ekseem name updated (version approved by Marc and Pierre) public

Author: Michał Gryczka

src/content/blog/eskemm-numerique-multi-tenant-remote-access.mdx

@@ -7,11 +7,10 @@ author: "Michał Gryczka"
 companyName: "Eskemm Numérique"
 companyDescription: "French public company responsible for delivering hosted services to universities and research institutions across the Brittany region, operating a shared infrastructure platform for multiple universities and laboratories."
 companySegment: "Research & Education / Hosted Services"
-companyWebsite: ""
+companyWebsite: "https://www.eskemm-numerique.fr/"
 
 image: "/images/blog/eskemm_case_study.png"
-draft: true
-tags: []
+tags: ["ISO27001", "HDS", "Compliance"]
 ---
 
 ![Secure multi-tenant remote access built by French MSP for research institutions with Defguard](/images/blog/eskemm_case_study.png)
@@ -64,31 +63,31 @@ Real-time client configuration synchronisation guarantees that any changes to lo
 
 In the second scenario, the requirement was to securely connect multiple clients to centralized resources and guarantee that each client has access only to specific services.
 
-To support this case, Eskemm deployed a **dedicated Location for shared services** accessible to all authorized customers. This setup introduces a higher risk profile, because multiple clients must access only selected infrastructure without access to all other network segments and seeing each other's workloads.
+To support this case, Eskemm Numérique deployed a **dedicated Location for shared services** accessible to all authorized customers. This setup introduces a higher risk profile, because multiple clients must access only selected infrastructure without access to all other network segments and seeing each other's workloads.
 
 Currently, access is limited to only a few services. To enhance that, Pierre and Marc plan to leverage **granular group-based access control** (RBAC capabilities of Defguard). While User Groups currently control who can enter this shared gateway on a higher level, they will implement firewall rules using Defguard's **Access Control Lists (ACLs)** module built into Defguard to precisely define access to specific services (IPs, ports and protocols). [ACLs documentation](https://docs.defguard.net/enterprise/all-enteprise-features/access-control-list).
 
 The expected result—a simple but powerful way to control access to shared resources based on user identity and organisation privileges.
 
 ### Authentication
 
-Defguard enabled Eskemm to introduce **MFA for several VPN locations** on connection level, while providing flexibility of configuration and authentication via TOTP codes. Defguard also supports **biometric authentication** using Defguard clients on mobile devices.
+Defguard enabled Eskemm Numérique to introduce **MFA for several VPN locations** on connection level, while providing flexibility of configuration and authentication via TOTP codes. Defguard also supports **biometric authentication** using Defguard clients on mobile devices.
 
 This was a major factor for choosing Defguard as it's the only solution that delivers **MFA authentication for WireGuard VPN** in a self-hosted environment. It guarantees full data privacy and no third-party dependencies.
 
 ### Security & Compliance
 
-The compliance and security requirements are imposed on Eskemm through **HDS (Hébergeur de Données de Santé)**—a mandatory certification in France for any organization hosting health data on behalf of third parties, such as hospitals, clinics, or medical professionals.
+The compliance and security requirements are imposed on Eskemm Numérique through **HDS (Hébergeur de Données de Santé)**—a mandatory certification in France for any organization hosting health data on behalf of third parties, such as hospitals, clinics, or medical professionals.
 
 Defguard's "Secure By Design" approach and **segmented architecture** that cleanly separates the Control Plane (Core) from the Data Plane fulfils those strict regulatory requirements.
 
-Its design allows Eskemm to host the Core within their own secure datacenter, keeping it **completely hidden from the public internet**. As a result, all sensitive metadata remains strictly within French/EU jurisdiction, fully satisfying HDS and ISO 27001 standards.
+Its design allows them to host the Core within their own secure datacenter, keeping it **completely hidden from the public internet**. As a result, all sensitive metadata remains strictly within French/EU jurisdiction, fully satisfying HDS and ISO 27001 standards.
 
-The fact that Defguard is a Polish company and the product is developed in the European Union makes it a preferable choice for Eskemm and companies that want to build a **sovereign technology stack**.
+The fact that Defguard is a Polish company and the product is developed in the European Union makes it a preferable choice for organisation and companies that want to build a **sovereign technology stack**.
 
 ### Automation & API
 
-Managing gateways manually would slow down recovery and increase configuration errors. Eskemm therefore managed gateway deployment and Defguard configuration **through code** using **Ansible and Terraform**.
+Managing gateways manually would slow down recovery and increase configuration errors. The team at Eskemm Numérique therefore managed gateway deployment and Defguard configuration **through code** using **Ansible and Terraform**.
 
 By integrating Defguard's **API** into these pipelines, the team established a reproducible deployment strategy, ensuring that new gateways are provisioned instantly without manual input. Furthermore, the system automatically propagates changes to user devices, making infrastructure updates almost transparent while maintaining strict consistency across all clients.
 
@@ -100,7 +99,7 @@ For most users, the change was almost invisible—which would not have been poss
 
 ## Result
 
-By deploying Defguard as a centralized platform integrated with their automation stack, Eskemm achieved significant gains in security, operations, and scalability:
+By deploying Defguard as a centralized platform integrated with their automation stack, Eskemm Numérique achieved significant gains in security, operations, and scalability:
 
 - Passed penetration tests and maintained **HDS and ISO 27001 certifications**.
 - **Secure remote access** to several tenants.