As the security and sovereignty of the cloud stir debates in the EUCS project, SecNumCloud qualification remains a benchmark in selecting a highly secure cloud solution.
SecNumCloud: A Security Qualification
In 2016, the ANSSI (National Agency for Information System Security) developed the SecNumCloud security qualification. Its aim is to ensure a high level of security for both operators and clients in cloud computing.
Audit Categories and Requirements
To obtain SecNumCloud qualification, a cloud service provider must demonstrate compliance with the security standards listed in the framework. These standards are divided into 6 audit categories and encompass more than 350 requirements.
Among these are:
The implementation of an information system security policy and risk management,
The encryption of stored data,
The identification, management, and compliance in third-party relationships,
The management of digital and physical assets and identities,
Incident management and business continuity guarantees.
This qualification thus attests to both the technical excellence of the certified provider, its organizational rigor, and its compliance with current regulations.
Once obtained, the SecNumCloud qualification is akin to a recommendation for the service’s use by the French state.
SecNumCloud at the Center of Debates on EUCS and the SREN Law
The new SREN law for the regulation of the digital space, adopted on April 10, 2024, aims in particular to counter the influence of American cloud giants. It could thus favor the choice of sovereign cloud providers, qualified as SecNumCloud.
A SecNumCloud qualified cloud operator strives to ensure a high level of security for user data. This includes robust IT security policies and risk management practices, with particular attention to internal governance organization, security of involved human resources, data backup, and maintenance.
SecNumCloud qualification thus provides strong guarantees regarding business continuity and service availability.
Additionally, relationships with third parties are subject to strict and specific security measures. Indeed, the SecNumCloud operator must clearly identify all stakeholders and monitor changes in these relationships while ensuring the confidentiality of exchanged data. This helps to limit security breaches from external sources, particularly in the context of increasing supply chain attacks.
Enhancing Sovereignty
In its version 3.2, released in 2022, the SecNumCloud certification incorporated measures to protect against extraterritorial laws with lenient data protection standards, such as the Cloud Act. It ensures that citizens and businesses can be confident their data will never be transferred to third parties without prior agreement and legitimate reason, in compliance with GDPR. SecNumCloud thus preserves the sovereignty of the French cloud landscape and limits the risks of industrial espionage.
Recently, the Superior Digital and Postal Commission (CSNP) requested the extension of obligations for hosting sensitive data in a sovereign cloud to all public administrations, in accordance with the NIS 2 Directive.
TixeoPrivateCloud: Secure Videoconferencing in the SecNumCloud-Qualified Cloud
In critical sectors where data digitalization is extensive, cloud attacks disrupt business stability. Videoconferencing tools are not exempt, and their data must receive the highest level of protection against espionage.
To enhance data security, Tixeo hosts its videoconferencing solution in a private cloud operated by 3DS Outscale. SecNumCloud-qualified, 3DS Outscale provides cloud services in France through a French legal entity, free from international interference.
FAQ :
What is SecNumCloud Qualification?
SecNumCloud is a security qualification issued by ANSSI, ensuring a high level of security for cloud services in compliance with strict standards.
What are the requirements to obtain SecNumCloud qualification?
Cloud service providers must comply with over 350 requirements, covering aspects such as information system security, data encryption, incident management, and business continuity.
Why choose a SecNumCloud-qualified cloud provider?
Choosing a SecNumCloud-qualified provider minimizes security risks and ensures enhanced data protection, while also guaranteeing the digital sovereignty of organizations and their compliance with GDPR.
How does SecNumCloud qualification reinforce digital sovereignty?
It includes protective measures against extraterritorial laws, ensuring that data is not transferred to third parties without prior consent and is hosted in France.
What advantages does it offer for critical sectors?
With a SecNumCloud-qualified solution, critical sectors, such as defense and industries, benefit from maximum protection against industrial espionage and guaranteed availability and continuity of cloud services.
There are several ways to deploy videoconferencing within an organization. Whether it’s in the public cloud, private cloud, or an on-premise solution, each deployment meets a specific need and has its own advantages.
Definition of Cloud-Based Videoconferencing Software
Cloud-based videoconferencing software refers to a communication solution hosted on remote servers managed by an external provider.
These servers are accessible online, allowing users to access the solution with just an Internet connection.
What is the difference with an on-premise videoconferencing solution?
On-premise videoconferencing software is installed and operates on a company’s own servers and IT infrastructure. Access to internally stored data is not constrained by an Internet connection for internal communications.
On-premise or cloud: Identifying the Need
Easily Deploying Videoconferencing
For small or medium-sized businesses needing a videoconferencing solution to be deployed quickly and cost-effectively, the cloud is the most suitable. Indeed, public cloud videoconferencing does not require the installation of a server, allowing for the optimization of allocated resources. Additionally, its quick deployment can be appreciated: within a few hours, the service is fully operational.
Having Your Own Cloud Videoconferencing Server
For medium to large organizations with a bigger budget and prioritizing deployment simplicity, private cloud videoconferencing stands out. It offers the benefits of the cloud while allowing the company to have its own videoconferencing server. Organizations can also obtain their own cloud server address. Some providers also allow for the customization of the user interface to match the company’s branding.
