Building trust in the Cloud
Interview with an Expert:
Marc Darmon
Executive Vice President, Secure Communications and Information Systems.
According to a study carried out by KPMG, the European cloud market is set to exceed €500bn by 2030, a tenfold increase on today. However, this spectacular boom is very much dependent on organisations being able to ensure that they can store their sometimes very sensitive data safely in the cloud. Marc Darmon, EVP, Secure Communications and Information systems at Thales, talks about how important this challenge is and how Thales is responding to it.
The cloud seems to have become a vital tool. Can you explain why?
The cloud is essential for the competitiveness and innovation of organisations as part of their digital transformation. Whether to store data with great elasticity ("Infrastructure as a service"); to develop services to process data (calculation, processing, etc.), to benefit from high-performance toolkits ("Platform as a service"), or simply to take advantage of the most innovative applications ("Software as a service"), the cloud is a pillar of digital transformation and, beyond that, of sovereignty itself.
Not everybody seems ready just yet to blindly entrust the cloud with their data...
That’s true. Although it has become essential, companies, organisations and individuals still need to be able to trust the cloud. Today, organisations can be hampered by the risks associated with, for example, cyber threats, or those associated with extra-territorial regulations, the most significant example of which to date remains the US Cloud Act. These issues are of particular concern when it comes to sensitive data in the cloud - personal data, banking data, intellectual property - or when you are an operator of critical infrastructures, or an administration.
What can Thales offer to create that trust?
Thales, a world leader in data protection, has unique expertise that can help build the trust that everyone needs to have in the cloud, with the ambition to become the European reference for cloud security: data security technologies, cybersecurity as well as “move to cloud” services.
Our philosophy and approach is simple. We want to provide each customer with a trust-building offering, with a level of security, privacy, and management tailored to his/her needs. Firstly, we can help our customers define the right solutions and then help implement them. On the one hand, we support clients with a strong need to protect sensitive data - whether they are private actors or governmental administrations. On the other hand, we offer two types of solutions based on the technologies acquired during the integration of Gemalto. The first is data security technologies in the cloud, enabling the customer to reinforce security autonomously (by managing encryption, identities and access rights, for example); the second is our Thales-secured cloud offerings, where our customers can rely on Thales, a trusted third party, for their cloud operations. These offers exist for a wide range of public clouds, including Google Cloud, AWS, Azure, OVHCloud, and can be adapted according to the degree of protection needed.
Thales is developing an offer with Google aimed at providing customers with the full range of Google Cloud Platform services, while benefiting from the French national digital security agency’s (ANSSI) 'trusted cloud' label (SecNumCloud), which certifies the maximum level of protection against extraterritorial laws. Thales will operate the cloud and security services (identity management, data encryption, administration, supervision), including the control of updates, via a company entirely controlled by Thales, within an infrastructure hosted in France and separate from that of Google Cloud.
Are you going to sign this type of agreement with other providers?
We intend to develop different types of offerings, including with other cloud providers in the future, to meet the diversity of customer needs both in terms of cloud solutions and the level of risk that needs to be managed. There is a simple reason for this strategy: many organisations have already opted for cloud solutions, and 85% of companies have opted for multi-cloud solutions, i.e. with several providers.
So it’s obvious that to enable our customers to secure their clouds, we need a range of different offerings. Today, the European cloud market is growing strongly (from ~€50bn in 2020 to €300-500bn in 20271), with the majority of companies and public institutions having already initiated their migration to the cloud.
In France, private and public players can fortunately rely on an innovative ecosystem of French cloud providers, whether for infrastructure (some of which are already SecNumCloud certified, such as Outscale or OVH, whose IPO last year was a success) or services: for example, eight players in the cloud sector have joined forces to offer a French alternative to Office 365.
However the American "hyperscalers" (Amazon, Google, Azure, etc.) account for about 70% of global market share, generally relying on servers that are not located in France. Reinforcing the security of these technologies is a very strong market demand here in France – and across Europe - and not meeting this demand could result in a loss of security for users' data, or a loss of competitiveness.
To promote the digital transformation of companies and administrations with more sensitive data, it is therefore necessary to support the development of the French and European ecosystem, including new technologies, while remaining uncompromising on the certification requirements that enable secure and sovereign access to American clouds.
To learn more about our trusted Cloud : Thales and the Clouds | Thales Group
[1]KPMG, The European Cloud, major challenges for Europe and five high-impact scenarios from 2027-2030, April 2021