Malakoff, 28 September 2015 – At the 15th Information Security Fair (Assises de la Sécurité), SPIE Communications is focusing on the challenges of IT security in digital cities.
Drawing on its extensive feedback on the management of IT projects for infrastructure security, notably for its local government customer, the town of Issy les Moulineaux, SPIE Communications is joining forces with that customer to supervise a organise workshop on that topic.
WORKSHOP - A customer's testimony - October 1st, 2015 at 11 am, at Grimaldi Forum in Monaco – Van Dongen room
> Topic: "Outsourcing your information system to meet the challenges of the Digital City - Risks and approaches"
> Speakers: Pascal Mavric, IP & Security Infrastructure business development manager at SPIE Communications, Stéphane Nouvellon, security expert at SPIE Communications and Jean Paul Poggioli, representing DSI of the town of Issy les Moulineaux.
Context and challenges in cities
Over the last 10 years, French local authorities have achieved considerable development in the services on the basis of Internet platforms to provide residents, companies and peers with digital access to administrative acts, payment of local taxes, schools and education departments, etc.
Information systems have become increasingly complex and often rely on dozens of different computer applications specific to each area of local authority activity involving the intervention of numerous ICT services providers contracted to operate them.
What is more, with the increase in the number of IT equipment used in homes and public places (such as media libraries and schools), request for access to those applications from all sorts of locations and by a wide range of different users have increased the level of risks.
Information system departments now face two types of challenge: managing this increase in the use of IT so as to guarantee good system performance while also ensuring that information systems are secured in a consistent manner and at multiples points.
It is now paramount to implement a strong digital risk reduction policy on public information systems in order to protect the personal data of members of the public stored on these systems and data relating to the local community’s heritage and history.
In addition to the question of technical choices, it is also important to consider issues related specifically to the methods of designing, integrating and operating security which must be well suited to the context and priorities of each local authority.
- How can infrastructure reliability and security be optimised, notably in cases involving substantial outsourcing?
- How can the security and control of access by third parties working on public information systems (publishers, facilities managers and constructors, etc.) be optimised?
- How can suitable cybersurveillance be implemented and organised to prevent new cyber attacks?
On the strength of their involvement in major IS management projects for local authorities, experts from SPIE Communications plan to cover these topics on the basis of customers’ stories and feedback received by SPIE Communications.
Testimony of the city of Issy-Les-Moulineaux
With more than 65,000 inhabitants and high-profile companies in its area, the town of Issy les Moulineaux has always endeavoured to provide users and local people with sophisticated IT services that are installed and operated by external partners. Developing IT services also meant adopting an active security policy covering three major type of use in a Smart City context:
- corporate uses (in-house users)
- cultural uses (media libraries, show venues)
- educational uses (schools)
The town has specific security needs related to the high degree of outsourcing of its services and digital transformation. The IT solution must be well suited to the local authority’s public policy and the information system which must compatible with the strategy adopted. The town’s aims are to provide operating flexibility along with high performance, optimised costs and value for money while safeguarding existing operating conditions, protecting stored information and users’ personal data for which the local authority is responsible.
After two rounds of competitive negotiations in 2008 and 2012, the local authority entrusted SPIE Communications with comprehensive facilities management contracts covering IT, DTP, network and telephone systems (40 sites and 1,400 users).
The strategy adopted by the town consisted in defining – with the help of SPIE Communications – a two-phase approach:
- Optimised reliability, availability, flexibility and security of base infrastructure, structural projects around the network, ToIP, and outsourcing of servers and data in the SPIE Communications secure, private cloud;
- Rollout of business-specific projects using this base (e.g. high-performance, wireless mesh network covering the town, virtualisation of schools’ computers).
The next step entailed tightening up on the security optimisation actions taken, with SPIE Communications contributing to:
- Access and privilege control for external service providers (identity and access management, traceability)
- Implementation of flow controls in line with IS security policies
- Industrialisation of security processes
- Cybersurveillance (use monitoring and alerting)
- SSI governance
SPIE Communications was chosen as IT service provider for the following key reasons: the close proximity of its teams and data centres, its multi-technological prowess covering the entire field of IP and security infrastructure, its expertise in facilities management and cloud services, and its ability to innovate and to transform information systems to meet the demands of the town’s business activities.
Tel.: +33 (0)1 41 46 42 06