Opting for Maximum Security
For large and very large enterprises with stringent cybersecurity requirements, installing and managing a videoconferencing server within their own network infrastructure might be preferred over relying on a cloud provider. Therefore, deploying an on-premise videoconferencing solution will be more suitable.
The Advantages of Cloud-Based vs. On-Premise Videoconferencing
Flexibility and Scalability
Cloud-based videoconferencing easily adapts to the number of users of the solution. For online meetings with a few collaborators or large videoconferences, the solution can be scaled without incurring significant costs, unlike modifications on proprietary servers. Moreover, cloud-based videoconferencing does not require the implementation of IT infrastructure or maintenance by the companies.
Customization of the Interface
Although it is not as technically customizable as an on-premise solution, the private cloud videoconferencing server can be graphically customized. This is the case with the TixeoPrivateCloud offer. Companies can customize the software interface and web access with their colors and logo. Emails sent by Tixeo (meeting invitations, updates, etc.) are also personalized to reflect their branding. During meetings, a watermark text can be added at the bottom right to convey a confidentiality message (e.g., “restricted distribution”).
Ease of Maintenance
The cloud videoconferencing solution provider handles security updates, software improvements, and server maintenance. This reduces the workload for the company’s IT teams and thus limits costs.
Cost Reduction
In addition to resource savings, the subscription model for cloud videoconferencing typically allows companies to adjust their pricing plan according to their current needs. This enables them to achieve cost savings and gain agility.
Tixeo offers its secure, certified, and ANSSI-qualified videoconferencing solution in the public cloud. Hosted in France, with a customized and high-performance offer that optimizes operating costs.
The “cloud at the center” doctrine, promoted by the French government, encourages public administrations to rely on cloud-hosted digital services. To accelerate the digitalization of public services, this widespread adoption of the cloud must ensure data security. This requires choosing sovereign providers qualified as SecNumCloud (or holding a European qualification to guarantee an equivalent level, particularly in cybersecurity).
SecNumCloud is a security qualification offered by ANSSI that guarantees a high level of security for cloud computing operators and clients. It serves as a selection criterion to ensure the security of cloud software.
To benefit from this, the cloud provider must prove compliance with the best practices and security standards listed in the SecNumCloud framework. Once received, the qualification is akin to a recommendation for the use of the service by the French State.
The Higher Commission for Digital and Postal Services (CSNP) has recently called for extending the obligations to host sensitive data in a sovereign cloud to all administrations, in line with the NIS 2 Directive.
Tixeo offers its secure, certified, and ANSSI-qualified videoconferencing solution in a private, sovereign cloud, qualified SecNumCloud.
The Advantages of On-Premise vs. Cloud Videoconferencing
Companies opt for this type of deployment for reasons of compliance, data security, or the need for specific features not available in cloud solutions.
Total Control of the Solution
By deploying on-premise videoconferencing software, the organization has complete control over its IT infrastructure. It becomes responsible for the maintenance and updates of the solution and the necessary software to run the service.
Ensuring Business Continuity
Thanks to its offline operation, on-premise videoconferencing allows organizations to maintain communications. It thus ensures business continuity in case of a crisis, internet connection outage, or IT failure.
Technological Independence
Deploying your own videoconferencing server strengthens your technological independence and sovereignty. Indeed, some cloud-based videoconferencing solutions adhere to extraterritorial regulations that provide limited protection for user data. With on-premise videoconferencing, the company limits security breaches and relies on its own expertise, without external intervention.
Maintaining Control over Personal Data Processing
By adopting the on-premise model, the company retains absolute control over the processing of its users’ personal data. This avoids entrusting the data to a third party and minimizes the risk of data leaks. Consequently, the organization can easily ensure its compliance with GDPR.
Tixeo offers its secure, certified, and ANSSI-qualified videoconferencing solution in an on-premise version for maximum security during integration.
FAQ :
What is an On-Premise Videoconferencing Solution?
An On-Premise solution is installed and hosted on the company’s internal servers, providing the organization with full control over data and security.
What are the Advantages of a Cloud Videoconferencing Solution?
Cloud solutions offer increased flexibility, automatic updates, and do not require dedicated hardware infrastructure. They also allow easy access for users from any location.
Why Choose an On-Premise Solution?
An On-Premise solution is ideal for companies with strict security and data privacy requirements that prefer to maintain full control over their infrastructure.
What are the Main Disadvantages of a Cloud Solution?
Cloud solutions can pose data protection risks if they are not sovereign. Therefore, choosing a SecNumCloud-qualified solution is recommended.
How to Decide Between an On-Premise and Cloud Solution?
The choice depends on several factors, such as security needs, available resources for infrastructure management, required flexibility, and the company’s budget.
What are the Cost Considerations Between On-Premise and Cloud?
On-Premise solutions involve higher initial costs for hardware and installation, while Cloud solutions typically operate on a subscription model with costs spread over time.
What are the Maintenance Requirements for an On-Premise Solution?
