“We will offer the highest level of protection against the Cloud Act” (Marc Darmon, Thales)

Tribune: VWe presented your trusted cloud business offering. In France, it is now more a matter of cloud of trust than of sovereign cloud. It’s a change of course. Does that mean we can not do without GAFAM?
Mark Darmon:
There are many notions that are in fact subjective notions: sure cloud, sovereignty cloud, sovereign cloud. The French administration has decided to launch a very specific concept called the trusted cloud. This trusted cloud is synonymous with a certification called SecNumCloud. To achieve this, you need to tick a number of very important technical criteria in terms of cybersecurity, network separation, identity management, management criteria such as company shareholding, operators nationality, etc … This trusted cloud is therefore a very accurate concept, unlike the sovereign cloud, the cloud of sovereignty or even the secure cloud. Several types of solutions can therefore achieve the SecNumCloud brand in France.

Do you include solutions from solutions provided by GAFAM?
In fact, by using “non-100% French” solutions, you can still achieve certification as long as you add a set of restrictions: technical, cyber security, identity management and governance rules set by the administration and branded by ANSSI. So we can do without GAFAM, but we can also, if we put all the necessary protections, do with it to offer all services that are fully safe and protected according to the standard.

USDo you understand the criticism that came last fall when you introduced your trusted cloud offering with Google? Did you get the wolf in the fold?
Today, US hyperscalers are extremely present in the cloud market in France. Companies, lifesaving operators, critical security operators are moving massively to the standard public cloud. By creating this brand and finding solutions to respect it while using hyperscaler technologies, we offer a higher level of security that did not exist before. The idea is to have the best of both worlds: the power of a platform like Google Cloud with security rules certified by ANSSI. These rules are extremely precise and provide the necessary security. Without our offer, there would be many companies that would be on clouds of American hyperscales without security.

Within your partnership with Google, what rules have you put in place to get the brand reliable cloud?
Our premises, servers and staff are French. We have set up a company under French law (S3NS) which is fully controlled by Thales. We respect all the rules required by ANSSI. We are even beyond what the norm sets, as Google will be a very minority shareholder in S3NS. This company is fully controlled by Thales without any administrator from Google. It will have full freedom for its commercial policy, for its choice of partners, for its offer structure …

Will Google’s share reach 20%?
It does not reach this level and is well below the SecNumCloud tagging criteria. As a reminder, SecNumCloud defines the maximum shareholding of a non-European player at 24%, we are far below in our case.

SerWill the glasses be manufactured by French companies?
There are no servers that are 100% made in France, but Thales will own them.

Will your customers be protected from the laws US extraterritorial?
We will offer the highest level of protection against the Cloud Act certified by ANSSI’s SecNumCloud brand.

How will you do it?
Google, which has to adapt its software to allow real separation, will not be connected to S3NS. So there will be both software and physical separation. ANSSI will mark and certify the separation and safety levels it has specified.

What is the amount of investment to create this device and its commercial offerings?
We can not communicate these elements. S3NS is in fact an industrial company that will manage infrastructures and operate systems. It will make industrial investments. Specifically, S3NS will invest in premises, security solutions (encryption), data centers, servers, routers to get a clean network. This S3NS company will also have more than a hundred people in the long run. Google, for its part, has several hundred people working at Google Cloud on this project. ISLANDn is on a very significant total investment.

What is the market return on your offer?
The cloud market in France, which is valued at between 10 and 15 billion euros, is a very fast growing market. He responds very well to our offer. We met 40 customers, including vital operators and essential services operators, to test our offerings. They were unanimously very interested in the concept of cloud of trust. They tell us it was exactly what they wanted. Be the best of both worlds. And then we already have six companies to play “early-adopters”. They will be the first to test our solutions. And these six private and semi-public companies will sign commercial contracts for our midterm in July. This solution allows our customers to drive their journey towards our trusted cloud offering, which will be ready in 2024.

How do you plan the rise in S3NS?
The timeline is specific. In 2022 and 2023, we will implement our Local Controls solution with S3NS, with security solutions, and we will train our engineers for the opening of the trusted cloud service brand SecNumCloud in 2024. It will take several years to reach the revenue we aim for against. for but our goal could be achieved quite quickly.

Have you defined the revenue sharing between Thales and Google?
The model is defined and will in particular depend on the commercial price that will be set and each individual investment. The price will be more expensive than normal cloud, but not much more expensive. The offer must be available. There is nothing worse than companies circumventing the rule and the restrictions due to high costs. We are all motivated to offer a solution that is attractive and we are able to enter into commercial exchanges on this offer now.

Is this trusted cloud offering targeted at defense ministries for secret defense data?
None. The SecNumCloud-certified trusted cloud is the highest level of security for a cloud that is not defense-classified. But we, Thales, have a whole host of defense clouds, which are generally private clouds, owned by the defense ministries.

With the advent of quantum, will your trusted cloud be resistant to this technology?
We are already working on post-quantum cryptography solutions that are resistant to the quantum computer. We are also among the leaders in the certification and standardization of these algorithms. We have integration plans in our encryption solutions to integrate post-quantum algorithms when needed, knowing that Thales is a leader in cryptography.