{"id":3917,"date":"2013-07-10T10:24:23","date_gmt":"2013-07-10T09:24:23","guid":{"rendered":"http:\/\/www.solucominsight.fr\/?p=3917"},"modified":"2019-12-31T11:36:12","modified_gmt":"2019-12-31T10:36:12","slug":"cloud-et-securite-mythes-et-realite-partie-2","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/07\/cloud-et-securite-mythes-et-realite-partie-2\/","title":{"rendered":"Cloud et s\u00e9curit\u00e9 : mythes et r\u00e9alit\u00e9 (partie 2)"},"content":{"rendered":"<p>Comme nous l\u2019avons pr\u00e9sent\u00e9 dans un <a title=\"Cloud et s\u00e9curit\u00e9 : mythes et r\u00e9alit\u00e9s (partie 1)\" href=\"http:\/\/www.solucominsight.fr\/2013\/06\/cloud-et-securite-mythes-et-realites-partie-1\/\">pr\u00e9c\u00e9dent article<\/a>, une d\u00e9marche \u00e9clair\u00e9e permet de choisir un fournisseur de Cloud computing dont l\u2019offre est adapt\u00e9e au besoin de l\u2019entreprise.<\/p>\n<p>Pour autant, m\u00eame une fois cette d\u00e9marche men\u00e9e \u00e0 bout, plusieurs doutes persistent.<\/p>\n<p>Si l\u2019actualit\u00e9 r\u00e9cente a fait \u00e9clater <a title=\"R\u00e9v\u00e9lations sur les capacit\u00e9s d\u2019\u00e9coute et d\u2019action de la NSA aux Etats-Unis (PRISM) : une chance pour le RSSI ?\" href=\"http:\/\/www.solucominsight.fr\/2013\/06\/revelations-sur-les-capacites-decoute-et-daction-de-la-nsa-aux-etats-unis-prism-une-chance-pour-le-rssi\/\" target=\"_blank\" rel=\"noopener noreferrer\">l\u2019affaire PRISM<\/a> , la r\u00e9alit\u00e9 des acc\u00e8s aux donn\u00e9es est pourtant connue depuis de nombreuses ann\u00e9es.<\/p>\n<h2>\u00a0<strong>Les risques d\u2019acc\u00e8s aux donn\u00e9es sont r\u00e9els, depuis longtemps<\/strong><\/h2>\n<p>Les quelques ann\u00e9es de recul et d\u2019exp\u00e9rience sur le Cloud montrent que les craintes quant \u00e0 l\u2019acc\u00e8s aux donn\u00e9es h\u00e9berg\u00e9es \u00e0 l\u2019\u00e9tranger sont justifi\u00e9es.<\/p>\n<p>L\u2019exemple le plus souvent cit\u00e9 est celui du <em>USA PATRIOT Act<\/em> : sur requ\u00eate du gouvernement am\u00e9ricain et apr\u00e8s contr\u00f4le par un juge, toute entreprise am\u00e9ricaine, ou situ\u00e9e sur le sol am\u00e9ricain, ainsi que tout citoyen am\u00e9ricain (o\u00f9 qu\u2019il soit), se doivent de fournir aux autorit\u00e9s un acc\u00e8s aux donn\u00e9es auxquelles ils ont acc\u00e8s. Dans le cas d\u2019une entreprise de droit am\u00e9ricain, l\u2019obligation s\u2019\u00e9tend en dehors du territoire national\u00a0: si ses infrastructures sont situ\u00e9es en Union Europ\u00e9enne, la loi s\u2019applique.<\/p>\n<p>Le <a href=\"http:\/\/www.syntec-numerique.fr\/\">Syntec Num\u00e9rique a publi\u00e9 un \u00e9clairage<\/a> int\u00e9ressant sur le sujet en avril 2013. On y pr\u00e9cise notamment\u00a0 qu\u2019un contr\u00f4le par un juge peut \u00eatre r\u00e9alis\u00e9 avant la divulgation des donn\u00e9es\u2026 Ou apr\u00e8s, donc trop tard pour l\u2019emp\u00eacher.<\/p>\n<p>Cette loi pose donc \u00a0en th\u00e9orie le probl\u00e8me de la confidentialit\u00e9 des donn\u00e9es. Dans la r\u00e9alit\u00e9, ces craintes se justifient principalement si les donn\u00e9es manipul\u00e9es ont un niveau de sensibilit\u00e9 tr\u00e8s \u00e9lev\u00e9\u00a0: \u00e9tatiques (administrations, d\u00e9fense, etc.), strat\u00e9giques pour l\u2019entreprise dans un environnement \u00e0 forts enjeux concurrentiels, g\u00e9opolitiques, etc.<\/p>\n<p>Pour autant, et c\u2019est un aspect moins connu, la majorit\u00e9 des gouvernements mondiaux disposent de pr\u00e9rogatives \u00e9quivalentes. Le grand cabinet d\u2019avocats <a href=\"http:\/\/www.hoganlovells.com\/\">Hogan Lovells a publi\u00e9 une \u00e9tude \u00e0 ce sujet en 2012<\/a>, incluant notamment un comparatif des l\u00e9gislations de 10 grands pays sur l\u2019acc\u00e8s aux donn\u00e9es Cloud\u00a0: beaucoup (dont la France) disposent de pr\u00e9rogatives similaires, parfois plus larges et moins contr\u00f4l\u00e9es.<br \/>\nPourquoi alors se focalise-t-on g\u00e9n\u00e9ralement sur le USA Patriot Act\u00a0? Principalement car les acteurs majeurs du Cloud sont aujourd\u2019hui am\u00e9ricains, \u00a0donc soumis \u00e0 la l\u00e9gislation am\u00e9ricaine.