your corporate network. OpenTrust and Facilité Informatique offer a financial model more interesting and more flexible, as well as a range of features more advanced than those of our competitors.

Identity and Access Management


How can we reconcile two opposite trends: on one hand the freedom to act anywhere and at any time, which is possible thanks to new technologies, and, on the other hand, the security of personal data, the protection of the information exchanged and the integrity of transactions?

Our service offer on the management of identities and access allows you to navigate among all the components of this series of solutions by retaining the components which apply to your context. Our support service will help you in the preliminary studies, the justification and the creation of specifications. Our experts can then be put to contribution for the integration and definition of processes and business rules to ensure the success of these strategic initiatives.

Organizational Security and Governance


The confidentiality, integrity and availability of information are important to maintain competitive advantage, legal compliance and brand image of an organization without underestimating the financial benefits implied. The alignment of information security with the organizational mission is crucial. Security policies are the foundation on which the organization shall establish its guidelines. These guidelines emanate from the organization’s top management and convey its expectations, standards and rules concerning security.

Instead of creating security policies in response to a problematic situation or with the objective of meeting a standard, Facilité Informatique’s offer concerns the choice of the critical activities of the company and their scope. As soon as an activity is accepted, all stages leading to operational control are immediately created while respecting documentary integrity. This top to bottom approach allows congruity between organizational goals and policies that stem out from them and uniformity in the application of security from a service to another; it also facilitates compliance to laws and regulations and reduces the risk to managers

Security Master Plan


Our support service in creation of a Security Master Plan proceeds by the establishment of a structured method of information gathering and analysis that leads to recommendations and the creation of the Computer Infrastructure Security Master Plan. During the project, Facilité Informatique will ensure to carry out the appropriate validation with the customer. Such control points will be completed with the support of documents or presentations. Figure 2 represents the full cycle of the approach to implement the Computer Infrastructure Security Master Plan including control points.

The project will be carried out using a methodology proposed by the Quebec government for its departments and agencies which defines the activites in four phases.

Compliance Management


Companies are often faced with the obligation of compliance with general standards, such as the Privacy Act, or with sectoral rules such as PCI compliance for merchants and NERC requirements for the energy sector. Managers must frequently add these tasks to their already loaded agenda and try to understand the impact of these laws and regulations on their operations.

Facilité Informatique has the business expertise and the technological competence to support companies in achieving compliance objectives. Our specialists have developed templates and other tools to identify gaps and suggest an action plan designed to set up processes and monitoring required by these obligations. Our help will allow you to keep focus on your specific activities and avoid the effects that non-compliance could have on your business activities.

In addition to ensuring that the requirements of compliance are met, the compliance service offers a number of strategic benefits at various levels of your company:

  • Organizational level: the certification is part of a process of due diligence and ensures the effectiveness of your efforts to secure your company at all levels.
  • Legal level: the certification demonstrates that your company complies with all applicable laws and regulations.
  • Operations level: the certification process enables you to understand better the information systems, their weaknesses, the way to protect them and the way to ensure that more reliable policies and procedures are used.
  • Commercial level: as for the standards of the ISO 9000 series, which are being developed to enable organizations to maintain a system of quality management, this standard represents the trust inspired by your capabilities in confidentiality, integrity and availability. Your partners, shareholders and customers are assured that your data and systems are safe.
  • Financial level: the use of a system of security management based on standards allows to reduce the costs related to the violation of the rules of security, which is important to shareholders to stakeholders and other investors, and also to reduce the amount of insurance premiums.
  • Human level: the process sensitizes employees to security issues and to their responsibilities within the company.

The fixed price contract Analysis of Compliance to Information Security Standards from Facilité Informatique runs in three steps:

  • An initial assessment of your current compliance level.
  • A detailed analysis of the results.
  • A guide to achieve and maintain compliance.

