TV5MONDE: how to continuously adapt access security to new use cases
Yoann Paoloni, CISO of TV5MONDE, explains how the scope of strong authentication has been progressively extended, allowing the company to adapt to new use cases (mobility, messaging) while improving the security of its access and the connection experience of its users. An ongoing project made possible thanks to the flexibility and reactivity of TrustBuilders MFA solution delivered in SaaS mode.
- Rapid set-up of TrustBuilder MFA solution
- High security for remote connections via VPN
- Scope of strong authentication extended to other tools
- Progressive roll-out from 100 to over 1300 licences
- Simplified login experience
One of the world's largest television networks
A Francophone cultural and digital media
TV5MONDE, formerly known as TV5, is a French television network, broadcasting several channels. Financed by France, Switzerland, Canada, Quebec and the Wallonia-Brussels Federation, TV5MONDE’s mission is to promote French-language programming by providing multilateral, international, reliable and verified information throughout the world.
TV5MONDE counts 10 channels and reaches nearly 403 million homes in 198 countries. The group broadcasts French programmes with subtitles available in 13 languages including English, Dutch, Romanian, Spanish, German and Russian.
Important technical means
TV5MONDE has significant technical resources available with tens of thousands of hours of video content to manage. It has in fact nearly 1 200 servers. The group’s IT system is based on five functional areas.
Yoann Paoloni, CISO of TV5MONDE, shares his experience with inWebo as part of the gradual extension of the scope of multifactor authentication to adapt access security to new use cases.
Yoann Paoloni
Head of Information Systems Security (CISO), TV5MONDE
An MFA solution is the first line of defence for protecting networks, applications, internal and external access. It is important to ensure that the right person is accessing the assets.
Project: Protecting remote access via VPN, then evolving the strong authentication perimeter
What the Group was looking for ...
- Facilitate telecommuting by securing remote access to the IS
- Cover the risk of Brute Force VPN attacks
- Consider the future use cases of MFA
- Select a solution certified by the French National Security Agency (ANSSI)
Protecting remote access via VPN
Following the cyber attack in 2015, one of TV5MONDE’s projects was to set up secure connectivity for its remote users – such as journalists. This led to the implementation of a specific VPN access adapted to the group’s needs.
As VPN solutions are particularly exposed and sensitive to brute force attacks, phishing and social engineering, TV5MONDE wanted to add a multifactor authentication (MFA) solution to secure access to its infrastructure.
No VPN access without a strong multifactor authentication (MFA) solution.
Scalability of the multifactor authentication scope
TV5MONDE considered during their research phase that the ease of integration and the ability to adapt to the new digital uses were important criteria. The group was already looking up to the possibility of developing its use cases and wanted to be able to easily integrate the chosen MFA solution into other applications without having to set up a specific infrastructure.
It was important that the solution MFA was certified by the French National Agency for Security and Information Technology (ANSSI).
The solution
Multifactor authentication solution (MFA) SaaS
TV5MONDE looked up to flexible MFA solution that could be easily integrated into several applications and that would enable users to choose among various authentication methods. All this was of course aiming to later expand the scope and meet future needs while adapting to the evolution of uses.
Yoann Paoloni underlines the advantages of the SaaS model in terms of adaptability and reactivity. He draws attention to several aspects of inWebo MFA that contributed to the choice of the solution, but also to the success of the strong authentication project within TV5MONDE.
High level of security, certified by the ANSSI
Patented technology, based on dynamic random keys, combined with the Hardware Security Module (HSM)
SaaS MFA model
Compatibility with VPN and other internal applications made possible by API mode
Simplified architecture
Radius server hosted by TrustBuilder, AAA protocol support approved
Seamless user experience
Passwordless authentication methods (mobile push, desktop, PIN, browser token)
Easy to manage
Clear and accessible management platform for administrators
High scalability
Fast scalability - with no additional infrastructure to deploy
Results: highly secure access, adapted to its new use cases
100 users
100 to 150 users
300 users
Target: 700 users
Going further
With the aim of promoting telecommuting, TV5MONDE intends to extend the use of the MFA in order to open up remote access while guaranteeing the security of all its resources.
Meanwhile, the short-term objective of the company is to strengthen external access to a specialised tool for managing privileged access, particularly for partners and publishers. “inWebo is currently being deployed on this tool. And the integration is particularly easy thanks to the partnership between inWebo and this solution,” says Yoann Paoloni.
The group plans to further extend the scope of inWebo’s multifactor authentication by mid-2022 to early 2023 as part of a Digital Workplace project. “This involves deploying new services for which it will be important to secure access while enhancing the login experience.” As part of this digital transformation towards cloud services, inWebo’s SaaS approach and universal compatibility are valuable assets to help drive the shift.