<\/p>\n<p>Cependant, ne consid\u00e9rer que l\u2019aspect strictement l\u00e9gal est encore trop r\u00e9ducteur\u00a0: l\u2019entreprise doit \u00e9galement se demander si le pays sur le sol duquel ses \u00a0donn\u00e9es critiques sont h\u00e9berg\u00e9es a des int\u00e9r\u00eats allant dans le m\u00eame sens que les siens.<\/p>\n<p>Dans tous les cas, les conseils de juristes sp\u00e9cialis\u00e9s sont indispensables pour avoir une position pr\u00e9cise et adapt\u00e9e.<\/p>\n<h2><sup>\u00a0<\/sup>Les fournisseurs fran\u00e7ais de Cloud computing, solution du probl\u00e8me\u00a0?<\/h2>\n<p>Sur le papier, stocker ou traiter ses donn\u00e9es chez un prestataire de droit fran\u00e7ais sur le sol fran\u00e7ais semble la solution id\u00e9ale\u2026 \u00a0en th\u00e9orie seulement.<\/p>\n<p>En effet, de nombreuses fournisseurs fran\u00e7ais ont des centres de traitement et de stockage dans le monde entier\u2026 M\u00eame si vos donn\u00e9es n\u2019y sont ni stock\u00e9es ni trait\u00e9es, ceux-ci pourraient \u00eatre connect\u00e9s aux centres situ\u00e9s sur le sol fran\u00e7ais (et donc permettre d\u2019y donner acc\u00e8s \u00e0 distance).<\/p>\n<p>Au-del\u00e0 des donn\u00e9es, se pose la question des \u00e9quipes d\u00e9centralis\u00e9es : un Cloud h\u00e9berg\u00e9 en France, mais dont les \u00e9quipes d\u2019administration sont situ\u00e9es aux quatre coins du monde (par exemple pour fournir un support 24\/7) doit \u00e9galement faire l\u2019objet d\u2019attentions.<\/p>\n<p>Une fois encore, tous ces risques sont \u00e0 relativiser\u00a0: ils ne concernent que les donn\u00e9es r\u00e9ellement sensibles.<\/p>\n<h2>Entre protections juridiques et solutions techniques, la bonne parade reste encore \u00e0 trouver<\/h2>\n<p>Un moyen de se prot\u00e9ger des divulgations ind\u00e9sirables pourrait consister en l\u2019ajout de clauses contractuelles interdisant \u00e0 son fournisseur de le faire. Malheureusement, ce dernier risque de ne tenir aucun compte desdites clauses lorsqu\u2019une demande officielle de son gouvernement lui parviendra. Pire, dans le cas des lois am\u00e9ricaines, il peut lui \u00eatre interdit d\u2019avertir le propri\u00e9taire des donn\u00e9es que celles-ci ont \u00e9t\u00e9 transmises (il s\u2019agit du principe de <em>gag order<\/em>).<\/p>\n<p>Dans certains cas, il est possible de prendre certaines pr\u00e9cautions tr\u00e8s sp\u00e9cifiques. Nous conseillons parfois \u00e0 nos clients de demander l\u2019isolation de leurs donn\u00e9es \u00a0dans le datacenter du fournisseur, dans une salle sous alarme dont seule l\u2019entreprise d\u00e9tient la cl\u00e9. L\u00e0 encore, cela n\u2019emp\u00eachera pas un acc\u00e8s aux donn\u00e9es, mais permettra au moins \u00e0 l\u2019entreprise d\u2019en avoir connaissance.<\/p>\n<p>Une v\u00e9ritable solution pourrait provenir de la technologie\u00a0: un chiffrement ad\u00e9quat des donn\u00e9es permettrait de s\u2019assurer que m\u00eame en cas d\u2019acc\u00e8s aux donn\u00e9es, celles-ci sont correctement prot\u00e9g\u00e9es. Cela n\u00e9cessite des technologies de chiffrement de confiance (par exemple en France, qualifi\u00e9es par l\u2019ANSSI), afin que les donn\u00e9es soient s\u00e9curis\u00e9es sur tout leur parcours\u00a0: pendant leur transmission sur le r\u00e9seau, au moment de leur utilisation, et lorsqu\u2019elles sont stock\u00e9es dans le Cloud.<\/p>\n<p align=\"left\">\u00c0 ce titre, le<a title=\"Chiffrement : la cl\u00e9 d\u2019un cloud computing s\u00e9curis\u00e9 ?\" href=\"http:\/\/www.solucominsight.fr\/2013\/05\/chiffrement-la-cle-dun-cloud-computing-securise\/\" target=\"_blank\" rel=\"noopener noreferrer\"> chiffrement dit \u00ab\u00a0homomorphique\u00a0\u00bb<\/a> constitue une perspective d\u2019avenir int\u00e9ressante\u2026<\/p>\n<div>\n<hr align=\"left\" size=\"1\" width=\"33%\" \/>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Comme nous l\u2019avons pr\u00e9sent\u00e9 dans un pr\u00e9c\u00e9dent article, une d\u00e9marche \u00e9clair\u00e9e permet de choisir un fournisseur de Cloud computing dont l\u2019offre est adapt\u00e9e au besoin de l\u2019entreprise. Pour autant, m\u00eame une fois cette d\u00e9marche men\u00e9e \u00e0 bout, plusieurs doutes persistent&#8230;.