[Case study] Ensuring a high level of data protection through secure data exchange

The digitisation of processes that has been taking place within organisations for several years now is leading to a proliferation of data flows and exchanges.

Both internally and, above all, with their stakeholders (customers, suppliers, partners, etc.), companies of all sizes need to ensure the security and traceability of shared data, while offering simple tools that can be easily integrated into their employees' working environment.

Here's a look at the experience of Sogetrel, a major French player in telecoms solutions, which LockSelf has been supporting for 3 years via its LockTransfer module.

Find out more about this file transfer solution in this interview with Emmanuel Meyer, CISO (Information Systems Manager) at Sogetrel.

See all software File Transfer

Could you start by presenting the company and its sector of activity?

Emmanuel Meyer:

Sogetrel is an independent French ETI which, in over 35 years of conquest, has become a nationally recognised player in the telecoms, IP security and digital solutions market.

We have built lasting relationships based on trust with an increasingly diverse customer base.

With more than 4,000 employees and 95 locations, the Sogetrel Group has a dense network throughout France, Switzerland and Belgium to be as close as possible to its customers. In 2019, the Sogetrel Group generated sales of €640m.

What issues do you address as CISO at Sogetrel?

Emmanuel Meyer:

As CISO, I address two main issues.

Firstly, protecting the company's data, i.e. helping the company to protect its information assets.

Secondly, I'm responsible for protecting personal data, not only that of our employees, but also that of our customers, especially their subscribers, since we need this information to provide our services.

When it comes to data protection and the way we use it, what does this mean for Sogetrel in terms of processes and tools?

Emmanuel Meyer:

First of all, this is reflected in the implementation of a security policy for our IS (PSSI) with a strong commitment from management.

It was the Executive Committee that drove the approach within Sogetrel by setting up a dedicated team that I manage.

This is also reflected in the implementation of good perimeter and network practices. In particular, the IT Department is working hard on new solutions (network security, SD-WAN) and constantly monitoring market solutions.

"The aim is to have an information system that exceeds security standards.

In terms of tools, it's a combination of a suite of security solutions and an arsenal of complementary solutions, including the LockTransfer solution for the secure exchange of documents with third parties.

Why is it important for you to secure document exchanges with third parties?

Emmanuel Meyer:

We realise that internally 95% of data transits through business processes that are secure.

On the other hand, as in any industrial process, there is some data that doesn't fit into the standard processes and very often it comes out through media such as email or file transfer. Here we have to deal with the overflowing imagination of users with exchanges via USB keys, or 'general public' sharing solutions...

If we don't provide users with a solution, they're going to find it themselves, and that presents a major risk for us.

We therefore have a filtering policy, with all file-sharing solutions blocked as standard. This has the advantage of preventing too much information being sent over unsecured media.

We can't block solutions that don't suit us without offering alternatives that meet our security needs. So we set up a secure file transfer solution, LockTransfer.

What criteria did you use to choose LockTransfer? What needs does this tool meet?

Emmanuel Meyer:

Our policy is not to use mass-market solutions that don't meet professional expectations.

In addition to security, the other requirement is availability, because some of these consumer solutions regularly fall victim to attacks and are unavailable for 12, 24 or 48 hours. This poses a problem if these solutions are used for processes that require availability.

In addition to these needs, there are also the challenges of protecting personal data. I'm of course referring to the RGPD, which means that our customers are making more stringent demands of the data entrusted to us.

The starting point is the regulation, which means that Sogetrel directly has to upgrade its own data to ensure that it is protected. But the bulk of the data we handle is that of our customers, and here it is through contractual requirements that we are seeing a real increase in awareness.

So there are now risks of sanctions if the RGPD is not complied with, with a consequent financial risk for the ecosystem. But I believe that the notion of digital trust is also central, with a balance between users' distrust of solutions and their trust in them, and it's up to us to position the cursor on trust with tools that are adapted to their uses.

Once the LockTransfer solution had been implemented, what applications did it meet?

Emmanuel Meyer:

I'm going to start with the area closest to my job, i.e. the security teams and the IT department.

We have to handle sensitive data because we carry out controls and audits on our IS configurations and infrastructures, and we have to ensure their confidentiality.

When we carry out external intrusion tests, for example, the sharing of these results with our third parties is sensitive by nature, and passes through LockTransfer.

Secondly, in our security business, we have to exchange information with customers, and when they don't have any solutions to offer us, we can make proposals for secure sharing via LockTransfer. These exchanges take place during or after the project.

Another use case, for our sales teams, is the use of partitioned deposit boxes as part of invitations to tender. The solution enables us to make available the elements of the specifications and to receive the bids from the various partners in a partitioned and secure way.

Finally, if you had to give three strong points of the solution?

Emmanuel Meyer:

The first is the ergonomic aspect, with an attractive 'Look & Field' and ease of use. When I present the solution internally, in 1 min 30 s employees are autonomous on the tool.

The other dimension is the fact that we have a 100% French solution with guaranteed data hosting in France (Host: 3DS Outscale).

Finally, of course, there's the ANSSI (Agence Nationale de la Sécurité des Systèmes d'Information) certification. For solutions of this type, hosting in France and ANSSI certification are two very important aspects.

See all software File Transfer

Conclusion

Securing data exchanges is not only the result of a growing awareness on the part of IT Departments of the risks to their information assets, but also of a new regulatory framework which, as it trickles down, is raising the level of requirements for the entire ecosystem.

Faced with these challenges, organisations need to get their staff on board by offering tools tailored to their uses.

From password-protected transfers and the creation of secure, partitioned exchange spaces to direct integration with Office and Gmail clients, LockTransfer makes it easy to implement best practice while maintaining a high level of security.

Sponsored article. The expert contributors are authors independent of the appvizer editorial team. Their comments and positions are their own.