{"id":4748,"date":"2013-12-15T21:12:45","date_gmt":"2013-12-15T20:12:45","guid":{"rendered":"http:\/\/www.solucominsight.fr\/?p=4748"},"modified":"2019-12-31T11:26:54","modified_gmt":"2019-12-31T10:26:54","slug":"securite-et-cloud-un-mariage-de-raison","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2013\/12\/securite-et-cloud-un-mariage-de-raison\/","title":{"rendered":"S\u00e9curit\u00e9 et Cloud, un mariage de raison"},"content":{"rendered":"<p>Lorsque l&#8217;on parle de cloud computing, les questions de s\u00e9curit\u00e9 s&#8217;invitent rapidement dans la conversation. Mes services seront-ils disponibles ? O\u00f9 et comment vont \u00eatre stock\u00e9es mes donn\u00e9es ? Avec quel niveau de contr\u00f4le ? Les risques mis en avant sont cependant \u00e0 remettre en perspective.<\/p>\n<h2>Des craintes \u00e0 relativiser<em> &#8230;<br \/>\n<\/em><\/h2>\n<h4>Disponibilit\u00e9 du <em>Cloud<\/em><\/h4>\n<p>Chaque incident touchant l\u2019un des grands acteurs du <em>Cloud<\/em> fait la \u00ab Une \u00bb de l\u2019actualit\u00e9, mettant sur le devant de la sc\u00e8ne la question de sa disponibilit\u00e9.<\/p>\n<p>Il s\u2019agit pourtant d\u2019un faux probl\u00e8me : les taux de disponibilit\u00e9 des services <em>Cloud<\/em> sont souvent \u00a0sup\u00e9rieurs \u00e0 ceux des syst\u00e8mes internes des entreprises. La situation, d\u2019un point de vue m\u00e9diatique, est comparable \u00e0 celle des accidents a\u00e9riens : bien que rares, ils choquent l\u2019opinion et int\u00e9ressent les journalistes beaucoup plus que les accidents de voiture, qui font pourtant annuellement plus de victimes. La disponibilit\u00e9 n\u2019est donc pas un risque inh\u00e9rent au <em>Cloud<\/em>. Il reste n\u00e9anmoins une sp\u00e9cificit\u00e9 \u00e0 laquelle il faut pr\u00eater attention : la connectivit\u00e9 avec le fournisseur Cloud. Si celui-ci utilise internet comme unique moyen d\u2019acc\u00e8s \u00e0 ses datacenters, le risque d\u2019indisponibilit\u00e9 de cet acc\u00e8s et d\u2019internet en tant que tel doit \u00eatre pris en compte.<\/p>\n<h4><em>\u00a0<\/em>Confidentialit\u00e9 des donn\u00e9es<\/h4>\n<p>Mes donn\u00e9es sont-elles isol\u00e9es de celles des autres clients ? Les administrateurs peuvent-ils y acc\u00e9der ? Il est important de remettre ces craintes en perspective. D\u2019une part, toutes les donn\u00e9es de l\u2019entreprise ne sont pas critiques en termes de confidentialit\u00e9. D\u2019autre part, si ces questions se justifient dans certains cas, elles ne sont pas nouvelles et ont trouv\u00e9 leurs r\u00e9ponses il y a d\u00e9j\u00e0 plusieurs ann\u00e9es, \u00e0 l\u2019heure des premiers contrats d\u2019externalisation IT ou de l\u2019emploi d\u2019administrateurs prestataires. Les principales diff\u00e9rences r\u00e9sident dans l\u2019\u00e9loignement potentiel et le degr\u00e9 de contr\u00f4le possible du fournisseur.<\/p>\n<p>La confidentialit\u00e9 des donn\u00e9es vis-\u00e0-vis des Etats reste un sujet plus complexe \u00e0 adresser. Ces derniers disposent en effet de textes leur permettant d\u2019acc\u00e9der aux donn\u00e9es pr\u00e9sentes dans les syst\u00e8mes h\u00e9berg\u00e9s sur leur sol. Les USA font souvent figure d\u2019\u00e9pouvantail, leurs textes ayant en plus une port\u00e9e extraterritoriale (Patriot Act, FISAA). Ces textes permettent \u00e0 la justice et aux forces de l\u2019ordre am\u00e9ricaines d\u2019acc\u00e9der aux donn\u00e9es manipul\u00e9es par des soci\u00e9t\u00e9s de droit am\u00e9ricain quel que soit le client et la localisation des donn\u00e9es. Le risque est donc que des Etats aient acc\u00e8s aux donn\u00e9es dans un objectif d\u2019espionnage \u00e9conomique. Ce risque est r\u00e9el comme l\u2019illustrent les r\u00e9v\u00e9lations sur les moyens dont dispose la NSA. Mais l\u00e0 encore, la port\u00e9e du risque est \u00e0 mesurer. Seules quelques donn\u00e9es ont un niveau de sensibilit\u00e9 \u00e9lev\u00e9 : \u00e9tatiques (administrations, d\u00e9fense, etc.), strat\u00e9giques pour l\u2019entreprise dans un environnement \u00e0 forts enjeux concurrentiels, g\u00e9opolitiques, etc.