websights TV5MONDE: Protecting remote access via VPN

Looking for inwebo.com? You are in the right place! Read all about it in our blog post

Come and join us in person at upcoming industry trade shows and conferences

Join us for an insightful 30-minute webinar designed to empower your external identities online onboarding process!

TV5MONDE: how to continuously adapt access security to new use cases

Yoann Paoloni, CISO of TV5MONDE, explains how the scope of strong authentication has been progressively extended, allowing the company to adapt to new use cases (mobility, messaging) while improving the security of its access and the connection experience of its users. An ongoing project made possible thanks to the flexibility and reactivity of TrustBuilders MFA solution delivered in SaaS mode.

One of the world's largest television networks

TV5MONDE

A Francophone cultural and digital media

TV5MONDE, formerly known as TV5, is a French television network, broadcasting several channels. Financed by France, Switzerland, Canada, Quebec and the Wallonia-Brussels Federation, TV5MONDE’s mission is to promote French-language programming by providing multilateral, international, reliable and verified information throughout the world.

TV5MONDE counts 10 channels and reaches nearly 403 million homes in 198 countries. The group broadcasts French programmes with subtitles available in 13 languages including English, Dutch, Romanian, Spanish, German and Russian.

Important technical means

TV5MONDE has significant technical resources available with tens of thousands of hours of video content to manage. It has in fact nearly 1 200 servers. The group’s IT system is based on five functional areas.

Yoann Paoloni, CISO of TV5MONDE, shares his experience with inWebo as part of the gradual extension of the scope of multifactor authentication to adapt access security to new use cases.

Yoann Paoloni

Head of Information Systems Security (CISO), TV5MONDE

An MFA solution is the first line of defence for protecting networks, applications, internal and external access. It is important to ensure that the right person is accessing the assets.

Project: Protecting remote access via VPN, then evolving the strong authentication perimeter

What the Group was looking for ...

Protecting remote access via VPN

Following the cyber attack in 2015, one of TV5MONDE’s projects was to set up secure connectivity for its remote users – such as journalists. This led to the implementation of a specific VPN access adapted to the group’s needs.

As VPN solutions are particularly exposed and sensitive to brute force attacks, phishing and social engineering, TV5MONDE wanted to add a multifactor authentication (MFA) solution to secure access to its infrastructure.

No VPN access without a strong multifactor authentication (MFA) solution.

Scalability of the multifactor authentication scope

TV5MONDE considered during their research phase that the ease of integration and the ability to adapt to the new digital uses were important criteria. The group was already looking up to the possibility of developing its use cases and wanted to be able to easily integrate the chosen MFA solution into other applications without having to set up a specific infrastructure.

visasecu_2017_logo-fr-300x145

It was important that the solution MFA was certified by the French National Agency for Security and Information Technology (ANSSI).

The solution

Multifactor authentication solution (MFA) SaaS

TV5MONDE looked up to flexible MFA solution that could be easily integrated into several applications and that would enable users to choose among various authentication methods. All this was of course aiming to later expand the scope and meet future needs while adapting to the evolution of uses.

Yoann Paoloni underlines the advantages of the SaaS model in terms of adaptability and reactivity. He draws attention to several aspects of inWebo MFA that contributed to the choice of the solution, but also to the success of the strong authentication project within TV5MONDE.

High level of security, certified by the ANSSI

Patented technology, based on dynamic random keys, combined with the Hardware Security Module (HSM)

SaaS MFA model

Compatibility with VPN and other internal applications made possible by API mode

Simplified architecture

Radius server hosted by TrustBuilder, AAA protocol support approved

Seamless user experience

Passwordless authentication methods (mobile push, desktop, PIN, browser token)

Easy to manage

Clear and accessible management platform for administrators

High scalability

Fast scalability - with no additional infrastructure to deploy

Results: highly secure access, adapted to its new use cases

Going further

With the aim of promoting telecommuting, TV5MONDE intends to extend the use of the MFA in order to open up remote access while guaranteeing the security of all its resources.

Meanwhile, the short-term objective of the company is to strengthen external access to a specialised tool for managing privileged access, particularly for partners and publishers. “inWebo is currently being deployed on this tool. And the integration is particularly easy thanks to the partnership between inWebo and this solution,” says Yoann Paoloni.

The group plans to further extend the scope of inWebo’s multifactor authentication by mid-2022 to early 2023 as part of a Digital Workplace project. “This involves deploying new services for which it will be important to secure access while enhancing the login experience.” As part of this digital transformation towards cloud services, inWebo’s SaaS approach and universal compatibility are valuable assets to help drive the shift.

Protect identities and data access with TrustBuilder.io MFA

Contact us for a demo or to start your free trial.