Polytechnique secures its access with the PROVE IT bastion

École polytechnique has strengthened the security of its access with the PROVE IT bastion. Baptiste Desprez, Chief Information Security Officer (CISO), shares the concrete benefits of this solution for the institution.

Could you introduce your institution and your IT department?

A symbol of French scientific excellence since 1794, École Polytechnique is a high-level multidisciplinary teaching and research institution. Over the past ten years, it has become strongly internationalised, establishing itself among the world's leading educational institutions.

Since 2019, the School has been part of the Institut Polytechnique de Paris, a public higher education and research institution. This institute brings together some of France's most prestigious engineering schools, including ENSTA Paris, ENSAE Paris, Télécom Paris, Télécom SudParis and, more recently, the École Nationale des Ponts et Chaussées.

The IT Department (DSI) of École Polytechnique, made up of a team of around thirty people, is responsible for managing the production, maintenance, development and security of information systems. This covers all business applications, digital services, technical infrastructures (networks, systems, databases, storage, backups, etc.), as well as telephony and helpdesk tools.

What benefits have you seen since implementing the bastion ?

Since the bastion was implemented, external third-party access is channelled through a single, clearly identified entry point (fewer rules on our site perimeter firewall), which is both protected and monitored. Services such as TeamViewer or Dameware, often subject to serious security issues, have gradually been replaced by Microsoft Remote Desktop via the PROVE IT Solution.

On the operational side, the PAM solution has made it possible to monitor the activity of our third-party providers, whether for Remote Desktop access or SSH connections, with the very practical recording of keystrokes typed (useful for documentation purposes).

And above all, the bastion allows us to avoid sharing the passwords of our infrastructure. Each provider has their own password, and our system credentials are stored in PROVE IT's secure vault.

What feedback have you received from your teams or partners regarding the use of the bastion ?

Advanced SSH users who are used to keeping their connections permanently open, often several in parallel, do see the bastion as a constraint. Shortcuts such as ssh bastion_user@service_bastion@bastion.polytechnique.fr help smooth things over for less experienced users, but in an academic and research environment, it is true that users tend not to appreciate restrictions very much.

On the Remote Desktop access side, everything is transparent and users appreciate no longer having to open TeamViewer or similar tools, as providers can work autonomously. On that front, it is perfect !

How did the customer support and post-implementation follow-up go ?

The Rubycat teams are very responsive and available. Whether before the project, during deployment or afterwards, they have always provided answers to my questions. They are open to suggestions for improvement, as evidenced by the way PROVE IT has evolved over time.

Testimonial collected on 23 January 2025