<\/p>\n","protected":false},"author":13,"featured_media":6227,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[3223,36,35],"tags":[1145,80,3119,59,3296,81],"coauthors":[801],"class_list":["post-3917","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud-next-gen-it-security","category-cybersecurity-digital-trust","category-strategie-projets-it","tag-chiffrement","tag-cloud","tag-cloud-security","tag-donnees","tag-patriot-act","tag-protection-des-donnees"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Cloud et s\u00e9curit\u00e9 : mythes et r\u00e9alit\u00e9<\/title>\n<meta name=\"description\" content=\"Comme nous l\u2019avons pr\u00e9sent\u00e9 dans un pr\u00e9c\u00e9dent article, une d\u00e9marche \u00e9clair\u00e9e permet de choisir un fournisseur de Cloud computing dont l\u2019offre est adapt\u00e9e au besoin de l\u2019entreprise. Pour autant, m\u00eame une fois cette d\u00e9marche men\u00e9e \u00e0 bout, plusieurs doutes persistent. Si l\u2019actualit\u00e9 r\u00e9cente a fait \u00e9clater l\u2019affaire PRISM , la r\u00e9alit\u00e9 des acc\u00e8s aux donn\u00e9es est pourtant connue depuis de nombreuses ann\u00e9es.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/cloud-et-securite-mythes-et-realite-partie-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cloud et s\u00e9curit\u00e9 : mythes et r\u00e9alit\u00e9\" \/>\n<meta property=\"og:description\" content=\"Comme nous l\u2019avons pr\u00e9sent\u00e9 dans un pr\u00e9c\u00e9dent article, une d\u00e9marche \u00e9clair\u00e9e permet de choisir un fournisseur de Cloud computing dont l\u2019offre est adapt\u00e9e au besoin de l\u2019entreprise. Pour autant, m\u00eame une fois cette d\u00e9marche men\u00e9e \u00e0 bout, plusieurs doutes persistent. Si l\u2019actualit\u00e9 r\u00e9cente a fait \u00e9clater l\u2019affaire PRISM , la r\u00e9alit\u00e9 des acc\u00e8s aux donn\u00e9es est pourtant connue depuis de nombreuses ann\u00e9es.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/cloud-et-securite-mythes-et-realite-partie-2\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2013-07-10T09:24:23+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-12-31T10:36:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/10\/maxkabakov-fotolia.com_.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1500\" \/>\n\t<meta property=\"og:image:height\" content=\"1125\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Chadi Hantouche\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chadi Hantouche\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/cloud-et-securite-mythes-et-realite-partie-2\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/cloud-et-securite-mythes-et-realite-partie-2\/\"},\"author\":{\"name\":\"Chadi Hantouche\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/f79d84b363b7e5b8090ca3839d396efc\"},\"headline\":\"Cloud et s\u00e9curit\u00e9 : mythes et r\u00e9alit\u00e9 (partie 2)\",\"datePublished\":\"2013-07-10T09:24:23+00:00\",\"dateModified\":\"2019-12-31T10:36:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/cloud-et-securite-mythes-et-realite-partie-2\/\"},\"wordCount\":932,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/cloud-et-securite-mythes-et-realite-partie-2\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/10\/maxkabakov-fotolia.com_.jpg\",\"keywords\":[\"chiffrement\",\"Cloud\",\"Cloud security\",\"donn\u00e9es\",\"Patriot Act\",\"protection des donn\u00e9es\"],\"articleSection\":[\"Cloud &amp; Next-Gen IT Security\",\"Cybersecurity &amp; Digital Trust\",\"M\u00e9tiers - Strat\u00e9gie &amp; projets IT\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/cloud-et-securite-mythes-et-realite-partie-2\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/cloud-et-securite-mythes-et-realite-partie-2\/\",\"name\":\"Cloud et s\u00e9curit\u00e9 : mythes et r\u00e9alit\u00e9\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/cloud-et-securite-mythes-et-realite-partie-2\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/cloud-et-securite-mythes-et-realite-partie-2\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/10\/maxkabakov-fotolia.com_.jpg\",\"datePublished\":\"2013-07-10T09:24:23+00:00\",\"dateModified\":\"2019-12-31T10:36:12+00:00\",\"description\":\"Comme nous l\u2019avons pr\u00e9sent\u00e9 dans un pr\u00e9c\u00e9dent article, une d\u00e9marche \u00e9clair\u00e9e permet de choisir un fournisseur de Cloud computing dont l\u2019offre est adapt\u00e9e au besoin de l\u2019entreprise. Pour autant, m\u00eame une fois cette d\u00e9marche men\u00e9e \u00e0 bout, plusieurs doutes persistent. Si l\u2019actualit\u00e9 r\u00e9cente a fait \u00e9clater l\u2019affaire PRISM , la r\u00e9alit\u00e9 des acc\u00e8s aux donn\u00e9es est pourtant connue depuis de nombreuses ann\u00e9es.