{"id":9551,"date":"2017-03-31T15:59:19","date_gmt":"2017-03-31T14:59:19","guid":{"rendered":"https:\/\/www.riskinsight-wavestone.com\/?p=9551\/"},"modified":"2019-12-31T10:07:39","modified_gmt":"2019-12-31T09:07:39","slug":"acces-privileges-la-face-sombre-de-liam","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2017\/03\/acces-privileges-la-face-sombre-de-liam\/","title":{"rendered":"Acc\u00e8s \u00e0 privil\u00e8ges : la face sombre de l\u2019IAM"},"content":{"rendered":"<p><em>Cyber-attaques en hausse et cadre r\u00e9glementaire (r\u00e9glementation financi\u00e8re, GDPR, LPM\u2026 ) de plus en plus pr\u00e9sent\u00a0; chacun peut quotidiennement faire ce constat.<\/em><\/p>\n<p><em>Dans ce contexte, la grande majorit\u00e9 des entreprises a men\u00e9 des projets d\u2019IAM\u00a0: les acc\u00e8s aux applications sensibles sont \u00e9troitement contr\u00f4l\u00e9s et les niveaux d\u2019acc\u00e8s sont restreints selon les profils des utilisateurs et les actions \u00e0 r\u00e9aliser.<\/em><\/p>\n<p><em>Or, trop souvent, ces d\u00e9marches IAM \u00ab\u00a0oublient\u00a0\u00bb les populations IT qui ont pourtant des acc\u00e8s privil\u00e9gi\u00e9s sur l\u2019infrastructure de l\u2019entreprise. Et pour ces derniers, plusieurs sp\u00e9cificit\u00e9s sont \u00e0 prendre en compte.<\/em><\/p>\n<h2>Les utilisateurs IT ont des besoins d\u2019acc\u00e8s diff\u00e9rents<\/h2>\n<p>Les utilisateurs \u00ab\u00a0<strong>non-IT<\/strong>\u00a0\u00bb repr\u00e9sentent les utilisateurs \u00ab\u00a0standards\u00a0\u00bb du SI\u00a0: utilisateurs des directions m\u00e9tier ou des fonctions support comme RH, paie, ou comptabilit\u00e9\u2026 Ils acc\u00e8dent classiquement\u00a0:<\/p>\n<ul>\n<li>Aux <strong>applications<\/strong> en <strong>environnement de production<\/strong>,<\/li>\n<li>Et via les <strong>IHM standard<\/strong> de celles-ci.<\/li>\n<\/ul>\n<p>Les populations \u00ab\u00a0<strong>IT\u00a0<\/strong>\u00bb (service informatique interne, t\u00e9l\u00e9maintenance, support\u2026) ont quant \u00e0 elles des acc\u00e8s tr\u00e8s diff\u00e9rents\u00a0:<\/p>\n<ul>\n<li>Elles op\u00e8rent les infrastructures (serveurs, bases de donn\u00e9es), et le code applicatif, sur lesquels reposent les applications\u00a0;<\/li>\n<li>Elles acc\u00e8dent \u00e0 tous les environnements et en particulier <strong>production<\/strong> et <strong>hors-production<\/strong> (ces derniers contenant souvent des donn\u00e9es de production ou \u00e0 caract\u00e8re sensible ou personnel)\u00a0;<\/li>\n<li>Tr\u00e8s souvent, elles op\u00e8rent avec des niveaux de droits (des \u00ab\u00a0privil\u00e8ges\u00a0\u00bb)<strong> tr\u00e8s \u00e9lev\u00e9s<\/strong>, pr\u00e9sentant donc un niveau de risque non n\u00e9gligeable.<\/li>\n<\/ul>\n<figure id=\"post-9552 media-9552\" class=\"align-none\">\n<figure id=\"post-9564 media-9564\" class=\"align-center\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-9564\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/03\/PRIVILEGE.png\" alt=\"\" width=\"1325\" height=\"775\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/03\/PRIVILEGE.png 1325w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/03\/PRIVILEGE-120x70.png 120w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/03\/PRIVILEGE-327x191.png 327w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/03\/PRIVILEGE-768x449.png 768w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/03\/PRIVILEGE-67x39.png 67w\" sizes=\"auto, (max-width: 1325px) 100vw, 1325px\" \/><\/figure>\n<\/figure>\n<p><strong>Ainsi, la terminologie \u00ab\u00a0acc\u00e8s \u00e0 privil\u00e8ges\u00a0\u00bb d\u00e9signe tout acc\u00e8s technique, sur une infrastructure ou une brique logicielle, dans des environnements de production ou hors-production<\/strong>.<\/p>\n<p><strong>Ces acc\u00e8s sont parfois cr\u00e9\u00e9s pour des individus, ou pour les applications elles-m\u00eames <\/strong>(une application a besoin de plusieurs comptes techniques, comme pour \u00e9crire dans une base de donn\u00e9es).