{"id":3804,"date":"2013-06-07T08:52:03","date_gmt":"2013-06-07T07:52:03","guid":{"rendered":"http:\/\/www.solucominsight.fr\/?p=3804"},"modified":"2019-12-31T11:37:54","modified_gmt":"2019-12-31T10:37:54","slug":"cloud-et-securite-mythes-et-realites-partie-1","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/06\/cloud-et-securite-mythes-et-realites-partie-1\/","title":{"rendered":"Cloud et s\u00e9curit\u00e9 : mythes et r\u00e9alit\u00e9s (partie 1)"},"content":{"rendered":"<p><em>La s\u00e9curit\u00e9 est un sujet r\u00e9current lorsque l\u2019on parle de Cloud, \u00e0 tel point qu\u2019elle est devenue pour de nombreux fournisseurs un argument de vente.<\/em><\/p>\n<p><em>En particulier, la question de la protection des donn\u00e9es transmises, trait\u00e9es et sauvegard\u00e9es appara\u00eet comme cruciale. Ces points pr\u00e9occupent aujourd\u2019hui les experts techniques, les managers d\u2019information, et parfois m\u00eame les directions des entreprises.<\/em><\/p>\n<p><em>Le Cloud est-il s\u00fbr\u00a0? Que risque-t-on en l\u2019adoptant\u00a0? Comment y assurer la s\u00e9curit\u00e9 de ses donn\u00e9es\u00a0?<\/em><\/p>\n<h2>Un service moins cher n\u2019est pas forc\u00e9ment moins s\u00e9curis\u00e9<\/h2>\n<p>Il faut voir les risques li\u00e9s au Cloud comme proches de ceux existants sur l\u2019externalisation et la virtualisation\u00a0avec en particulier la perte de contr\u00f4le de ses donn\u00e9es et les risques li\u00e9s aux technologies utilis\u00e9es (virtualisation des syst\u00e8mes et des r\u00e9seaux, automatisation d\u2019un certain nombre de t\u00e2ches, etc.).<\/p>\n<p>Pourtant, de mani\u00e8re g\u00e9n\u00e9rale, nous constatons en France que le niveau moyen de s\u00e9curit\u00e9 des services Cloud est au-dessus du niveau moyen de s\u00e9curit\u00e9 des entreprises. Plusieurs facteurs expliquent cela.<\/p>\n<p>Le fait de fournir un service informatique \u00e0 l\u2019\u00e9tat de l\u2019art (et donc s\u00e9curis\u00e9) est le m\u00e9tier des acteurs du Cloud. Chez la plupart d\u2019entre eux, la mise en place et le respect des proc\u00e9dures de s\u00e9curit\u00e9 fait l\u2019objet d\u2019une attention particuli\u00e8re. Par ailleurs, ils proposent un service industrialis\u00e9\u00a0\u00e0 de nombreux clients\u00a0: les bonnes pratiques exig\u00e9es par l\u2019un peuvent souvent \u00eatre appliqu\u00e9es \u00e0 tous.<\/p>\n<p>Ces fournisseurs sont, enfin, plus expos\u00e9s que la moyenne des entreprises, et ont de vrais enjeux en termes d\u2019image\u00a0: la d\u00e9couverte de faiblesses de s\u00e9curit\u00e9 am\u00e8ne en g\u00e9n\u00e9ral \u00e0 une correction rapide.<\/p>\n<p>Inversement, si un m\u00e9canisme de s\u00e9curit\u00e9 n\u2019est pas offert par un fournisseur (de base ou en option), il sera malheureusement difficile de l\u2019obtenir\u00a0: en s\u00e9curit\u00e9 comme pour les autres fonctionnalit\u00e9s, les offres Cloud manquent souvent de souplesse.<\/p>\n<p>Attention cependant, contrairement \u00e0 une id\u00e9e r\u00e9pandue, toutes les offres Cloud ne se valent pas\u00a0: de v\u00e9ritables diff\u00e9rences peuvent exister d\u2019un fournisseur \u00e0 un autre.<\/p>\n<h2>Des outils d\u00e9di\u00e9s existent\u00a0pour \u00e9valuer ses risques de s\u00e9curit\u00e9<\/h2>\n<p>D\u2019un point de vue s\u00e9curit\u00e9, la d\u00e9marche est celle \u2013 classique \u2013 de l\u2019analyse de risque. Le but est ici d\u2019accompagner les projets de mise en \u0153uvre ou de migration vers le Cloud, et pas de les interdire.<\/p>\n<p>Dans le cas du Cloud, un outillage sp\u00e9cifique commence \u00e0 appara\u00eetre pour r\u00e9aliser cette analyse. En France, l\u2019ANSSI (Agence Nationale de\u00a0 la S\u00e9curit\u00e9 des Syst\u00e8mes d\u2019Information) a publi\u00e9 \u00a0un guide<sup>1<\/sup> pour accompagner les d\u00e9marches de type Cloud computing. Au niveau europ\u00e9en, l\u2019ENISA (European Network and Information Security Agency) fournit une analyse<sup>2<\/sup> g\u00e9n\u00e9rique mais compl\u00e8te des risques li\u00e9s au Cloud.<\/p>\n<p>Outre-Atlantique, l\u2019association Cloud Security Alliance regroupant les acteurs majeurs du Cloud a mis au point son outil Cloud Controls Matrix<sup>3<\/sup>, qui permet de comparer de nombreux fournisseurs sur des crit\u00e8res de s\u00e9curit\u00e9 tr\u00e8s pr\u00e9cis. Si elle est bas\u00e9e sur les seules d\u00e9clarations desdits fournisseurs, cette matrice peut n\u00e9anmoins s\u2019av\u00e9rer utile.