[Case study] Ensuring a high level of data protection through secure data exchange

The digitization of processes that has been taking place within organizations for several years now has led to a proliferation of data flows and exchanges.

Companies of all sizes need to ensure the security and traceability of shared data, both internally and with their stakeholders (customers, suppliers, partners, etc.), while offering simple tools that integrate easily into their employees' working environment.

Here's a look at Sogetrel, a major French player in telecoms solutions, which LockSelf has been supporting for the past 3 years with its LockTransfer module.

Find out more about this file transfer solution in this interview with Emmanuel Meyer, RSSI (Information Systems Manager) at Sogetrel.

See all software File Transfer

Could you first introduce the company and its business sector?

Emmanuel Meyer:

Sogetrel is an independent French ETI which, in over 35 years of conquest, has become a nationally recognized player in the telecoms, IP security and digital solutions markets.

We have built long-lasting, trust-based relationships with an increasingly diverse customer base.

With more than 4,000 employees and 95 locations, the Sogetrel Group has a dense network across France, Switzerland and Belgium to be as close as possible to its customers. In 2019, the Sogetrel Group generated sales of 640M euros.

What issues do you address as CISO at Sogetrel?

Emmanuel Meyer:

As CISO, I address two main issues.

Firstly, the protection of corporate data, i.e. helping the company to protect its information capital.

Secondly, I'm responsible for protecting the personal data of our employees, as well as the data entrusted to us by our customers, particularly that of their subscribers, since we need this information to provide our services.

When it comes to data protection and how we use it, how does this translate at Sogetrel in terms of processes or tools?

Emmanuel Meyer:

First and foremost, we have set up a security policy for our IS (PSSI), with a strong commitment from management.

It was the COMEX that gave impetus to the approach within Sogetrel, by setting up a dedicated team that I manage.

This is also reflected in the implementation of perimeter and network best practices. In particular, the IT Department is working hard on new solutions (network security, SD-WAN), with continuous monitoring of market solutions.

"The aim is to have an information system at a higher level than security standards."

In terms of tools, it's a combination of a suite of security solutions and an arsenal of complementary solutions, including LockTransfer for the secure exchange of documents with third parties.

How important is it for you to secure document exchanges with third parties?

Emmanuel Meyer:

We realize that internally, 95% of data transits through secure business processes.

On the other hand, as in any industrial process, there is some data that doesn't fit into standard processes, and very often this comes out via media such as e-mail or file transfer. At this level, we're faced with the overflowing imagination of users, with exchanges via USB key, or "consumer" sharing solutions...

If we don't provide users with a solution, they're going to find it themselves, and that's a big risk for us.

We therefore have a filtering policy, as all file-sharing solutions are blocked as standard. This has the advantage of ensuring that not too much information is sent to unsecured media.

We can't block solutions that don't suit us without offering alternatives that meet our security needs. So we set up a secure file transfer solution, LockTransfer.

What were your criteria for choosing LockTransfer? What needs does this tool meet?

Emmanuel Meyer:

Our policy is not to use mass-market solutions that don't meet professional expectations.

In addition to the security aspect, the other requirement is availability, since some of these consumer solutions regularly fall victim to attacks, being unavailable for 12, 24 or 48 hours, and this poses a problem if these solutions are used for processes that precisely require availability.

Beyond the needs, there are also issues linked to the protection of personal data. I'm of course talking about the RGPD, which for us translates concretely into an increase in our customers' requirements with regard to the data entrusted to us.

The starting point is the regulation, which means that Sogetrel, directly, has to upgrade its own data to ensure we protect it. But the bulk of the data we handle is that of our customers, and here it's through contractual requirements that we see a real increase in awareness.

So today there are risks of sanctions if RGPD compliance is not respected, with a consequent financial risk for the ecosystem. But I believe that the notion of digital trust is also central, with a balance between users' mistrust and trust in solutions, and it's up to us to place the cursor on trust with tools adapted to their uses.

Once you've implemented LockTransfer, what uses have you been able to respond to?

Emmanuel Meyer:

I'm going to start with the perimeter closest to my functions, i.e. the security teams and the IT department.

We have to handle sensitive data, since we carry out controls and audits on our IS configurations and infrastructures, and we have to ensure their confidentiality.

When we carry out external intrusion tests, for example, the sharing of these results with third parties is sensitive by nature, and passes through LockTransfer.

Secondly, in our security business, we need to exchange information with our customers, and when they don't have any solutions to offer us, we make proposals for secure sharing via LockTransfer. These exchanges take place during or after the project.

Another use case, for our sales teams, is the use of partitioned deposit boxes as part of invitations to tender. The solution enables us to make available the elements of the specifications and to receive offers from different partners in a secure, compartmentalized way.

Finally, if you had to give three strong points of the solution?

Emmanuel Meyer:

The first is the ergonomic aspect, with an attractive "Look & Field" and ease of use. When I present the solution in-house, in 1 min 30 sec. employees are autonomous on the tool.

The other dimension is the fact that we have a 100% French solution , with guaranteed data hosting in France (Host: 3DS Outscale).

Finally, of course, there's the ANSSI (Agence Nationale de la Sécurité des Systèmes d'Information) certification. For solutions of this type, hosting in France and ANSSI certification are two very important factors.

See all software File Transfer

Conclusion

Securing data exchanges is therefore the result both of a growing awareness on the part of CIOs of the risks to their information assets, and of a new regulatory framework which, by trickling down, is raising the level of requirements for the entire ecosystem.

Faced with these challenges, organizations need to get their staff on board by offering tools adapted to their uses.

From password-protected transfer, to the creation of secure, partitioned exchange spaces, to direct integration with Office and Gmail clients, LockTransfer makes it easy to implement best practices while maintaining a high level of security.

Sponsored article. Expert contributors are authors independent of the appvizer editorial team. Their comments and positions are their own.