TV5MONDE: how to continuously adapt access security to new use cases

Yoann Paoloni, CISO of TV5MONDE, explains how the scope of strong authentication has been progressively extended, allowing the company to adapt to new use cases (mobility, messaging) while improving the security of its access and the connection experience of its users. An ongoing project made possible thanks to the flexibility and reactivity of TrustBuilders MFA solution delivered in SaaS mode.

  • Rapid set-up of TrustBuilder MFA solution
  • High security for remote connections via VPN
  • Scope of strong authentication extended to other tools
  • Progressive roll-out from 100 to over 1300 licences
  • Simplified login experience

One of the world's largest television networks

A Francophone cultural and digital media

TV5MONDE, formerly known as TV5, is a French television network, broadcasting several channels. Financed by France, Switzerland, Canada, Quebec and the Wallonia-Brussels Federation, TV5MONDE’s mission is to promote French-language programming by providing multilateral, international, reliable and verified information throughout the world.

TV5MONDE counts 10 channels and reaches nearly 403 million homes in 198 countries. The group broadcasts French programmes with subtitles available in 13 languages including English, Dutch, Romanian, Spanish, German and Russian.

Important technical means

TV5MONDE has significant technical resources available with tens of thousands of hours of video content to manage. It has in fact nearly 1 200 servers. The group’s IT system is based on five functional areas.

Yoann Paoloni, CISO of TV5MONDE, shares his experience with inWebo as part of the gradual extension of the scope of multifactor authentication to adapt access security to new use cases.

Yoann Paoloni

Head of Information Systems Security (CISO), TV5MONDE

An MFA solution is the first line of defence for protecting networks, applications, internal and external access. It is important to ensure that the right person is accessing the assets.

Project: Protecting remote access via VPN, then evolving the strong authentication perimeter

What the Group was looking for ...

  • Facilitate telecommuting by securing remote access to the IS
  • Cover the risk of Brute Force VPN attacks
  • Consider the future use cases of MFA
  • Select a solution certified by the French National Security Agency (ANSSI)

Protecting remote access via VPN

Following the cyber attack in 2015, one of TV5MONDE’s projects was to set up secure connectivity for its remote users – such as journalists. This led to the implementation of a specific VPN access adapted to the group’s needs.

As VPN solutions are particularly exposed and sensitive to brute force attacks, phishing and social engineering, TV5MONDE wanted to add a multifactor authentication (MFA) solution to secure access to its infrastructure.

No VPN access without a strong multifactor authentication (MFA) solution.

Scalability of the multifactor authentication scope

TV5MONDE considered during their research phase that the ease of integration and the ability to adapt to the new digital uses were important criteria. The group was already looking up to the possibility of developing its use cases and wanted to be able to easily integrate the chosen MFA solution into other applications without having to set up a specific infrastructure.

It was important that the solution MFA was certified by the French National Agency for Security and Information Technology (ANSSI).

The solution

Multifactor authentication solution (MFA) SaaS

TV5MONDE looked up to flexible MFA solution that could be easily integrated into several applications and that would enable users to choose among various authentication methods. All this was of course aiming to later expand the scope and meet future needs while adapting to the evolution of uses.

Yoann Paoloni underlines the advantages of the SaaS model in terms of adaptability and reactivity. He draws attention to several aspects of inWebo MFA that contributed to the choice of the solution, but also to the success of the strong authentication project within TV5MONDE.

High level of security, certified by the ANSSI

Patented technology, based on dynamic random keys, combined with the Hardware Security Module (HSM)

SaaS MFA model

Compatibility with VPN and other internal applications made possible by API mode

Simplified architecture

Radius server hosted by TrustBuilder, AAA protocol support approved

Seamless user experience

Passwordless authentication methods (mobile push, desktop, PIN, browser token)

Easy to manage

Clear and accessible management platform for administrators

High scalability

Fast scalability - with no additional infrastructure to deploy

Results: highly secure access, adapted to its new use cases

2015 -2016: VPN SECURITY
100 users
"inWebo's MFA implementation was completed in about one month", declared Yoann Paoloni "and the project was a success". This included the subscription of licences, the implementation of the authentication and authorisation architecture on the administration portal, as well as the general deployment of the solution to all users.
2015 -2016: VPN SECURITY
2019 - 2020 : ACCESS SECURITY FOR AN HR TOOL
100 to 150 users
TV5MONDE's users include intermittent staff who sometimes have to connect outside the company's internal network. Therefore, to ensure the security of their access to a new HR tool, TV5MONDE had to impose the use of MFA. This extension of inWebo's solution on the group's HR tools was facilitated by the integration in API mode.
2019 - 2020 : ACCESS SECURITY FOR AN HR TOOL
2020: REMOTE ACCESS VIA VPN
300 users
"In March 2020, like many of us at the beginning of the COVID crisis, we had to increase our remote access capabilities." - Yoann Paoloni. TV5MONDE therefore extended its licenses to 300 users. "This was done very quickly, as it was just a matter of adding new licenses. No additional infrastructure had to be deployed on our side." TV5MONDE was able to build on its previous experience with inWebo MFA and received positive feedback from its users.
2020: REMOTE ACCESS VIA VPN
2021 : EMAIL ACCESS SECURITY
Target: 700 users
TV5MONDE started migrating its old messaging system around mid-2020. "Access to such an environment, which hosts a large amount of important and often sensitive data, must be protected against malicious access in the same way as an On Premise resource," added Yoann Paoloni. TV5MONDE decided to extend the scope of application of inWebo's MFA solution once again. "inWebo was already becoming a standard for TV5 and we did not want to multiply the number of multifactor authentication solutions. The universal design of inWebo's MFA, which is capable of protecting both VPN access and Cloud applications with a single account per user, appeared to be an important asset. "Integrating the solution into the group's new platform was done quickly and easily thanks to inWebo's connector", underlined Yoann Paoloni.
2021 : EMAIL ACCESS SECURITY

Going further

With the aim of promoting telecommuting, TV5MONDE intends to extend the use of the MFA in order to open up remote access while guaranteeing the security of all its resources.

Meanwhile, the short-term objective of the company is to strengthen external access to a specialised tool for managing privileged access, particularly for partners and publishers. “inWebo is currently being deployed on this tool. And the integration is particularly easy thanks to the partnership between inWebo and this solution,” says Yoann Paoloni.

The group plans to further extend the scope of inWebo’s multifactor authentication by mid-2022 to early 2023 as part of a Digital Workplace project. “This involves deploying new services for which it will be important to secure access while enhancing the login experience.” As part of this digital transformation towards cloud services, inWebo’s SaaS approach and universal compatibility are valuable assets to help drive the shift.

Protect identities and data access with TrustBuilder.io MFA

Contact us for a demo or to start your free trial.

Free MFA Trial