PROVE IT : the choice of the University of Perpignan to control and track privileged access

The University of Perpignan via Domitia, with 10,000 students, has chosen the PAM solution, PROVE IT.
Stéphane Branchoux, Head of the Systems, Networks and Security division and CISO of the institution, presents the reasons behind this choice.

Could you introduce your institution and your IT department?

The University of Perpignan via Domitia currently has 950 staff members, 1,000 part-time lecturers and approximately 10,000 students spread across 11 sites: Perpignan, Carcassonne, Narbonne, Tautavel, Font-Romeu, among others.

The university's IT department, made up of 20 staff, manages business applications and digital resources made available to 10,000 students, 950 administrative, technical, teaching and research staff across sites in the Occitanie region (7 in the Pyrénées-Orientales, 4 in the city of Perpignan, Font-Romeu, Port-Vendres and Tautavel, 3 in the Aude, 1 in Carcassonne, 2 in Narbonne and 1 in Lozère, in Mende).

The IT department is organised around 3 divisions : the Support and End-User Computing division, the Development and Business IT division, and the Systems, Networks and Security division, which I have been heading since 2001. I am also the institution's CISO.

Why did you decide to implement an IT bastion, and what were your selection criteria?

Over 20 years ago, we set up a bastion system based on open-source SSH tools. However, we wanted to migrate to a more reliable, stable solution certified by ANSSI. Wherever possible, we preferred a French solution in order to support national products and vendors. Beyond SSH access, we also wanted to manage RDP and HTTP/S connections. Running a proof of concept (POC) allowed us to audit several solutions.

We chose PROVE IT from Rubycat because of its administration interface and its licensing model based on the number of simultaneous sessions, more affordable and better suited to our organisation.

In addition, compliance with standards and regulations, particularly with the upcoming NIS 2 directive, was an essential consideration for us, and Rubycat met those requirements.

Finally, managing direct access rules on firewalls was proving cumbersome. Using an administration bastion has allowed us to effectively monitor the actions of the approximately fifty external providers who support us on a daily basis.

How do you use the bastion in your environment?

PROVE IT, Rubycat's PAM Bastion solution, is systematically used by all third-party providers who need to access our IS. This gives us an inventory of incoming connections and allows us to verify their traceability. As a result, in the event of an incident, we are better equipped to identify the issue, in particular with the help of video recordings of sessions.

Would you recommend this bastion to other organisations?

Absolutely, and I already do ! PROVE IT strikes me as a reliable and secure solution for effectively managing access to critical IS assets, particularly for external providers (managed service providers, remote maintenance teams, auditors...) and internal administrators.

Rubycat regularly releases updates to its software solution, based on use cases. The result is an interface that is increasingly intuitive, simpler and faster, both in terms of deployment and day-to-day administration. It is very positive for us to feel heard and to be able to communicate quickly with the support team, which is responsive and based in France, like the entire Rubycat team!

Testimonial collected on 2 April 2024