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/cloud-et-securite-mythes-et-realite-partie-2\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/cloud-et-securite-mythes-et-realite-partie-2\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/cloud-et-securite-mythes-et-realite-partie-2\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/10\/maxkabakov-fotolia.com_.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/10\/maxkabakov-fotolia.com_.jpg\",\"width\":1500,\"height\":1125},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/cloud-et-securite-mythes-et-realite-partie-2\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cloud et s\u00e9curit\u00e9 : mythes et r\u00e9alit\u00e9 (partie 2)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/f79d84b363b7e5b8090ca3839d396efc\",\"name\":\"Chadi Hantouche\",\"description\":\"Chadi Hantouche is a Cybersecurity and Digital Trust Senior Manager at Wavestone. For more than a decade, he has helped companies assessing their risk and maturity level, and defining associated solutions. He has a focus on security to support innovative technologies (Big Data, Internet of Things, Cloud computing, Mobility) as well as prevention and reaction against cyberattacks. Chadi is a CISSP, ISO 27001 LI and ITIL certified professional. He is a regular speaker on French and international TV channels, newspapers and conferences, and lecturer in several computer science universities.\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/chadi-hantouche\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cloud et s\u00e9curit\u00e9 : mythes et r\u00e9alit\u00e9","description":"Comme nous l\u2019avons pr\u00e9sent\u00e9 dans un pr\u00e9c\u00e9dent article, une d\u00e9marche \u00e9clair\u00e9e permet de choisir un fournisseur de Cloud computing dont l\u2019offre est adapt\u00e9e au besoin de l\u2019entreprise. Pour autant, m\u00eame une fois cette d\u00e9marche men\u00e9e \u00e0 bout, plusieurs doutes persistent. Si l\u2019actualit\u00e9 r\u00e9cente a fait \u00e9clater l\u2019affaire PRISM , la r\u00e9alit\u00e9 des acc\u00e8s aux donn\u00e9es est pourtant connue depuis de nombreuses ann\u00e9es.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/cloud-et-securite-mythes-et-realite-partie-2\/","og_locale":"en_US","og_type":"article","og_title":"Cloud et s\u00e9curit\u00e9 : mythes et r\u00e9alit\u00e9","og_description":"Comme nous l\u2019avons pr\u00e9sent\u00e9 dans un pr\u00e9c\u00e9dent article, une d\u00e9marche \u00e9clair\u00e9e permet de choisir un fournisseur de Cloud computing dont l\u2019offre est adapt\u00e9e au besoin de l\u2019entreprise. Pour autant, m\u00eame une fois cette d\u00e9marche men\u00e9e \u00e0 bout, plusieurs doutes persistent. Si l\u2019actualit\u00e9 r\u00e9cente a fait \u00e9clater l\u2019affaire PRISM , la r\u00e9alit\u00e9 des acc\u00e8s aux donn\u00e9es est pourtant connue depuis de nombreuses ann\u00e9es.","og_url":"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/cloud-et-securite-mythes-et-realite-partie-2\/","og_site_name":"RiskInsight","article_published_time":"2013-07-10T09:24:23+00:00","article_modified_time":"2019-12-31T10:36:12+00:00","og_image":[{"width":1500,"height":1125,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/10\/maxkabakov-fotolia.com_.jpg","type":"image\/jpeg"}],"author":"Chadi Hantouche","twitter_misc":{"Written by":"Chadi Hantouche","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/cloud-et-securite-mythes-et-realite-partie-2\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/cloud-et-securite-mythes-et-realite-partie-2\/"},"author":{"name":"Chadi