<\/p>\n<p>On distingue diff\u00e9rents niveaux d\u2019acc\u00e8s \u00ab\u00a0\u00e0 privil\u00e8ges\u00a0\u00bb. Les plus critiques, de niveau \u00ab\u00a0administrateur\u00a0\u00bb, offrent un contr\u00f4le total d\u2019un ou plusieurs serveurs, et donc potentiellement plusieurs applications. Les acc\u00e8s IT de niveau \u00ab\u00a0standard\u00a0\u00bb sont moins sensibles mais restent \u00e0 surveiller. Ces derniers pourraient permettre, par exemple, de consulter des informations sensibles dans une base de donn\u00e9es.<\/p>\n<h2>Acc\u00e8s IT, risques m\u00e9tier<\/h2>\n<p>Par d\u00e9finition, la maitrise des acc\u00e8s privil\u00e9gi\u00e9s des populations IT doit \u00eatre au c\u0153ur des pr\u00e9occupations des entreprises.<\/p>\n<p>Parmi les risques les plus importants, nous retrouvons\u00a0:<\/p>\n<ul>\n<li><strong><em>Les risques op\u00e9rationnels, sans impact sur la production <\/em><\/strong><\/li>\n<\/ul>\n<p style=\"padding-left: 30px;\"><em>Exemple : des traces d\u2019exploitation sont supprim\u00e9es par erreur ou un serveur non critique est \u00e9teint.<\/em><\/p>\n<ul>\n<li><strong><em>Les risques sur l\u2019activit\u00e9 de l\u2019entreprise <\/em><\/strong><\/li>\n<\/ul>\n<p style=\"padding-left: 30px;\"><em>Exemple\u00a0: indisponibilit\u00e9 de la plateforme de flux des paiements \/ transaction suite \u00e0 un red\u00e9marrage des serveurs par erreur.<\/em><\/p>\n<ul>\n<li><strong><em>Les risques de non-conformit\u00e9 aux r\u00e9gulations<\/em><\/strong><\/li>\n<\/ul>\n<p style=\"padding-left: 30px;\"><em>Exemple\u00a0: mise en \u00e9vidence d\u2019un acc\u00e8s non-justifi\u00e9 sur un p\u00e9rim\u00e8tre r\u00e9gul\u00e9 suite \u00e0 un audit interne.<\/em><\/p>\n<ul>\n<li><strong><em>Des actions frauduleuses<\/em><\/strong><\/li>\n<\/ul>\n<p style=\"padding-left: 30px;\"><em>Exemple\u00a0: d\u00e9lit d\u2019initi\u00e9 commis gr\u00e2ce \u00e0 une information sensible consult\u00e9e directement depuis une base de donn\u00e9es.<\/em><\/p>\n<p>Sans compter les risques plus larges autour du syst\u00e8me d\u2019information\u00a0: vol de donn\u00e9es, <em>ransomwares<\/em> et autres actions malveillantes. Parce qu\u2019ils sont puissants (et permettent notamment de d\u00e9sactiver les mesures de s\u00e9curit\u00e9), <strong>les acc\u00e8s \u00e0 privil\u00e8ges sont des cibles de choix en cas de cyber-attaque<\/strong>.<\/p>\n<p>Aujourd\u2019hui, la plupart des responsables d\u2019application sensibles sont en mesure de rendre des comptes quant \u00e0 l\u2019usage des acc\u00e8s m\u00e9tier dans leur application. De la m\u00eame mani\u00e8re, les responsables d\u2019application et les responsables d\u2019infrastructure doivent pouvoir r\u00e9pondre \u00e0 des questions simples telles que\u00a0:<\/p>\n<ul>\n<li>Qui utilise r\u00e9ellement des acc\u00e8s \u00e0 privil\u00e8ges sur mon p\u00e9rim\u00e8tre\u00a0?<\/li>\n<li>Combien de comptes \u00e0 privil\u00e8ges existent sur mon p\u00e9rim\u00e8tre\u00a0?<\/li>\n<li>Les mots de passe de ces comptes sont-ils chang\u00e9s r\u00e9guli\u00e8rement\u00a0?<\/li>\n<li>Quels sont les niveaux d\u2019acc\u00e8s n\u00e9cessaires pour mon application ou mes services, et qui ne peuvent pas \u00eatre retir\u00e9s sans cons\u00e9quence pour la production\u00a0?<\/li>\n<\/ul>\n<h2>Plusieurs particularit\u00e9s \u00e0 prendre en compte<\/h2>\n<p>Avant de se lancer dans un projet de mise sous contr\u00f4le des acc\u00e8s \u00e0 privil\u00e8ges, il est bon d\u2019avoir conscience de certaines sp\u00e9cificit\u00e9s qui ne s\u2019appliquent pas pour les acc\u00e8s m\u00e9tier.<\/p>\n<p>\u00c0 commencer par le <em>cycle de vie <\/em>de certains acc\u00e8s \u00e0 privil\u00e8ges. Dans le monde des acc\u00e8s m\u00e9tier, le cycle de vie est li\u00e9 au statut RH de leur unique propri\u00e9taire. Mais dans le monde IT, il existe <strong>des acc\u00e8s partag\u00e9s entre plusieurs personnes<\/strong> (pour des besoins op\u00e9rationnels sp\u00e9cifiques), <strong>ou bien qui sont utilis\u00e9s par l\u2019application elle-m\u00eame<\/strong> pour fonctionner. La dur\u00e9e de vie de ces acc\u00e8s-l\u00e0 est plut\u00f4t li\u00e9e \u00e0 la dur\u00e9e de vie de l\u2019application concern\u00e9e, ou bien parfois \u00e0 la dur\u00e9e d\u2019un projet.