[ITM ZOOM] SECURITY ARCHITECTURE

THE MINUTES OF THE MEETING

MAY 2018
ITM ZOOM
SECURITY
Architecture
Introduced by C. BELLEROSE, T.WATTIER,
N. GIRONDEAU and E. FIERRO

Session summary
[ITM ZOOM] SECURITY ARCHITECTURE
RECORDING SESSION

7 min The video includes:

SECURITY
ARCHITECTURE

1. Mobiles/ labtops security

2. Office server security
3. Internet surfing

NOW
4. Authentication
5. Remote acess
6. Mail
7. Security attacks monitoring
Watch 8. Toolbox

3
[ITM ZOOM] SECURITY ARCHITECTURE
21 ATTENDEES
2018, MAY 17TH

VE Deutschland: Christian STORCK

VE Switzerland: Andreas LEHNERS
VE ENP, Sweden VE UK & ROL: Rob POVALL
VE ENP, Spain: Fernando JIMENEZ
VE Deutschland VE ENP, Sweden: Peder VEGBORN
VE CEE, Austria: Wilhelm KERSCHNER
VE UK & ROL VE CEE, Romania: Costin LUPU
VE CEE, Czech Republic VE CEE, Slovakia: Boris MICHELSZ
VE Belgium VE Asia Pacific, Australia (JPR): Matt RYAN VE
VE CEE, Slovakia Asia Pacific, New Zealand (Electrix): Michael
VE Switzerland
KAY
VE ENP, Spain VE CEE, Hungary
2017, MAY 23TH
VE CEE, Austria VE CEE, Romania
VESI GmbH: Jörg HENDSCHKE, Titouan
LAMOTTE, Volker OEHL, Matthias
SCHLEICHER and Torsten WOELFER
VED Industrietechnik: Waldemar DABKIEWICZ
VE Swizerland, Italy: Alessandro DE-CHIRICO
VE ENP, Portugal: Luis RAIMUNDO
VE CEE, Austria: Martina RUPP
VE CEE, Slovakia: Stefan KOROZI
VE Oil & Gas: Julien TISSIER

VE AP, Australia

VE AP, New Zealand

4
ITM ZOOM
SECURITY
Architecture
Introduced by C. BELLEROSE, T.WATTIER,
N. GIRONDEAU and E. FIERRO

Frequently asked
questions
 [ITM ZOOM] SECURITY ARCHITECTURE
Q&A SESSION 1/3
QUESTIONS ANSWERS

CyberArk use depends of the servers administration.

If the servers are managed by VESI, then the VESI system team is able
How can I use CyberArk? to migrate it to CyberArk, otherwise, please feel free to contact
B.LECLERC.

Could I also get CyberArk costs? CyberArk costs are based on a quote, made on demand.
There is no training.
Would it be training for CyberArk and Bitlocker? Feel free to contact Bertrand LECLERC, if you need more information
on IT security tools.
Splunk monitores events on services and can identify the root cause of
Does Splunk monitore services?
it.

Are every services connected to splunk? Splunk use is on demand and can be connected to any applications.

No, today Zscaler is only available for PC/ devices connected to the VE
Does Zscaler is available for local deployment for PC and devices out of the network? network, no local licence available for Zscaler filtering for the PC/
devices out of the VE network.

Do other solutions exist for web filtering like Zscaler for country not covered by A POC is ongoing by the VESI network and Zscaler teams to implement
Zscaler? If yes, which ones? (ex: Cameron) local Zscaler nodes in the countries which do not have one.

Actually, MFA is used for Mobility, Azure, CyberArk... Some applications

What applications are using MFA (Multi Factor Authentication) for now?
can be added on demand. MFA is deployed on the AD group.
CTI means Cyber Threat Intelligence. This technology performs
analysis on internet for domain/ data bases leak detections. Today,
What is CTI? 6
VESI receives reports frequently from an external company mandated
at VINCI level for CTI.
 [ITM ZOOM] SECURITY ARCHITECTURE
Q&A SESSION 2/3
QUESTIONS ANSWERS

No GDPR requirements are provided from VESI on how each BU should locally deal with GDPR. The point
has to be raised to the legal department of each company.

In any case, as IT Manager you have to make sure to:

o For applications already integrated in VE:
• Update the VESI Conformity Dashboard (see the « appendices » part)
• Check the compliancy of the current external applications used in your perimeter thanks to the
GDPR form, which has to be filled by the editors
• Define for each application if personal data are processed, who is responsible of it? Who are
the contractors?
Is there any specific documents from Vinci on how • Create the register of processing and handle the compliant activities, access rights and
each BU should locally deal with any GDPR security breaches in PriVE (only CPD, Data Protection Officer and CORPOL can access to the
requirements? tools)
• Implement security metrics system 
o For the applications which are going to be integrated in VE: 
• Take into account the Change Delivery Book
• Use the ISS Form
• Use the GDPR Form

For information, all applicative projects must be initiated with the collaboration of the Change Coordination
team (lead by T. WATTIER).
The project will include afterwards the Architecture team (S.REMARS - VESI Architecture Manager) and
the Security team (B.LECLERC - VESI Security Manager).

