ANSSI enhances Cloud security

ANSSI renforce la sécurité du Cloud

French actors would they resist change? Only 11 % of French companies with more than ten employees have acquired cloud services in 2014 against 19 % in Europe, according to Eurostat survey from December 2014. The main reason highlighted is data security. Indeed, to outsource all or part of its infrastructure, application and data in an external accommodation center run by a service provider is a sign of a loss of control. Recent cyber attacks against some banks or Sony show that the risk is real. It is in this context that the National Agency for computer security (ANSSI) must to handle security.

ANSSI wants that cloud providers become trusted partners.

The rise of cyber attacks and their consequences for the enterprise’ business is a scourge that ANSSI wants to stem. This agency, under the Prime Minister, are going to set up a process with the aim to label French Cloud providers. In response to strict safety standards, this label is a guarantee of the State on compliance with good data security practices.

Two skill levels will be offered: Cloud Secure and Cloud Secure +

The first will concern the implementation of security best practices defined by ANSSI (physical access control, strong authentication with hashed and salted passwords, encryption software and data hosting in Europe,…)
The second level will go further by imposing a multi-factor authentication, hardware encryption (via HSM) or data hosting in France.

Goal: protection of vital operators.

The primary objective is therefore to catch up French companies delay in the adoption of cloud by addressing the major problem : security breaches. But ANSSI had also to react to the situation and the terrorist threat. To manage the risk of an attack on the best way, the vital operators – SNCF, Orange, EDF,… – will appeal to a labelled provider to store their data. This action comes in response to the military law in 2013 which aims to strengthen national defense and security.

Meanwhile how to improve its security?

Labelisation process is still in its premises and a bit structures are concerned at present. Only 8 French players have started the qualification process which does not mean that other hosters and Outsourcers are clueless about IT risks. Security vulnerabilities detection tools are in place in the market and meet the demand vulnerability management.
SecludIT is revolutionizing the market with its patented Elastic Detector technology. To meet the growing vulnerabilities (18 new each day – average in 2015), this security solution will scan continuously and automatically customer’s infrastructure. This is to promote the prevention to protect against security vulnerabilities.
This approach is in its desire to establish itself as a trusted partner based on the recommendations of ANSSI.

Sources:

http://www.silicon.fr/etat-francais-ertifier-cloud-confiance-151458.html

http://www.nextinpact.com/news/93636-lanssi-detaille-obligations-securite-operateurs-dinfrastructure-vitale.htm

http://www.ssi.gouv.fr/

http://www.usine-digitale.fr/article/cybersecurite-et-si-le-cloud-etait-la-solution.N354074

Leave a Reply