On-Premise solutions require an IT team to manage maintenance, updates, and backups, which can represent significant cost and time investments.
How Can a Cloud Solution Improve Collaboration?
Cloud solutions enable real-time collaboration and easy access to meetings from various devices and locations, facilitating remote work.
What are the Security Risks Associated with Cloud Solutions?
Cloud solutions can be vulnerable to cyberattacks if adequate security measures are not implemented, such as data encryption and strict access management.
Does Tixeo Offer Both On-Premise and Cloud Solutions?
Yes, Tixeo offers both On-Premise and Cloud videoconferencing solutions, sovereign and tailored to meet the specific security and flexibility needs of businesses.
Lawyers utilise secure video conferencing for exchanges with their clients or peers. But what are the criteria to ensure the security of communications and the data of the individuals involved in legal proceedings?
Confidentiality of video conferencing for lawyers
The confidentiality of communications is the primary criterion for choosing a secure video conferencing tool for lawyers.
Lawyer consultations
When a consultation between a lawyer and their client cannot be held in person, due to personal constraints or time savings, the consultation can be conducted remotely. In this context, it must allow both parties to exchange information easily and confidentially. End-to-end encryption of audio and video communication streams is therefore essential: thanks to this technology, only the participants in the online meeting have access to the exchanges.
Document sharing
In the context of legal proceedings, a lawyer may need to exchange documents with their client or colleagues. The transmission of legal files also requires end-to-end encryption, to prevent any external interception.
Discussions among colleagues and peers
Lawyers also need to exchange information with colleagues, whether on the move or working remotely. They are also led to discuss with other professionals in the justice sector, such as bailiffs or clerks. All these online meetings deal with legal files that also require the highest security.
The use of a video conferencing solution also involves the collection and processing of personal data from individuals involved in legal proceedings.
GDPR Compliance
It is crucial for legal professionals to ensure that the integrity of the personal data of individuals involved in legal proceedings is respected. For lawyers, in particular, this corresponds to respecting professional secrecy and the legal process. Therefore, the secure video conferencing tool used to discuss legal cases must be fully GDPR compliant.
Indeed, most video conferencing software hosts their data outside European territory and are then subject to lenient extraterritorial data protection laws. This is the case with the US Cloud Act: this series of extraterritorial laws allows American authorities to compel publishers located on American territory to provide data related to electronic communications, stored on American or foreign servers.
At any time, user data can thus be compromised.
Tixeo responds to CCBE’s questions about secure video conferencing for lawyers
As part of its guidelines on the use of remote working tools, the Council of Bars and Law Societies of Europe (CCBE) has compared the general conditions of frequently used video conferencing tools. This resulted in 6 questions that lawyers should ask themselves before choosing a secure video conferencing solution.
Tixeo, a secure, certified, and ANSSI-approved video conferencing solution, has chosen to respond:
To what extent are the applicable general conditions accessible and transparent?
Tixeo’s general conditions are available on request, depending on the offer concerned. Furthermore, its privacy policy, which concerns clients and users of the solution, is available on its website.
Who is responsible for data processing?
Depending on the cloud video conferencing offer chosen, Tixeo is either the data controller or processes personal data on behalf of its clients. In the context of its on-premise video conferencing offer (TixeoServer), the clients are responsible for processing the personal data of their users.
Where is the data stored?
All personal data collected and processed by Tixeo is hosted in France. Its secure cloud video conferencing offer benefits from ANSSI-certified SecNumCloud hosting.
To what extent do platform providers sell or share personal data?
Tixeo never sells or transfers personal data to a third country, except to Switzerland, which benefits from an adequacy decision. Data can therefore be transferred to our partner Ubcom in Switzerland, only with the explicit consent of the concerned individual.
What surveillance might the data held by cloud platform providers be exposed to?
None. Indeed, user data benefits from the protection of French hosts, committed to data security, GDPR compliant, and SecNumCloud certified.
What is the technical security level of the video conferencing platform?
Tixeo is the most secure video conferencing solution on the European market. Designed according to a Secure by design approach, it integrates security at every stage of its design to its deployment in organisations. Its proprietary end-to-end encryption technology ensures total confidentiality of exchanges, regardless of the number of participants in the online meeting. Lastly, Tixeo is 100% GDPR compliant.
Organisations in sensitive sectors such as defence, industry, or justice now trust Tixeo for their confidential communications.
Tixeo uses cookies in order to provide you with the best possible user experience. Tixeo does not use advertising cookies. For more information, please read our privacy policy.
Spoken language (Cookie strictly necessary)
The site uses a cookie allowing the user to choose the language of the site and to keep his choice. This is a strictly functional cookie.
If you disable this cookie, we will not be able to save your preferences. This means that each time you visit this site, you will have to enable or disable cookies again.
Statistics
The site uses the cookie "Google Analytics" only to carry out statistics of frequentation of the site. The refusal of the cookie has no consequence on the navigation on the site. The data is not transferred to a third party. Setting this cookie helps us to improve our website.
Please activate the strictly necessary cookies first so that we can save your preferences!
