Managing day-to-day security in the public sector: the Var CISO's choice for the French password manager UpSignOn

User testimonial – UpSignOn by Septeo
Vincent Sueur, CISO – Var Department

Since 2023, Vincent Sueur has been the Chief Information Security Officer (CISO) for the Var Department. It was during this period that the local authority also created a unit dedicated to cybersecurity, which he now heads as SOC Manager.

His responsibilities include securing departmental data and raising awareness among staff about good digital practices. The Var Department has approximately 5,000 employees, including 4,000 workstations and nearly 400 servers to secure. Added to this is the IT management of 71 secondary schools, representing a particularly large and heterogeneous environment.

Context and initial requirements

Before implementing UpSignOn, the Var Department was already using TeamPass, an open source password management solution. This solution met certain technical requirements, but had its limitations:

no auto-completion for websites,
complex maintenance dependent on internal resources,
lack of mobile application and portability,
and security and scalability constraints.

The need for a secure, modern, French digital vault then became obvious.
For the Department, choosing a French publisher was a decisive criterion for digital sovereignty, GDPR compliance, and proximity of support. The Var Department is thus one of the first users of UpSignOn, deployed in 2023.
Vincent Sueur particularly praises the quality of support provided by the UpSignOn teams.

"We benefited from exemplary support, genuine attentiveness and consideration of our needs in the product's development."

This close collaboration, combined with responsive support, was a key factor in the success of the project.

Implementation of the solution

The onboarding of UpSignOn went smoothly, the configuration is simple and well supported.

The main difficulties arose not from the technology itself, but from users' adoption of the tool. Some agents, unfamiliar with password managers, needed extra support. Even within the IT department, adoption required a period of adjustment.

"It takes time for practices to become ingrained. After two to three years, reflexes really start to take hold."

To support this skills development, the Department has set up internal training sessions and simple, practical awareness-raising materials. Progressive monitoring by department has enabled a smooth transition.

In terms of supervision, the teams use UpSignOn's administration tools to monitor usage and compliance of workstations, in particular by analysing CSV exports integrated into their internal management system (CM). This enables them to identify non-compliant workstations or atypical usage patterns.

The team has also developed some internal best practices, such as sharing a single account for multiple websites in order to limit redundancy and simplify password management.

Daily use & observed benefits

Today, UpSignOn is used for both individual vaults and shared vaults. Agents are gradually migrating from TeamPass to UpSignOn, service by service.

The main benefits observed are:

Improved security for access thanks to an encrypted and controlled vault,
Guaranteed digital sovereignty with a 100% French solution,
more flexible use, particularly thanks to the mobile version and offline mode,
responsive and attentive support, and
a scalable solution that is continuously being improved.

Vincent Sueur also emphasises UpSignOn's commitment to obtaining ANSSI certification, a guarantee of reliability and trustworthiness for public sector stakeholders.

"This is a real guarantee of security for us. Few solutions can claim to have such a rigorous approach."

In terms of acculturation, the IT department has already organised two or three training sessions to support staff in adopting the solution and raising awareness of best practices.
The documentation provided by UpSignOn, which is considered clear and well designed, serves as a reference, while the Department is creating its own simplified guides to explain certain aspects to users.

Recommendation and vision

For Vincent Sueur, a centralised password vault is now essential in any cybersecurity strategy, including in local authorities.
It enables secure access, centralised management andguaranteed compliance with regulatory requirements.

"It is essential that this type of solution can be managed centrally by cybersecurity teams."

However, he acknowledges that large-scale deployment (across several thousand agents) represents a significant budgetary challenge for local authorities, which are often under financial constraints.

Conclusion

The experience of the Var Department perfectly illustrates the value of a solution such as UpSignOn by Septeo in the public sector: a French, secure and scalable technology, supported by a team that is close to its users.

"The product is evolving in the right direction, in line with the needs on the ground. We feel that they are really listening to us and are committed to developing the solution with their customers."