<\/p>\n<p>Certaines <em>contraintes op\u00e9rationnelles<\/em> sont aussi \u00e0 prendre en compte. Notamment\u00a0en ce qui concerne :<\/p>\n<ul>\n<li><strong>La gestion de la production, qui ne souffre aucun d\u00e9lai.<\/strong> Dans le monde des acc\u00e8s m\u00e9tier, les niveaux d\u2019acc\u00e8s sont g\u00e9n\u00e9ralement li\u00e9s \u00e0 la fiche de poste des utilisateurs, et c\u2019est aussi le cas pour les populations IT. Mais dans certaines circonstances, les utilisateurs IT doivent pouvoir obtenir de nouveaux acc\u00e8s sans d\u00e9lai. Par exemple, en cas de panne d\u2019une application critique, les \u00e9quipes IT doivent pouvoir intervenir au plus vite avec toute la latitude n\u00e9cessaire. Ce qui peut n\u00e9cessiter des <strong>\u00e9l\u00e9vations de privil\u00e8ges<\/strong>. Dans ce contexte, des processus de validation seraient trop longs (avec validation du responsable hi\u00e9rarchique, puis \u00e9ventuellement un autre niveau de validation\u2026). Une autre approche peut consister \u00e0 <strong>autoriser ce type de demande sans validation pr\u00e9alable, mais tracer et contr\u00f4ler<\/strong> \u00e0 posteriori l\u2019usage qui a \u00e9t\u00e9 fait de cet acc\u00e8s.<\/li>\n<\/ul>\n<ul>\n<li><strong>Le grand nombre de ressources cibles.<\/strong> Certaines applications reposent sur un grand nombre de serveurs de production, et au moins autant de serveurs hors-production. Des applications peuvent aujourd\u2019hui cr\u00e9er ou supprimer des serveurs virtuels \u00e0 la vol\u00e9e, en fonction de la charge. Dans ce cas, il serait vite <strong>ing\u00e9rable d\u2019imposer aux utilisateurs des demandes d\u2019acc\u00e8s pour chaque ressource cible<\/strong>. Une solution peut consister \u00e0 g\u00e9rer des demandes d\u2019acc\u00e8s \u00e0 des groupes de ressources (par exemple un groupe Active Directory qui repr\u00e9sente tous les serveurs de production d\u2019une application, lequel groupe pourrait m\u00eame \u00eatre d\u00e9ploy\u00e9 automatiquement sur les nouveaux serveurs par un orchestrateur).<\/li>\n<\/ul>\n<p>Surtout, l\u2019<strong>h\u00e9t\u00e9rog\u00e9n\u00e9it\u00e9 de l\u2019environnement <\/strong>peut rendre le mod\u00e8le d\u2019acc\u00e8s complexe. En effet, articuler la gestion des acc\u00e8s \u00e0 privil\u00e8ges autour d\u2019un mod\u00e8le coh\u00e9rent, implique de composer avec :<\/p>\n<ul>\n<li><strong>Des serveurs qui h\u00e9bergent parfois plusieurs applications. <\/strong>Dans ce cas, <strong>un besoin d\u2019acc\u00e8s \u00e0 une seule application se traduit, en pratique, par des acc\u00e8s indus \u00e0 plusieurs applications<\/strong>. Dans le cas d\u2019applications critiques, il vaut donc mieux investir dans des serveurs d\u00e9di\u00e9s (virtuels ou non, face aux risques port\u00e9s par les administrateurs des plateformes de virtualisation).<\/li>\n<\/ul>\n<ul>\n<li><strong>Des ressources h\u00e9t\u00e9rog\u00e8nes avec leurs propres particularit\u00e9s.<\/strong> Serveur Windows, Unix, base de donn\u00e9es Oracle, middleware Tomcat, des \u00e9quipements r\u00e9seau, voire des conteneurs comme Docker\u2026 <strong>La liste des technologies \u00e0 prendre en compte est longue<\/strong>.<\/li>\n<\/ul>\n<ul>\n<li><strong>Pour une m\u00eame ressource, diff\u00e9rents comptes \u00e0 cr\u00e9er. <\/strong>Un utilisateur peut souvent intervenir sur une m\u00eame ressource via <strong>diff\u00e9rents moyens.<\/strong> Pour un m\u00eame serveur, on pourra offrir la possibilit\u00e9 de s\u2019y connecter directement (protocoles SSH, RDP\u2026), via l\u2019interm\u00e9diaire d\u2019un serveur de rebond (et dans ce cas, c\u2019est sur ce serveur qu\u2019il faut cr\u00e9er un acc\u00e8s utilisateur), ou encore via une interface logicielle d\u2019administration (c\u2019est d\u2019ailleurs la voie du DevOps).