At Cloud Temple, digital trust and French and European digital sovereignty are subjects that fascinate, motivate and structure discussions that go beyond the simple application of a reference framework or standard.
For Cloud Temple, digital confidence and sovereignty are not limited to locating data on European or French soil. This is a largely inadequate measure, if only in the face of the extraterritoriality of the laws of certain nations.
What factors need to be taken into account?
- The contemporary digital challenges linked to the economic and strategic value of exponential deposits of data do not dry up with time or use.
- Issues relating to personal data, digital identity and, increasingly, health data
- The stakes involved in economic warfare, competitive or technological advantages motivating espionage or digital theft through cyber attacks or legal vices
- The massive exploitation of data by the major digital players to create highly personalised services that can even lead to the captivity of end consumers.
- Digital giants' strategies for avoiding the jurisdiction of the European legal framework
- Internet neutrality and free access
- Independence or at least technological reversibility from a foreign publisher or nation
The organisational and technical implementation of this trust and of SecNumCloud compliance, subject to the stamp of the ANSSI qualification decision, was a major project requiring several hundred organisational, procedural and above all technical points to be addressed. It was essential to go as far as possible in applying the principle of defence in depth when interpreting a security requirement. In addition, risk modelling considerations were also pushed to the highest level, to the point of taking into account state-level threats and attack or disaster scenarios that in other contexts would be thought improbable. Finally, the need to take an informed, pragmatic approach to the choice of qualified service implementation, aiming to respect the structuring principles that represent Cloud Temple's strategic line, including (to name but three):
- Thinking before blindly applying certain requirements or recommendations in order to take into account the threat landscape and the overall gain in security and reliability. For example, this is what led Cloud Temple to eliminate any dependence on Windows technologies in the IS supporting the service currently being qualified. This choice reduces the surface area exposed to threats.
- Maximum avoidance of sacrificing scalability, automation, performance and technical usability in line with the operational challenges of Cloud Temple's customers. Cloud Temple's teams and talents invest considerable effort in combining maximum security, compliance and operational realities.
- Avoiding technological dependency and non-reversibility in relation to a publisher, a technology or a nation. It is in this spirit that Cloud Temple, through the talents of its teams and the culture it has put in place, is promoting in-house know-how that enables it to be the publisher of its own Cloud Management Platform (SHIVA) and its own infrastructure for automating and industrialising the Secure Temple service.