The data sanctuary: opening the cloud to the most sensitive digital assets

Jean-Baptiste Voron

Senior Cybersecurity Manager and Consultant, Atos

Pierre Brun-Murol

Cybersecurity Consultant, Atos

Posted on: 20 January 2020

Your team is international, spread across every corner of the globe. They’re working on a highly sensitive project. They may be crafting strategic documents, legal documents or perhaps developing some Intellectual Property.

They need to collaborate. They need to send and receive emails. They need to edit content simultaneously. But, while the Cloud is very secure, you feel anxious about them collaborating there. The project they’re working on is just too sensitive.

What if a member of staff sold or shared our information?

o   If sensitive information was leaked during the M&A process, our share price could tumble.

o   If legal documents were made available to someone suing us, we would struggle to defend our position.

o   If an international call for tenders was leaked, it might be of strategic value to our competitors.

-          What if a Chinese firm hacked into my IP and copied my product? That would be a disaster for my company.

-          What if the US Department of Justice compelled one of the big techs to hand over our data? That could happen without us knowing.

-          What if a big tech was infiltrated by a hacker? They might be able to hold my company to ransom.

The security offered by the Cloud is more than adequate for most projects, and even better than most of the data centers we know. However, some projects – around three percent of projects – are just too sensitive for the Cloud. Or are they?

A sanctuary in the Cloud

Imagine if you could create a sanctuary in the Cloud where that project is protected by an extra layer of security under your control. It would, in some ways, be like a security box in a bank: providing extra protection and privacy for your (digital) assets within an environment that is already extremely secure. Your files and your emails – are encrypted, and only you hold the key. You define who can access what, who can edit what and who can share what. You have the power to sanction and revoke permissions, as and when you need to.

No-one else – not even the big tech companies or governments – can access (or even see) your information without your permission. A Google search would draw a blank. A US Department of Justice request would have to go through you. and since this space is entirely disconnected from your company’s classical/legacy IT, hackers, spies and activists around the world would not even know that your digital assets exist. Even if you are the victim of a targeted attack, this sanctuary remains isolated, out of touch and under the additional protection of a trusted third-party. It is actively monitored 24 hours a day, seven days a week. Any unwelcome intruders are quickly flagged and dealt with. If anyone tried to search for information relating to it on Google, you’d know about it in a flash.

Such a ‘data sanctuary’ would be a perfect virtual home for companies seeking a secure space in the Cloud that can provide security, privacy and legal protection for storing sensitive or controversial information. It would provide the reassurance around the myriad of potential ‘What if?’ scenarios.

Security, privacy and legal protection

But who should provide it? You couldn’t ask the big tech players providing your cloud environment or office suites to offer that extra layer of protection. What if they were infiltrated? Or subpoenaed? Or breached? It would need to be provided by a third-party, most likely as a service.

A cloud provider – with their massive storage and compute capabilities – would provide the storage, and you always know where your data is. The third-party would provide the encryption and decryption capabilities, but you would hold the key. The third-party would provide access and identity management, but you would control identities and their access to your assets. You are the master of your information – in the Cloud.

Your team could then take advantage of the flexible working practices and efficient collaboration offered by the Cloud. And it would need to be provided in a way that does not impact the end-user experience. You don’t want your team to have to wade through a wealth of security procedures each time they need to edit some content or send an email; you need to give them a seamless experience that looks and feels just like they were using their normal collaboration tools.

They could work on even the most sensitive of information – information that you previously only ever kept inside your company – from different locations. And the third-party would monitor your sanctuary closely, with a high level of transparency that keeps you up to speed on any unusual behavior.

Veolia, a world leader in utilities, chose us to develop a sanctuary in the cloud. Employees can confidently manage their documents in the Cloud while benefiting from the G Suite user experience. The service includes encryption key control, access management and identity governance, cybersecurity products, 24/7 monitoring capability, support and training.

While our service currently covers G Suite, but we’re working on an option for Office 365 too. We’ll also be adding new capabilities so non-human collaborators – such as artificial intelligence capabilities – can also benefit from the protection and privacy of a data sanctuary, building trust at a time when non-human actors are becoming a bigger part of all our lives. And we’re looking at other use cases: where organizations may have geopolitical concerns (election platforms, for instance) or concerns about laws in foreign countries (such as high-level international industry leaders). Watch this space.

Share this blog article


About Jean-Baptiste Voron

Senior Cybersecurity Manager and Consultant, Atos
Jean-Baptiste Voron has been working for ten years with the Chief Information Security Officers of major French groups on new cybersecurity issues. With Atos since 2012 as an expert consultant in IT security governance and strategy, he is now responsible for the portfolio of cybersecurity offerings in France and leads the team in charge of cybersecurity pre-sales covering a range of more than fifty technologies and partners. He frequently works with Atos' strategic clients internationally in the design and deployment of cybersecurity solutions. Jean-Baptiste holds a PhD in IT security (joint US/French thesis) and a master’s degree in complex systems and applications from Pierre & Marie Curie University.

Follow or contact Jean-Baptiste


About Pierre Brun-Murol

Cybersecurity Consultant, Atos
Pierre Brun-Murol has been working in Cybersecurity for 9 years, first as a student researcher then as an integrator and finally as a cybersecurity architect.Since he entered Atos in 2013, he contributed to various major cybersecurity projects and pre-sales in numerous cybersecurity areas of expertise: SIEM/SOC, Privileged Access Management, Cloud Security, etc. He is now part of the portfolio team for cybersecurity offerings in France. As such, he is working to align Atos French offers with first Atos' clients’ needs and second with the strong innovation that occurs in cybersecurity.Pierre holds an Engineer degree from Supelec and a research-based master’s degree in applied sciences (Computer Engineering) from Polytechnique Montreal.

Follow or contact Pierre