Oodrive obtains SecNumCloud Qualification

News 10.27.2020 3min Last update : 11.01.2020

  • Oodrive is the first player to obtain the ANSSI (French National Cybersecurity Agency) Security Visa through SecNumCloud qualification for all its Private Cloud services.
  • The SecNumCloud qualification issued by ANSSI marks the completion of the quality and security process started by Oodrive several years ago.

Paris, January 22, 2019 – The European leader in sensitive data management, the Oodrive Group, is successfully achieving its growth targets and consolidating its position as leader in Europe by obtaining the ANSSI Security Visa for its SecNumCloud qualification. Following its ISO 27001:2013 qualification, this new distinction enhances the aspects of security and European data sovereignty ensured by Oodrive solutions. In the course of obtaining this new qualification, Oodrive relied on a cutting-edge standard and implemented the key points expected by ANSSI.

Qualification based on fundamental requirements

To obtain this qualification, it is necessary to meet requirements for Cloud Computing providers established by ANSSI under a standard named SecNumCloud. This standard was jointly produced by ANSSI together with Cloud service providers and, more recently, the French National Commission for Information Technology and Civil Liberties (CNIL). The latest version therefore takes into account the General Data Protection Regulation (GDPR) that came into force on May 25, 2018.

It is necessary to raise the level of technical, organizational, contractual and regulatory compliance in order to obtain SecNumCloud qualification, which was initially based on ISO 27001 specifications and then greatly intensified technically and supplemented by European data localization and service commitments.

SecNumCloud qualification is valid for 3 years, with a supervisory audit halfway through. This audit allows ANSSI to identify any changes in the services offered and any necessary adjustments to be provided by Oodrive.

Commenting on this, François-Xavier Vincent, the Chief Information Security Officer (CISO) of the Oodrive Group, said: “We are delighted to be the first player to receive the ANSSI Security Visa for SecNumCloud qualification, one of many distinctions that have confirmed Oodrive’s data security expertise. It is a real sign of confidence that enables us to stand out from our competitors”.

Significant investment in security

In compliance with the SecNumCloud standard, Oodrive has set up and consolidated many aspects of physical, organizational and contractual security. By way of example, the information system security policy (ISSP) and risk analysis methodology have been updated to expressly incorporate all the requirements of the standard. As regards security processes, the SecNumCloud version of Oodrive solutions are installed on an ultra-secure Private Cloud infrastructure favoring state-of-the-art, ANSSI-certified technologies such as OTP (One-Time Password) authentication and SIEM (Security Information and Event Management), enabling real-time detection of security incidents. In addition, the SecNumCloud services offered by Oodrive systematically include two physical HSM modules for user data encryption, which cannot be transmitted to a third party without the client’s consent.

Moreover, heightened video-surveillance and new security gates based on access control badges have been installed to protect our development, production and administrative sites. In addition to complying with laws and regulations such as the GDPR, Oodrive has also decided to set up audits of architecture, configuration, codes and penetration tests performed by ANSSI-accredited Information System Security Auditor Service Providers (PASSI).

SecNumCloud: a sign of confidence in Oodrive services

As a leader in sensitive data management on the Cloud, Oodrive now offers three Private Cloud solutions with SecNumCloud qualification obtained from ANSSI: iExtranet, PostFiles and BoardNox. The Group is now able to provide its clients, particularly critical operators (called “operators of vital importance”) and government bodies, with certified solutions enabling them to meet ANSSI’s recommended security requirements.

Moreover, to achieve EU-wide recognition of the high level of confidence and security provided by SecNumCloud qualification, Oodrive is contributing, alongside ANSSI and other partners, to a European working group on security qualification of Cloud services, with a focus on the SecNumCloud standard.