Securing your data in the sovereign cloud

Data management has become an essential part of every organization's strategy. Despite the appeal of flexible access and low storage costs, not all solutions are suitable for professional use. This is why it is so important to opt for a sovereign cloud. 

What is a sovereign cloud?

A sovereign cloud, also known as a data hosting and processing service, must be offered by a provider governed by your nation’s laws. This provider must have a physical presence on your nation’s territory and apply your nation’s laws and standards related to data processing.  The aim is to preserve the confidentiality and integrity of data within its infrastructures in your nation. A sovereign cloud ensures that data stored is not subject to extraterritorial laws and that the provider complies with the General Data Protection Regulation. 

Implementing security rules 

Recommendations have been drawn for instance to help French organizations, make an informed decision when considering the use of cloud computing services. These recommendations are based on due diligence risk analysis carried out by customers, and on transparency commitments made by service providers to their customers, which must be formalized in service contracts. All cloud providers advise their customers to secure their data and workloads. However, not all customers follow these recommendations, and fail to use the security tools provided by cloud providers. This is why it is vital to implement important security rules. Encryption is a key element in the recommended solutions for protecting data.

Encrypting data from end to end 

All storage services encrypt data at rest, and while this is a good practice, it does not protect against attackers or malicious persons intercepting, stealing or modifying data. For example, data is in plain text when it is:

• Scanned by antivirus software.
• Indexed, i.e. tagged with certain attributes that can be efficiently searched and retrieved.
• Transformed into a thumbnail image.
  

Many cloud storage services do not encrypt data by default. Thus, the security of data in the Cloud depends on its encryption. It makes data unreadable to anyone who does not hold the decryption key. Lost or stolen data is unreadable and unusable in practice. ERCOM offers secure solutions to protect its customers' data by performing end-to-end encryption, leaving no possibility of violating the confidentiality of said data.

Hosting data in your country 

Some extra-territorial legislation may pose a risk to data. In fact, a third country, at the request of a judge, could retrieve data in order to decrypt it "tomorrow" using tools based on the power of quantum cryptography. In the United States for example, the adoption of the “Clarifying Lawful Overseas Use of Data Act" allows US authorities (police, administration and US intelligence) to request US providers to access personal data stored on servers located in the US or abroad over the last 30 years. Keep in mind that 3 of the 5 Big Tech organizations alone hold 85% of the data market: Amazon Web Services (AWS), Google and Microsoft are the world's 3 largest cloud data hosts. This observation can have an impact on digital sovereignty, particularly in terms of server location, but also in terms of legislation that varies from country to country. Every country concerned with its independence from the USA or China needs to have one or more sovereign cloud providers to address issues of trust and security.  

A sovereign solution: Cryptobox

ERCOM offers an end-to-end encryption service on a sovereign cloud hosted by OVH. Cryptobox is the secure cloud sharing solution hosted in France. This solution has been designed to meet the security needs of organizations wishing to share sensitive data with suppliers, partners or internally. It is easy to install, manage and use, and above all offers ANSSI-approved security. 

Furthermore, data confidentiality, security and integrity do not depend solely on the implementation of the processes provided by cloud providers, nor on the encryption of data at rest, nor on extra-territorial laws. To limit risks, we recommend encrypting your data from end to end, and hosting it in your country with a sovereign cloud provider that implements stringent security rules. The Cryptobox solution enables you to share data securely and work together transparently, and neither ERCOM nor your hosting provider has access to the content or encryption keys. This way, your organization can benefit from all the advantages of the cloud, with guaranteed confidentiality and total sovereignty.