Hantouche","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/f79d84b363b7e5b8090ca3839d396efc"},"headline":"Cloud et s\u00e9curit\u00e9 : mythes et r\u00e9alit\u00e9 (partie 2)","datePublished":"2013-07-10T09:24:23+00:00","dateModified":"2019-12-31T10:36:12+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/cloud-et-securite-mythes-et-realite-partie-2\/"},"wordCount":932,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/cloud-et-securite-mythes-et-realite-partie-2\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/10\/maxkabakov-fotolia.com_.jpg","keywords":["chiffrement","Cloud","Cloud security","donn\u00e9es","Patriot Act","protection des donn\u00e9es"],"articleSection":["Cloud &amp; Next-Gen IT Security","Cybersecurity &amp; Digital Trust","M\u00e9tiers - Strat\u00e9gie &amp; projets IT"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/cloud-et-securite-mythes-et-realite-partie-2\/","url":"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/cloud-et-securite-mythes-et-realite-partie-2\/","name":"Cloud et s\u00e9curit\u00e9 : mythes et r\u00e9alit\u00e9","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/cloud-et-securite-mythes-et-realite-partie-2\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/cloud-et-securite-mythes-et-realite-partie-2\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/10\/maxkabakov-fotolia.com_.jpg","datePublished":"2013-07-10T09:24:23+00:00","dateModified":"2019-12-31T10:36:12+00:00","description":"Comme nous l\u2019avons pr\u00e9sent\u00e9 dans un pr\u00e9c\u00e9dent article, une d\u00e9marche \u00e9clair\u00e9e permet de choisir un fournisseur de Cloud computing dont l\u2019offre est adapt\u00e9e au besoin de l\u2019entreprise. Pour autant, m\u00eame une fois cette d\u00e9marche men\u00e9e \u00e0 bout, plusieurs doutes persistent. Si l\u2019actualit\u00e9 r\u00e9cente a fait \u00e9clater l\u2019affaire PRISM , la r\u00e9alit\u00e9 des acc\u00e8s aux donn\u00e9es est pourtant connue depuis de nombreuses ann\u00e9es.","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/cloud-et-securite-mythes-et-realite-partie-2\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/2013\/07\/cloud-et-securite-mythes-et-realite-partie-2\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/cloud-et-securite-mythes-et-realite-partie-2\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/10\/maxkabakov-fotolia.com_.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/10\/maxkabakov-fotolia.com_.jpg","width":1500,"height":1125},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/07\/cloud-et-securite-mythes-et-realite-partie-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Cloud et s\u00e9curit\u00e9 : mythes et r\u00e9alit\u00e9 (partie 2)"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/f79d84b363b7e5b8090ca3839d396efc","name":"Chadi Hantouche","description":"Chadi Hantouche is a Cybersecurity and Digital Trust Senior Manager at Wavestone. For more than a decade, he has helped companies assessing their risk and maturity level, and defining associated solutions. He has a focus on security to support innovative technologies (Big Data, Internet of Things, Cloud computing, Mobility) as well as prevention and reaction against cyberattacks. Chadi is a CISSP, ISO 27001 LI and ITIL certified professional. He is a regular speaker on French and international TV channels, newspapers and conferences, and lecturer in several computer science universities.","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/chadi-hantouche\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/3917","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=3917"}],"version-history":[{"count":6,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/3917\/revisions"}],"predecessor-version":[{"id":12448,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/3917\/revisions\/12448"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/6227"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=3917"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=3917"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=3917"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=3917"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}