<\/li>\n<\/ul>\n<ul>\n<li><strong>Des populations h\u00e9t\u00e9rog\u00e8nes et des besoins qui \u00e9voluent rapidement. <\/strong>Le mod\u00e8le d\u2019acc\u00e8s est difficile \u00e0 uniformiser, notamment parce que diff\u00e9rents types de population, comme des administrateurs d\u2019infrastructures ou des d\u00e9veloppeurs, ont des besoins diff\u00e9rents. Par exemple, <strong>un administrateur Windows op\u00e8re tous les serveurs Windows, quelle que soit l\u2019application, alors qu\u2019un d\u00e9veloppeur intervient sur plusieurs technologies dans la limite d\u2019une application<\/strong>. Mais il est aussi difficile d\u2019uniformiser le mod\u00e8le d\u2019acc\u00e8s pour une m\u00eame population, car les d\u00e9veloppeurs de 2 applications diff\u00e9rentes peuvent avoir des besoins diff\u00e9rents.<\/li>\n<\/ul>\n<h2>Les acc\u00e8s \u00e0 privil\u00e8ges\u00a0: un challenge pour la s\u00e9curit\u00e9\u00a0?<\/h2>\n<p><strong>Acc\u00e8s standards m\u00e9tier<\/strong> et <strong>acc\u00e8s \u00e0 privil\u00e8ges<\/strong> sont <strong>les 2 faces de la m\u00eame pi\u00e8ce<\/strong>. Et <strong>les acc\u00e8s \u00e0 privil\u00e8ges en sont la face sombre<\/strong>, car ils sont \u00e0 la fois plus sensibles et techniquement plus complexes \u00e0 g\u00e9rer.<\/p>\n<p>Face \u00e0 cet \u00e9tat des lieux, la prise de conscience des entreprises est in\u00e9gale. Les mieux inform\u00e9es sont les \u00e9quipes techniques IT qui utilisent les comptes \u00e0 privil\u00e8ges, et qui sont souvent favorables au statuquo.<\/p>\n<p>Au-del\u00e0 de la Direction des syst\u00e8mes d\u2019information, ce sont les Directions en charge des processus internes, de la qualit\u00e9 ou encore le contr\u00f4le interne, qui ont un <strong>r\u00f4le cl\u00e9 de sponsoring<\/strong> \u00e0 jouer.<\/p>\n<p>Le l\u00e9gislateur, lui, commence aussi \u00e0 s\u2019y int\u00e9resser. Ainsi <strong>la Loi de programmation militaire, qui concerne les op\u00e9rateurs d\u2019importance vitale, impose une mise sous contr\u00f4le des acc\u00e8s \u00e0 privil\u00e8ges les plus critiques<\/strong>.<\/p>\n<p>Mais alors comment s\u2019y prendre, pour mettre les acc\u00e8s \u00e0 privil\u00e8ges sous contr\u00f4le\u00a0? Nous y reviendrons dans un prochain article.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cyber-attaques en hausse et cadre r\u00e9glementaire (r\u00e9glementation financi\u00e8re, GDPR, LPM\u2026 ) de plus en plus pr\u00e9sent\u00a0; chacun peut quotidiennement faire ce constat. Dans ce contexte, la grande majorit\u00e9 des entreprises a men\u00e9 des projets d\u2019IAM\u00a0: les acc\u00e8s aux applications sensibles&#8230;<\/p>\n","protected":false},"author":206,"featured_media":9555,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[36,3224],"tags":[2789,1009,145,144,3305,767],"coauthors":[1337],"class_list":["post-9551","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-digital-trust","category-digital-identity","tag-acces-a-privileges","tag-gestion-des-acces","tag-iam","tag-identite","tag-identity-access-management","tag-utilisateurs"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Acc\u00e8s \u00e0 privil\u00e8ges : la face sombre de l\u2019IAM - RiskInsight<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/2017\/03\/acces-privileges-la-face-sombre-de-liam\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Acc\u00e8s \u00e0 privil\u00e8ges : la face sombre de l\u2019IAM - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"Cyber-attaques en hausse et cadre r\u00e9glementaire (r\u00e9glementation financi\u00e8re, GDPR, LPM\u2026 ) de plus en plus pr\u00e9sent\u00a0; chacun peut quotidiennement faire ce constat. Dans ce contexte, la grande majorit\u00e9 des entreprises a men\u00e9 des projets d\u2019IAM\u00a0: les acc\u00e8s aux applications sensibles...