Industry
Architecture of an Information System “Security by Design”

Mobilize architecture skills and Datacenter urbanization for the implementation of encryption solutions meeting high security requirements.

Reading time : 3mn

Published on : 12 October 2022

Industry – Architecture of an information system « Security by Design »

Challenges

Our client wanted to have a secure IS dedicated to hosting and storing work meeting the high requirements for protection of national defense secrets (IGI1300 and II901)

The Information System was designed to include all the building blocks of a traditional Information System: authentication, segregation of roles and responsibilities, data storage and encryption, backup, monitoring and provision of business applications capable of supporting extensions to the Information System in connection with the production activity.

Robust and agile architecture

The chosen architecture was robust and agile enough to allow for an extension of the Information System in line with the production activity.

If the needs of integrity, confidentiality and traceability remain high in all cases, the notion of availability can vary according to the operational phase or the work being done.

The use of hyperconverged and modular solutions has made it possible to meet this need, without having to rethink the architecture each time an additional service is added or modified.

As the security stakes were high, the plurality of the expertise of the Engineering & Expertise unit made it possible to articulate all aspects of the IS in a manner consistent with a high level of security

Marc GROSS | Director of Operations, Consortis

Complete control of the production cycle

The missions carried out are articulated around three main themes, which are the architecture design, the design, and the setting in exploitation in perspective of the maintenance in operational condition and security of the Information System.

Architecture design

  • Creation of segmented and filtered networks
  • Implementation of security equipment dedicated to filtering, protocol breakage or SSL decryption
  • Selection of products respecting the ANSSI certification or qualification process
  • Creation of a hyper-converged infrastructure
  • Integration of transparent data encryption solutions
  • Choice of systems according to technical and business constraints
  • Drafting of security rules related to the implementation of solutions
  • Drafting of technical documents structuring

Construction of the IS

  • Urbanization of server bays. Calculation of power supply and cooling requirements
  • Physical integration of the equipment and distribution of the capillaries
  • Creation of hyper-converged clusters
  • Deployment of OS and middleware solutions
  • Implementation of flow and data encryption solutions
  • Implementation of a dedicated backup and outsourcing solution
  • Technical expertise for the teams in charge of the deployment and maintenance of business applications

Putting into operation

  • Creation of the governance model
  • Writing of operating procedures for systems and tools
  • Writing of operational procedures: entry/exit of personnel, equipment. Review of rights and accesses, application charter of the SSI
  • Setting up of management and monitoring reference systems for the park
  • Adjustment of the supervision, in connection with business needs
  • Drafting of RACI matrices
  • Creation of a training program to increase the skills of the RUN teams

1

year of design and construction

10

employees involved in the design and construction of the project

600

hours of expertise and engineering

Know-how

Engineering & Expertise Unit

Composed of expert consultants, capable of handling complex projects from start to finish. Proximity, understanding of the issues and business needs are part of their DNA.

Cybersecurity practice

A community of competent, passionate and enthusiastic consultants. The sense of service, mutual aid, support and sharing, among ourselves and with our clients, are the main values of this community.

You may also be interested in