Security Architecture


The security architecture must cover a set of measures to ensure availability, integrity and confidentiality. Facilité Informatique’s Security Architecture solution proposes security measures covering all the possible intervention measures in:

  • Prevention
  • Detection
  • Reaction

Prevention
Taking the necessary means to protect critical assets. This usually consists of adopting the following approach:

  1. Risk analysis
  2. Definition of a security policy
  3. Implementation of a solution focused on the protection of the physical perimeter.
  4. Solutions audit
  5. Upgrade of variances

Detection
The goal is to be able to detect when prevention measures ar at fault. The detection requires a permanent monitoring of the state of systems to be protected and of the mechanisms for the broadcasting of the generated alerts. Facilité Informatique will support you in the implementation of these detection tools and in the development of escalation and incident management processes.

Reaction
If it is important to know that an attack is underway or has succeded, it is even more important to provide oneself with the means to react to this situation. Facilité Informatique supports you in the implementation of specific operations procedures in case of attack and in the drafting and testing of a continuity plan to use in case of disaster.

Technologies Integration


Network and System Security


Risk Analysis


In its offer of information technologies security, Facilité Informatique provides products and services of risk analysis.

This risk assessment is the preliminary stage of the establishment of security technologies. Indeed, the risk analysis enables the organization to quantify and qualify, from metrics, the risks inherent to information technologies present in the organization, to identify its priorities and to define the proper security levels to be implemented.

This stage will also allow the organization to carry out the inventory of its informational assets and to classify them according to the required level of security.

Security Processes and Hardening


The security hardening of systems is an evaluation and correction process of the security standing of a system to protect its operations against illegitimate external access. These procedures are customized for each company according to the services to deliver and the function of the component in the delivery of this service.

Generally, security hardening is done on each of the layers of the server or of the network component by deleting the services that are unnecessary, applying the security patches, applying a tight control of accesses. As the attacks and tools of piracy become more and more sophisticated, companies must ensure that their systems are constantly updated to prevent these attacks. The approach of security hardening is commonly preceded by a classification of the assets and the identification of components supporting the delivery of critical services.

Our security hardening service contributes in the following ways to your success:

  • Ensures that critical resources are updated with the latest patches in order to prevent the possibility of denial of service, crash or performance problems.
  • Activates the quick deployment of a basic secure configuration during service recovery following a security incident, and facilitates the audit of a server for last-minute changes.
  • Evaluates the overall security infrastructure, identifies its weaknesses and provides recommendations to improve the security standing of your company.
  • Improves systems security, as far as possible, before any compliance audit from an external firm.
  • Ensures operations continuity by preventing viruses and Trojan horses to spread to multiple systems.
  • Reduces the risks related to malice and human error.


Business Continuity


The planning of continuity of activities is included in the offer Business Continuity and Resilience for Businesses. This proactive planning process ensures to maintain essential activities during a problem, whether it is an internal crisis concerning your activities or an issue concerning a whole region as a pandemic.
Planning of the continuity of activities includes:
  • Plans, processes and provisions to ensure continuity of critical activities on or off site.
The identification of required resources to ensure continuity of the company’s activities, including staff, information, equipment and installations.


OpenTrust main customers

  • AGF Assurance
  • Alstom
  • Areva
  • Total
  • Hydro Québec
  • Michelin
  • BNP Paribas
  • British Home Store
  • La Banque Populaire
  • Decathlon
  • Kabel Deutschland
  • Caisse d'épargne
  • Carrefour
  • Supervalu Inc
  • Commissariat d'Energie Atomique
  • Banksys-AtosOrign
  • Dassault Aviation
  • Les douanes francaises
  • Gan Patrimoine
  • Institut National de la Santé et de la Recherche Médicale
  • La Poste francaise
  • Le Crédit Lyonnais
  • Manpower
  • Mobistar Belgium
  • Natixis
  • Faurecia
  • L'armée Suisse
  • Nissan Europe
  • Renault World Wide
  • La Banque Nationale de Belgique
  • Sanofi Aventis
  • Société Nationale des Chemins de Fer français
  • Nagravision groupe Kudelski
  • Technip
  • Thales