<\/p>\n<h2>Les comparaisons th\u00e9oriques \u00a0ne suffisent pas<\/h2>\n<p>Il est parfois difficile de distinguer ce qui est pr\u00e9sent\u00e9 de ce qui est fait en r\u00e9alit\u00e9 en termes de s\u00e9curit\u00e9. Plusieurs crit\u00e8res permettent d\u2019\u00e9valuer les fournisseurs.<\/p>\n<p>Ils peuvent tout d\u2019abord se pr\u00e9valoir de diff\u00e9rentes certifications\u00a0: ISO 27001 (tr\u00e8s adopt\u00e9e et quasiment obligatoire aujourd\u2019hui) et ISAE 3402\/SAE 16 (tr\u00e8s adopt\u00e9es \u00e9galement, requises pour les groupes cot\u00e9s aux \u00c9tats-Unis, dans la ligne de SOX). Des d\u00e9marches sp\u00e9cifiques existent aussi dans certains domaines, comme pour les donn\u00e9es de sant\u00e9 en France, ou PCI-DSS pour les donn\u00e9es de cartes bancaires.<\/p>\n<p>Pour autant, ces certifications ne sont pas toujours une assurance d\u2019un niveau de s\u00e9curit\u00e9 adapt\u00e9. Lors de la phase de choix des fournisseurs ou durant le projet, il appara\u00eet n\u00e9cessaire de poser des questions tr\u00e8s pr\u00e9cises, sans laisser de place \u00e0 des r\u00e9ponses trop larges ou ambigu\u00ebs.<\/p>\n<p>Un certain nombre d\u2019acteurs du Cloud accepteront d\u2019ailleurs de fournir des d\u00e9tails sur le fonctionnement de leur solution, apr\u00e8s signature d\u2019un accord de non-divulgation. Des visites de datacenters sont aussi toujours tr\u00e8s instructives, et permettent parfois de se forger un avis sur la maturit\u00e9 du niveau de s\u00e9curit\u00e9 de l\u2019offre propos\u00e9e.<\/p>\n<p>Certains fournisseurs sont r\u00e9ticents \u00e0 fournir des informations tr\u00e8s pr\u00e9cises pr\u00e9alablement \u00e0 la signature du contrat, ils peuvent alors proposer l\u2019ajout d\u2019une clause permettant de d\u00e9noncer le contrat ult\u00e9rieurement. Mais attention \u00e0 ce m\u00e9canisme, une fois la mise en \u0153uvre d\u00e9marr\u00e9e, faire marche arri\u00e8re est presque impossible\u2026<\/p>\n<p>Enfin, la possibilit\u00e9 de contr\u00f4ler le prestataire Cloud est un crit\u00e8re int\u00e9ressant. Sa capacit\u00e9 \u00e0 accepter un audit diligent\u00e9 par ses clients est en effet une preuve de transparence, voire de confiance en son propre niveau de s\u00e9curit\u00e9.<\/p>\n<p><em><sup>1\u00a0<\/sup><\/em><em>: ANSSI &#8211; Externalisation, Cloud Computing : ma\u00eetriser les risques pour les syst\u00e8mes d&#8217;information (<\/em><a href=\"http:\/\/www.ssi.gouv.fr\/externalisation\/\"><em>http:\/\/www.ssi.gouv.fr\/externalisation\/<\/em><\/a><em>) \u00a0<\/em><\/p>\n<p><em><sup>2\u00a0<\/sup><\/em><em>: ENISA\u00a0 &#8211; Cloud Computing Security Risk Assessment (<\/em><a href=\"http:\/\/www.enisa.europa.eu\/activities\/risk-management\/\"><em>http:\/\/www.enisa.europa.eu\/activities\/risk-management\/<\/em><\/a><em>) <\/em><\/p>\n<p><em><sup>3\u00a0<\/sup><\/em><em>: <\/em>Cloud Security Alliance <em>&#8211; <\/em>Cloud Controls Matrix <em>(<a href=\"https:\/\/cloudsecurityalliance.org\/research\/ccm\/\">https:\/\/cloudsecurityalliance.org\/research\/ccm\/<\/a>) <\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>La s\u00e9curit\u00e9 est un sujet r\u00e9current lorsque l\u2019on parle de Cloud, \u00e0 tel point qu\u2019elle est devenue pour de nombreux fournisseurs un argument de vente. En particulier, la question de la protection des donn\u00e9es transmises, trait\u00e9es et sauvegard\u00e9es appara\u00eet comme&#8230;<\/p>\n","protected":false},"author":13,"featured_media":6269,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[3223,36],"tags":[1166,80,3119,1167,81,355],"coauthors":[801],"class_list":["post-3804","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud-next-gen-it-security","category-cybersecurity-digital-trust","tag-anssi","tag-cloud","tag-cloud-security","tag-enisa","tag-protection-des-donnees","tag-virtualisation"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Cloud et s\u00e9curit\u00e9 : mythes et r\u00e9alit\u00e9s (partie 1)<\/title>\n<meta name=\"description\" content=\"La s\u00e9curit\u00e9 est un sujet r\u00e9current lorsque l\u2019on parle de Cloud, \u00e0 tel point qu\u2019elle est devenue pour de nombreux fournisseurs un argument de vente. En particulier, la question de la protection des donn\u00e9es transmises, trait\u00e9es et sauvegard\u00e9es appara\u00eet comme cruciale. Ces points pr\u00e9occupent aujourd\u2019hui les experts techniques, les managers d\u2019information, et parfois m\u00eame les directions des entreprises. Le Cloud est-il s\u00fbr ? Que risque-t-on en l\u2019adoptant ? Comment y assurer la s\u00e9curit\u00e9 de ses donn\u00e9es ?