Public services have major digital security challenges. Crowdsourced security offers flexible, scalable and affordable solutions to address them.
Local authorities, hospitals, schools, postal services... So many administrations that handle large amounts of sensitive data on a daily basis, starting with citizens' data. Digital security issues are crucial: since the risk is real, so is the responsibility.
But in the public sector as in the private one, it is not always easy to ensure security at all levels. Budgetary limitations, lack of qualified personnel, intrinsic complexities of the infrastructures, the obstacles are numerous.
If there is no cure for all ills, crowdsourced security offers solutions adapted to the challenges of public administrations in terms of:
Public services are as numerous as they are eclectic. It's impossible to come up with a single security strategy for all of them. That said, collaborative security has the advantage of offering flexible and scalable solutions that can be adapted to almost any situation - municipalities, metropolitan areas, hospitals, transportation, water and sanitation utilities, etc.
Let's take the example of a municipality that needs to secure a critical application, developed internally or by an editor. For example, a software application for the filing of reports for the municipal police. A data theft would be catastrophic for the city, for image and public safety reasons.
Unfortunately, this municipality - like many others - has limited human resources and budget. Here, crowdsourced pentesting is an ideal and affordable solution. A small-scale penetration test allows the municipality:
Once the municipality and its technical teams are familiar with the practice, it is possible to move up a gear with, for example, pentesting for architecture, infrastructure, remote access, etc. Here, the French city of Boulogne-Billancourt sets an example.
Smart cities offer many entry points for malicious individuals. It is therefore imperative to take preventive action. Under the leadership of its CIO Christophe Vergeron, Boulogne-Billancourt was one of the first cities in France to call on ethical hackers to secure its environments. Several operations have been carried out:
Crowdsourced security was very interesting. Financially first, with the notion of bounties. You only pay if bugs are found - it encourages performance.
Secondly, there are no compromises. A traditional service provider will often adapt to the client's request, directing the research or even the results according to the objectives. With ethical hackers, it is efficiency that counts. Vulnerabilities must be found, and they find them! The campaigns carried out in Boulogne have enabled us to identify several vulnerabilities, and then to correct them. In the end, it is the security of the citizens that has been reinforced. [...]
Cybersecurity is not only about protecting systems and softwares, it is also about protecting citizens. A city has a duty to ensure digital security as it ensures the safety of people."
- Christophe Vergeron, Chief Information Officer at Boulogne-Billancourt
Crowdsourced security allows for a progression of actions to be taken. Pentests allow public administrations to familiarize themselves with ethical hacking at their own pace. The most obvious vulnerabilities are identified for a fixed cost, and technical teams can take the time needed to remediate.
When a public service is mature enough regarding security, it can go to the next level: bug bounty.
In practical terms, bug bounty is a bug hunt, a challenge to ethical hackers. The interest of bug bounty for a public entity is twofold:
Previously, we took the example of a city with Boulogne-Billancourt. Now, let's zoom out a little and go to a larger scale.
In June 2022, a mutualized bug bounty was launched by French local authorities. About fifty elite Yogosha hackers were selected to test the fifteen most used softwares by the country's cities. An administrative platform for day care registration, a queue management software...
This shared bug bounty operation has several advantages for local authorities:
If the example here concerns local authorities, the bug bounty and its mutualized form are applicable to any type of public administration.
The benefits of crowdsourced security do not stop at pentesting, bug bounty and VDP. In addition to these programs, the Yogosha platform allows public administrations to:
You can't expect a public administration to be as flexible as a start-up. Existing processes are often time-consuming, budgets are limited and cybersecurity talents are scarce. As a result, the same IT department may be responsible for all digital issues, including security. It is not always easy to conduct security operations, or to ensure that vulnerabilities are properly addressed.
Ease of access and implementation of processes is a major issue in the adoption of crowdsourced security. This is why support is one of our main missions.
Yogosha Managed Services are complete and scalable support solutions. We collaborate with the most prestigious consulting firms to set up customized action plans, from the construction phase to the remediation phase:
In a nutshell, Yogosha and crowdsourced security allow public services to:
Are you a public service player interested in our crowdsourced security solutions?
Find all the news and cybersecurity trends directly in your mailbox.