7
 [ITM ZOOM] SECURITY ARCHITECTURE
Q&A SESSION 3/3
QUESTIONS
Is there any security tool for MDM (such as symantec)?
Is there a monitoring feature on the MDM console for malware detection?
Could it be possible that a notification is sent to the IT Managers when a mailware is
detected on a mobile device (as of now, only the user receives a notification)?
ANSWERS
MDM already includes an Antivirus with MaaS360.
Yes, the « Threat Management » module in the MDM console makes
possible the monitoring of malware detection on mobile devices.
For information, a record on the IT Managers Zoom on MDM is
available on VESI TV.
Feel free to contact Thomas ZAMBETTA if you have additional
questions to ask.
For now, no notification is sent automatically to the IT Managers but
they can set up a rule to get alerts email in case of malware
detection as shown below:
8
ITM ZOOM
SECURITY
Architecture
Introduced by C. BELLEROSE, T.WATTIER,
N. GIRONDEAU and E. FIERRO

Toolbox
[ITM ZOOM] SECURITY ARCHITECTURE
HELP

Click here to access to the

dedicated HELP potal

10
[ITM ZOOM] SECURITY ARCHITECTURE
SECURITY ARCHITECTURE DIAGRAM

Click here to access to the

VE Security Architecture

11
ITM ZOOM
SECURITY
Architecture
Introduced by C. BELLEROSE, T.WATTIER,
N. GIRONDEAU and E. FIERRO

Appendices
List of applications covered by VESI, including personal data
Conformity dashboard per apps
IT SECURITY
VESI – PERSONAL DATA LIST OVERVIEW
Application Main Processes puposes Editor Personal Data List
Title, Name, UPN, Email, Phone number, Company, Address, Personal Adress, Job Title, Bank
Finance / Timesheet / Payrolls / Customer
CODEX and Supplier Management
SAP informations, Birth Date, Salary, Family, Marital status, Timesheets, Reg Number, Payrolls, Invoices,
Travel Expenses, Leaves, Purchase Orders, Requisitions
Title, Name, UPN, Email, Phone number, Company, Address, Personal Adress, Job Title, Bank
Finance / Timesheet / Payrolls / Customer
NaviQuartz and Supplier Management
Microsoft informations, Birth Date, Salary, Family, Marital status, Timesheets, Reg Number, Payrolls, Invoices,
Travel Expenses, Leaves, Purchase Orders, Requisitions
Employees Carrer Management and Title, Name, UPN, Email, Phone number, Company, Address, Personal Adress, Job Title, Birth Date,
Taliris trainings
TalentSoft
Age, Salary, Family, Marital status, Increases, Trainings, Diploma, Schools, Picture
Collaboration Tools (emails, Social, Title, Name, UPN, Email, Phone number, Company, Address, Job Title, Email content, Posts,
O365 Suite Teams)
Microsoft
Document activities, Picture, Activity Logs, Likes
Active Directory Manage VE technical accounts Microsoft Title, Name, UPN, Email, Phone number, Company, Address, Job Title, Password, Activity Logs
Title, Name, UPN, Email, Phone number, Company, Address, Personal Adress, Job Title, Bank
BI Provide reports based on data collections SAP
informations, Birth Date, Salary, Family, Marital status, Timesheets, Reg Number
Title, Name, UPN, Email, Phone number, Company, Address, Personal Adress, Job Title, Bank
Manage interfaces between internal and
SOA external systems
Oracle informations, Birth Date, Salary, Family, Marital status, Timesheets, Reg Number, Payrolls, Invoices,
Travel Expenses, Leaves, Purchase Orders, Requisitions
MyView Intranet Microsoft Title, Name, UPN, Email, Phone number, Company, Address, Job Title, Picture, Preferences

Academy Manage internal trainings VESI Title, Name, UPN, Email, Phone number, Company, Address, Job Title, Trainings
Title, Name, UPN, Email, Phone number, Company, Address, Personal Adress, Job Title, Bank
HRAccess Payroll and Legal SOPRA informations, Birth Date, Salary, Family, Marital status, Timesheets, Reg Number, Payrolls, Social
Security Number
Title, Name, UPN, Email, Phone number, Company, Address, Job Title, Corporate Applications, Phone
VE Store Manage Mobile Devices and Mobile Apps IBM
ID, Phone Model
Title, Name, UPN, Email, Phone number, Company, Address, Bank informations, Invoices, Purchase
BASEWARE Invoices demateralization BASEWARE
Orders, Requisitions
Title, Name, UPN, Email, Phone number, Company, Address, Personal Adress, Job Title, Bank
PeopleDoc Payroll demateralization PeopleDoc informations, Birth Date, Salary, Family, Marital status, Timesheets, Reg Number, Payrolls, Social
Security Number 13
 IT SECURITY
VESI – PERSONAL DATA LIST OVERVIEW
Application Main Processes puposes Editor Personal Data List

