Skip to main content

Secure access by policy

The context

David is the CIO of a pharmaceutical laboratory with 120 employees. Following an intrusion attempt from a foreign country, the management asks him to strengthen access controls. Some critical applications — patient data, clinical trial results — should only be accessible under strict conditions.

  • SaaS applications are accessible from any device, anywhere
  • No way to restrict access by geographic location
  • Unable to ensure that the devices used are compliant
  • Traditional VPNs are cumbersome to manage and degrade the user experience

Step 1 — Define access policies (DAP)

David configures Device Access Policies (DAP) in SmartLink. For critical applications, he defines:

  • Authorized browsers: only Chrome and Firefox (latest versions)
  • Operating systems: Windows 10+ and macOS 12+
  • Allowed IP ranges: only the company network and the VPN
  • VaultysID security level: mandatory biometric authentication

Step 2 — Apply policies by folder

David associates these policies with folders containing sensitive applications. The "Clinical Data" folder requires the highest security level, while the "Daily Tools" folder (Slack, email) remains accessible from any secure device.

Step 3 — Real-time verification

When a researcher tries to access clinical data from a café with their personal computer, SmartLink blocks access and displays an explanatory message. From their workstation in the laboratory with their biometric VaultysID, access is immediate.

What changes

Without SmartLinkWith SmartLink
Access possible from anywhereControl by IP, browser, OS
No device verificationPolicy based on VaultysID security level
Cumbersome and restrictive VPNGranular control without VPN
Uniform rules for allDifferentiated policies by folder

Features used