\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/06\/cloud-et-securite-mythes-et-realites-partie-1\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cloud et s\u00e9curit\u00e9 : mythes et r\u00e9alit\u00e9s (partie 1)\" \/>\n<meta property=\"og:description\" content=\"La s\u00e9curit\u00e9 est un sujet r\u00e9current lorsque l\u2019on parle de Cloud, \u00e0 tel point qu\u2019elle est devenue pour de nombreux fournisseurs un argument de vente. En particulier, la question de la protection des donn\u00e9es transmises, trait\u00e9es et sauvegard\u00e9es appara\u00eet comme cruciale. Ces points pr\u00e9occupent aujourd\u2019hui les experts techniques, les managers d\u2019information, et parfois m\u00eame les directions des entreprises. Le Cloud est-il s\u00fbr ? Que risque-t-on en l\u2019adoptant ? Comment y assurer la s\u00e9curit\u00e9 de ses donn\u00e9es ?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/06\/cloud-et-securite-mythes-et-realites-partie-1\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2013-06-07T07:52:03+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-12-31T10:37:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/11\/matrice-bleue-security-fotolia42290836m-voyager624-fotolia.com_.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1378\" \/>\n\t<meta property=\"og:image:height\" content=\"1378\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Chadi Hantouche\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chadi Hantouche\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/06\/cloud-et-securite-mythes-et-realites-partie-1\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/06\/cloud-et-securite-mythes-et-realites-partie-1\/\"},\"author\":{\"name\":\"Chadi Hantouche\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/f79d84b363b7e5b8090ca3839d396efc\"},\"headline\":\"Cloud et s\u00e9curit\u00e9 : mythes et r\u00e9alit\u00e9s (partie 1)\",\"datePublished\":\"2013-06-07T07:52:03+00:00\",\"dateModified\":\"2019-12-31T10:37:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/06\/cloud-et-securite-mythes-et-realites-partie-1\/\"},\"wordCount\":942,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/06\/cloud-et-securite-mythes-et-realites-partie-1\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/11\/matrice-bleue-security-fotolia42290836m-voyager624-fotolia.com_.jpg\",\"keywords\":[\"ANSSI\",\"Cloud\",\"Cloud security\",\"ENISA\",\"protection des donn\u00e9es\",\"virtualisation\"],\"articleSection\":[\"Cloud &amp; Next-Gen IT Security\",\"Cybersecurity &amp; Digital Trust\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/06\/cloud-et-securite-mythes-et-realites-partie-1\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/06\/cloud-et-securite-mythes-et-realites-partie-1\/\",\"name\":\"Cloud et s\u00e9curit\u00e9 : mythes et r\u00e9alit\u00e9s (partie 1)\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/06\/cloud-et-securite-mythes-et-realites-partie-1\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/06\/cloud-et-securite-mythes-et-realites-partie-1\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/11\/matrice-bleue-security-fotolia42290836m-voyager624-fotolia.com_.jpg\",\"datePublished\":\"2013-06-07T07:52:03+00:00\",\"dateModified\":\"2019-12-31T10:37:54+00:00\",\"description\":\"La s\u00e9curit\u00e9 est un sujet r\u00e9current lorsque l\u2019on parle de Cloud, \u00e0 tel point qu\u2019elle est devenue pour de nombreux fournisseurs un argument de vente. En particulier, la question de la protection des donn\u00e9es transmises, trait\u00e9es et sauvegard\u00e9es appara\u00eet comme cruciale. Ces points pr\u00e9occupent aujourd\u2019hui les experts techniques, les managers d\u2019information, et parfois m\u00eame les directions des entreprises. Le Cloud est-il s\u00fbr ? Que risque-t-on en l\u2019adoptant ? Comment y assurer la s\u00e9curit\u00e9 de ses donn\u00e9es ?