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/2017\/03\/acces-privileges-la-face-sombre-de-liam\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2017-03-31T14:59:19+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-12-31T09:07:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/03\/Fotolia_71594375_Subscription_Monthly_M.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1378\" \/>\n\t<meta property=\"og:image:height\" content=\"1378\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Thomas Karmann\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Thomas Karmann\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/03\/acces-privileges-la-face-sombre-de-liam\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/03\/acces-privileges-la-face-sombre-de-liam\/\"},\"author\":{\"name\":\"Thomas Karmann\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/bae228115f666edd076e6768575612a7\"},\"headline\":\"Acc\u00e8s \u00e0 privil\u00e8ges : la face sombre de l\u2019IAM\",\"datePublished\":\"2017-03-31T14:59:19+00:00\",\"dateModified\":\"2019-12-31T09:07:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/03\/acces-privileges-la-face-sombre-de-liam\/\"},\"wordCount\":1637,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/03\/acces-privileges-la-face-sombre-de-liam\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/03\/Fotolia_71594375_Subscription_Monthly_M.jpg\",\"keywords\":[\"acc\u00e8s \u00e0 privil\u00e8ges\",\"gestion des acc\u00e8s\",\"IAM\",\"identit\u00e9\",\"identity &amp; access management\",\"utilisateurs\"],\"articleSection\":[\"Cybersecurity &amp; Digital Trust\",\"Digital Identity\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/03\/acces-privileges-la-face-sombre-de-liam\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/03\/acces-privileges-la-face-sombre-de-liam\/\",\"name\":\"Acc\u00e8s \u00e0 privil\u00e8ges : la face sombre de l\u2019IAM - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/03\/acces-privileges-la-face-sombre-de-liam\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/03\/acces-privileges-la-face-sombre-de-liam\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/03\/Fotolia_71594375_Subscription_Monthly_M.jpg\",\"datePublished\":\"2017-03-31T14:59:19+00:00\",\"dateModified\":\"2019-12-31T09:07:39+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/03\/acces-privileges-la-face-sombre-de-liam\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/2017\/03\/acces-privileges-la-face-sombre-de-liam\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/03\/acces-privileges-la-face-sombre-de-liam\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/03\/Fotolia_71594375_Subscription_Monthly_M.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/03\/Fotolia_71594375_Subscription_Monthly_M.jpg\",\"width\":1378,\"height\":1378,\"caption\":\"Vector car rental or sale concept in flat style - hand holding car key\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2017\/03\/acces-privileges-la-face-sombre-de-liam\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Acc\u00e8s \u00e0 privil\u00e8ges : la face sombre de l\u2019IAM\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/bae228115f666edd076e6768575612a7\",\"name\":\"Thomas Karmann\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/thomas-karmann\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Acc\u00e8s \u00e0 privil\u00e8ges : la face sombre de l\u2019IAM - RiskInsight","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/2017\/03\/acces-privileges-la-face-sombre-de-liam\/","og_locale":"en_US","og_type":"article","og_title":"Acc\u00e8s \u00e0 privil\u00e8ges : la face sombre de l\u2019IAM - RiskInsight","og_description":"Cyber-attaques en hausse et cadre r\u00e9glementaire (r\u00e9glementation financi\u00e8re, GDPR, LPM\u2026 ) de plus en plus pr\u00e9sent\u00a0; chacun peut quotidiennement faire ce constat. Dans ce contexte, la grande majorit\u00e9 des entreprises a men\u00e9 des projets