TBM Monthly Reporting Apps VESI Title, Name, UPN, Email, Company, Job Title
Digital Project Folder. Projects Title, Name, UPN, Email, Phone number, Company, Address, Job Title, Projects Documents, Purchase
DPF Microsoft
dematerialization orders, Invoices
Title, Name, UPN, Email, Phone number, Company, Address, ID, Personal Address, Birth Date,
DIRECTORY Directory of VINCI Energies employees VESI
Cookie, Picture
Title, Name, UPN, Email, Phone number, Company, Address, ID, Personal Address, Birth Date,
GDR Role access Management VESI
Cookie, Picture
ROC VINCI Energies Organisational Reference VESI Title, Name, UPN, Email, Company

IAM Identity Management & User provisioning MicroFocus Title, Name, UPN, Email, Phone number, Company, Address, Job Title, Password, Activity Logs

EasyVista IR Support tickets management EasyVista Title, Name, UPN, Email, Phone number, Company, Address, Job Title, Support Tickets and History

Mailbox Inventory Mailboxes followup VESI Title, Name, UPN, Email, Company

Internal Control Internal Control processes VESI Title, Name, UPN, Email, Company
Data Processing Registrer for GDPR
PRIVE CILEX Title, Name, UPN, Email, Company
compliance
Internal & External Share Documents
Transfer platform
NextSend Title, Name, UPN, Email

Click&Learn E-learning management Click & Learn Title, Name, UPN, Email, Company, Trainings
Title, Name, UPN, Email, Phone number, Company, Address, Job Title, Email content, Posts,
Network Together Social Network Application VINCI
Document activities, Picture, Activity Logs, Likes, IDVINCI
CASTOR VINCI Title, Name, Email, Company, Bank informations
SYSLOG / SPLUNK End users Log analysis for Security and
SPLUNK Title, Name, UPN, Email, IT Activities (email, logins, Internet) and History
Innocraft troubleshooting 14
 IT SECURITY Compliant
Compliance In Progress
Not compliant
VESI – CONFORMITY DASHBOARD BY APPS
Contract Personal Data Data Data Security « PRIVE » Users Rights User Rights
Application Main Processes puposes Editor
Review List Hosting Retention Measures registration Information processing
FR
ERP : Finance / Timesheet /
CODEX Payrolls…
SAP &
UE
ERP : Finance / Timesheet /
NaviQuartz Payrolls…
Microsoft FR
Employees Carrer Management
Taliris and trainings
TalentSoft July FR
Collaboration Tools (emails, Social,
O365 Suite Teams)
Microsoft UE

Active Directory Manage VE technical accounts Microsoft FR

Provide reports based on data
BI collections
SAP UE
Privacy
Manage interfaces between internal Policy
SOA and external systems
Oracle FR
In
MyView Intranet Microsoft UE
Progress
Academy Manage internal trainings VESI N/A FR

HRAccess Payroll and Legal SOPRA FR

Manage Mobile Devices and
VE Store Mobile Apps
IBM UE

PeopleDoc Payroll demateralization PeopleDoc UE TB verified

Baseware Invoices demateralization BASEWARE FR

End users Log analysis for Security
SYSLOG / SPLUNK and troubleshooting SPLUNK UE
15
 IT SECURITY Compliant
Compliance In Progress
Not compliant
VESI – CONFORMITY DASHBOARD BY APPS
Contract Personal Data Data Data Security « PRIVE » Users Rights User Rights
Application Main Processes puposes Editor
Review List Hosting Retention Measures registration Information processing

TBM Monthly Reporting Apps VESI N/A FR

Digital Project Folder. Projects

DPF Microsoft UE
dematerialization
Directory of VINCI Energies
DIRECTORY VESI N/A FR
employees
GDR Role access Management VESI N/A FR
VINCI Energies Organisational
ROC VESI N/A FR
Reference

s In
Identity Management & User
IAM MicroFocus FR
provisioning
i ew
rv Privacy
EasyVista IR Support tickets management EasyVista Inte ress… Policy

Mailbox Inventory Mailboxes followup VESI N/A FR

Prog In
Progress
Internal Control Internal Control processes VESI N/A FR
Data Processing Registrer for
PRIVE CILEX FR
GDPR compliance

16