\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/06\/cloud-et-securite-mythes-et-realites-partie-1\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/06\/cloud-et-securite-mythes-et-realites-partie-1\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/06\/cloud-et-securite-mythes-et-realites-partie-1\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/11\/matrice-bleue-security-fotolia42290836m-voyager624-fotolia.com_.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/11\/matrice-bleue-security-fotolia42290836m-voyager624-fotolia.com_.jpg\",\"width\":1378,\"height\":1378},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/06\/cloud-et-securite-mythes-et-realites-partie-1\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cloud et s\u00e9curit\u00e9 : mythes et r\u00e9alit\u00e9s (partie 1)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/f79d84b363b7e5b8090ca3839d396efc\",\"name\":\"Chadi Hantouche\",\"description\":\"Chadi Hantouche is a Cybersecurity and Digital Trust Senior Manager at Wavestone. For more than a decade, he has helped companies assessing their risk and maturity level, and defining associated solutions. He has a focus on security to support innovative technologies (Big Data, Internet of Things, Cloud computing, Mobility) as well as prevention and reaction against cyberattacks. Chadi is a CISSP, ISO 27001 LI and ITIL certified professional. He is a regular speaker on French and international TV channels, newspapers and conferences, and lecturer in several computer science universities.\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/chadi-hantouche\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cloud et s\u00e9curit\u00e9 : mythes et r\u00e9alit\u00e9s (partie 1)","description":"La s\u00e9curit\u00e9 est un sujet r\u00e9current lorsque l\u2019on parle de Cloud, \u00e0 tel point qu\u2019elle est devenue pour de nombreux fournisseurs un argument de vente. En particulier, la question de la protection des donn\u00e9es transmises, trait\u00e9es et sauvegard\u00e9es appara\u00eet comme cruciale. Ces points pr\u00e9occupent aujourd\u2019hui les experts techniques, les managers d\u2019information, et parfois m\u00eame les directions des entreprises. Le Cloud est-il s\u00fbr ? Que risque-t-on en l\u2019adoptant ? Comment y assurer la s\u00e9curit\u00e9 de ses donn\u00e9es ?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/06\/cloud-et-securite-mythes-et-realites-partie-1\/","og_locale":"en_US","og_type":"article","og_title":"Cloud et s\u00e9curit\u00e9 : mythes et r\u00e9alit\u00e9s (partie 1)","og_description":"La s\u00e9curit\u00e9 est un sujet r\u00e9current lorsque l\u2019on parle de Cloud, \u00e0 tel point qu\u2019elle est devenue pour de nombreux fournisseurs un argument de vente. En particulier, la question de la protection des donn\u00e9es transmises, trait\u00e9es et sauvegard\u00e9es appara\u00eet comme cruciale. Ces points pr\u00e9occupent aujourd\u2019hui les experts techniques, les managers d\u2019information, et parfois m\u00eame les directions des entreprises. Le Cloud est-il s\u00fbr ? Que risque-t-on en l\u2019adoptant ? Comment y assurer la s\u00e9curit\u00e9 de ses donn\u00e9es ?","og_url":"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/06\/cloud-et-securite-mythes-et-realites-partie-1\/","og_site_name":"RiskInsight","article_published_time":"2013-06-07T07:52:03+00:00","article_modified_time":"2019-12-31T10:37:54+00:00","og_image":[{"width":1378,"height":1378,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/11\/matrice-bleue-security-fotolia42290836m-voyager624-fotolia.com_.jpg","type":"image\/jpeg"}],"author":"Chadi Hantouche","twitter_misc":{"Written by":"Chadi Hantouche","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/06\/cloud-et-securite-mythes-et-realites-partie-1\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/06\/cloud-et-securite-mythes-et-realites-partie-1\/"},"author":{"name":"Chadi Hantouche","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/f79d84b363b7e5b8090ca3839d396efc"},"headline":"Cloud et s\u00e9curit\u00e9 : mythes et r\u00e9alit\u00e9s (partie 1)","datePublished":"2013-06-07T07:52:03+00:00","dateModified":"2019-12-31T10:37:54+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/06\/cloud-et-securite-mythes-et-realites-partie-1\/"},"wordCount":942,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/06\/cloud-et-securite-mythes-et-realites-partie-1\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/11\/matrice-bleue-security-fotolia42290836m-voyager624-fotolia.com_.jpg","keywords":["ANSSI","Cloud","Cloud security","ENISA","protection des donn\u00e9es","virtualisation"],"articleSection":["Cloud &amp; Next-Gen IT Security","Cybersecurity &amp; Digital Trust"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/06\/cloud-et-securite-mythes-et-realites-partie-1\/","url":"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/06\/cloud-et-securite-mythes-et-realites-partie-1\/","name":"Cloud et s\u00e9curit\u00e9 : mythes et r\u00e9alit\u00e9s (partie 1)","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/06\/cloud-et-securite-mythes-et-realites-partie-1\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/06\/cloud-et-securite-mythes-et-realites-partie-1\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/11\/matrice-bleue-security-fotolia42290836m-voyager624-fotolia.com_.jpg","datePublished":"2013-06-07T07:52:03+00:00","dateModified":"2019-12-31T10:37:54+00:00","description":"La s\u00e9curit\u00e9 est un sujet r\u00e9current lorsque l\u2019on parle de Cloud, \u00e0 tel point qu\u2019elle est devenue pour de nombreux fournisseurs un argument de vente. En particulier, la question de la protection des donn\u00e9es transmises, trait\u00e9es et sauvegard\u00e9es appara\u00eet comme cruciale. Ces points pr\u00e9occupent aujourd\u2019hui les experts techniques, les managers d\u2019information, et parfois m\u00eame les directions des entreprises. Le Cloud est-il s\u00fbr ? Que risque-t-on en l\u2019adoptant ? Comment y assurer la s\u00e9curit\u00e9 de ses donn\u00e9es ?","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/06\/cloud-et-securite-mythes-et-realites-partie-1\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/en\/2013\/06\/cloud-et-securite-mythes-et-realites-partie-1\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/06\/cloud-et-securite-mythes-et-realites-partie-1\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/11\/matrice-bleue-security-fotolia42290836m-voyager624-fotolia.com_.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2014\/11\/matrice-bleue-security-fotolia42290836m-voyager624-fotolia.com_.jpg","width":1378,"height":1378},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/06\/cloud-et-securite-mythes-et-realites-partie-1\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Cloud et s\u00e9curit\u00e9 : mythes et r\u00e9alit\u00e9s (partie 1)"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/f79d84b363b7e5b8090ca3839d396efc","name":"Chadi Hantouche","description":"Chadi Hantouche is a Cybersecurity and Digital Trust Senior Manager at Wavestone. For more than a decade, he has helped companies assessing their risk and maturity level, and defining associated solutions. He has a focus on security to support innovative technologies (Big Data, Internet of Things, Cloud computing, Mobility) as well as prevention and reaction against cyberattacks. Chadi is a CISSP, ISO 27001 LI and ITIL certified professional. He is a regular speaker on French and international TV channels, newspapers and conferences, and lecturer in several computer science universities.","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/chadi-hantouche\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/3804","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=3804"}],"version-history":[{"count":6,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/3804\/revisions"}],"predecessor-version":[{"id":6279,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/3804\/revisions\/6279"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/6269"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=3804"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=3804"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=3804"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=3804"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}