d\u2019IAM\u00a0: les acc\u00e8s aux applications sensibles...","og_url":"https:\/\/www.riskinsight-wavestone.com\/2017\/03\/acces-privileges-la-face-sombre-de-liam\/","og_site_name":"RiskInsight","article_published_time":"2017-03-31T14:59:19+00:00","article_modified_time":"2019-12-31T09:07:39+00:00","og_image":[{"width":1378,"height":1378,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/03\/Fotolia_71594375_Subscription_Monthly_M.jpg","type":"image\/jpeg"}],"author":"Thomas Karmann","twitter_misc":{"Written by":"Thomas Karmann","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/03\/acces-privileges-la-face-sombre-de-liam\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/03\/acces-privileges-la-face-sombre-de-liam\/"},"author":{"name":"Thomas Karmann","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/bae228115f666edd076e6768575612a7"},"headline":"Acc\u00e8s \u00e0 privil\u00e8ges : la face sombre de l\u2019IAM","datePublished":"2017-03-31T14:59:19+00:00","dateModified":"2019-12-31T09:07:39+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/03\/acces-privileges-la-face-sombre-de-liam\/"},"wordCount":1637,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/03\/acces-privileges-la-face-sombre-de-liam\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/03\/Fotolia_71594375_Subscription_Monthly_M.jpg","keywords":["acc\u00e8s \u00e0 privil\u00e8ges","gestion des acc\u00e8s","IAM","identit\u00e9","identity &amp; access management","utilisateurs"],"articleSection":["Cybersecurity &amp; Digital Trust","Digital Identity"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/03\/acces-privileges-la-face-sombre-de-liam\/","url":"https:\/\/www.riskinsight-wavestone.com\/2017\/03\/acces-privileges-la-face-sombre-de-liam\/","name":"Acc\u00e8s \u00e0 privil\u00e8ges : la face sombre de l\u2019IAM - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/03\/acces-privileges-la-face-sombre-de-liam\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/03\/acces-privileges-la-face-sombre-de-liam\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/03\/Fotolia_71594375_Subscription_Monthly_M.jpg","datePublished":"2017-03-31T14:59:19+00:00","dateModified":"2019-12-31T09:07:39+00:00","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/03\/acces-privileges-la-face-sombre-de-liam\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/2017\/03\/acces-privileges-la-face-sombre-de-liam\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/03\/acces-privileges-la-face-sombre-de-liam\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/03\/Fotolia_71594375_Subscription_Monthly_M.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2017\/03\/Fotolia_71594375_Subscription_Monthly_M.jpg","width":1378,"height":1378,"caption":"Vector car rental or sale concept in flat style - hand holding car key"},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/2017\/03\/acces-privileges-la-face-sombre-de-liam\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Acc\u00e8s \u00e0 privil\u00e8ges : la face sombre de l\u2019IAM"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/bae228115f666edd076e6768575612a7","name":"Thomas Karmann","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/thomas-karmann\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/9551","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/206"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=9551"}],"version-history":[{"count":10,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/9551\/revisions"}],"predecessor-version":[{"id":9620,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/9551\/revisions\/9620"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/9555"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=9551"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=9551"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=9551"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=9551"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}