<\/p>\n<h4><strong>\u00a0<\/strong>Conformit\u00e9 r\u00e9glementaire<\/h4>\n<p>La conformit\u00e9 r\u00e9glementaire (PCI-DSS, LIL\u2026) des offres <em>Cloud<\/em>, notamment en mati\u00e8re de protection des donn\u00e9es \u00e0 caract\u00e8re personnel est \u00e9galement un sujet d\u2019inqui\u00e9tude. La situation reste tr\u00e8s variable en fonction des acteurs, m\u00eame si des r\u00e9ponses techniques (localisation des donn\u00e9es, chiffrement\u2026) ou juridiques (Safe Harbour, contrat type de la commission europ\u00e9enne\u2026) existent aujourd\u2019hui chez la plupart d\u2019entre eux.<\/p>\n<h2>\u2026 car la s\u00e9curit\u00e9 est au c\u0153ur de la pr\u00e9occupation des fournisseurs<\/h2>\n<p>Tr\u00e8s visibles et r\u00e9guli\u00e8rement attaqu\u00e9s, les fournisseurs majeurs de <em>Cloud<\/em> mettent souvent en place des \u00e9quipes d\u00e9di\u00e9es pour assurer la s\u00e9curit\u00e9 de leurs services. La s\u00e9curit\u00e9 est m\u00eame devenue pour certains d\u2019entre eux l\u2019un\u00a0 des principaux arguments de vente.<\/p>\n<p>Attention cependant : tous n\u2019assurent pas le m\u00eame niveau de s\u00e9curit\u00e9. Il reste donc important de pr\u00e9ciser avec le fournisseur les mesures incluses d\u00e8s la signature du contrat, d\u2019autant qu\u2019il est difficile de faire \u00e9voluer les m\u00e9canismes de s\u00e9curit\u00e9 d\u2019un fournisseur quand ceux-ci ne sont pas pr\u00e9vus initialement. Certains fournisseurs de solutions \u00ab SaaS m\u00e9tier \u00bb de taille petite et interm\u00e9diaire n\u00e9gligent parfois la s\u00e9curit\u00e9 : les audits et tests d\u2019intrusion ont pour ce type d\u2019offres une importance accrue.<\/p>\n<h2>Vers une coresponsabilit\u00e9 fournisseur \/ entreprise<\/h2>\n<h4>Analyse de risque : passer de l\u2019intention \u00e0 l\u2019action<\/h4>\n<p>Suivre une d\u00e9marche d\u2019analyse de risque est imp\u00e9ratif pour lever les freins relatifs \u00e0 l\u2019adoption du <em>Cloud<\/em>. La finalit\u00e9 de l\u2019analyse n\u2019est pas d\u2019interdire le <em>Cloud<\/em> par d\u00e9faut mais plut\u00f4t d\u2019identifier les donn\u00e9es sensibles afin d\u2019accompagner les projets de la mani\u00e8re la plus s\u00fbre et la plus pertinente. L\u2019implication des responsables s\u00e9curit\u00e9 d\u00e8s le d\u00e9marrage des projets est donc essentielle. Ils doivent identifier les risques que l\u2019on peut r\u00e9duire par des moyens techniques et organisationnels, et ceux r\u00e9siduels impossibles \u00e0 couvrir. Aux M\u00e9tiers et \u00e0 la Direction de d\u00e9cider ensuite si ceux-ci sont acceptables ou non pour l\u2019entreprise. Et de revoir si besoin le p\u00e9rim\u00e8tre de la d\u00e9marche <em>Cloud<\/em>.<\/p>\n<h4>Des contr\u00f4les \u00e0 ne pas n\u00e9gliger\u2026<\/h4>\n<p>Durant le projet ou en amont lors de la phase de choix des fournisseurs, il est recommand\u00e9 de poser des questions pr\u00e9cises sur les mesures de s\u00e9curit\u00e9 pour ne pas laisser place \u00e0 des r\u00e9ponses ambigu\u00ebs. Par exemple, beaucoup de fournisseurs mettent en avant leurs certifications.<\/p>\n<p>Il convient de v\u00e9rifier le type de certification et le p\u00e9rim\u00e8tre concern\u00e9. Un certain nombre d\u2019acteurs du <em>Cloud<\/em> acceptent d\u2019ailleurs de fournir des d\u00e9tails sur l\u2019architecture de leur solution, apr\u00e8s signature d\u2019un accord de non-divulgation. La capacit\u00e9 \u00e0 r\u00e9pondre rapidement et de mani\u00e8re d\u00e9taill\u00e9e aux questions permet de se forger un avis sur la maturit\u00e9 de l\u2019offre propos\u00e9e.<\/p>\n<p>En outre, la possibilit\u00e9 d\u2019auditer le prestataire <em>Cloud<\/em> est un bonus \u00e0 ne pas n\u00e9gliger. Accepter un audit est une preuve de transparence du fournisseur et de confiance en son niveau de s\u00e9curit\u00e9. M\u00eame si les plus grands acteurs anglo-saxons s\u2019y refusent, il est toujours utile de poser la question, notamment pour des acteurs de taille interm\u00e9diaire.<\/p>\n<h4>Des r\u00e9f\u00e9rentiels \u00e9mergents<\/h4>\n<p>Un outillage commence \u00e0 voir le jour pour aider les entreprises \u00e0 \u00e9valuer les risques et le niveau de s\u00e9curit\u00e9 inh\u00e9rent. En France, l\u2019ANSSI (Agence Nationale de la S\u00e9curit\u00e9 des Syst\u00e8mes d\u2019Information) a publi\u00e9 un guide pour accompagner les d\u00e9marches de type <em>Cloud computing<\/em>. Au niveau europ\u00e9en, l\u2019ENISA (European Network and Information Security Agency) fournit une analyse g\u00e9n\u00e9rique mais compl\u00e8te des risques li\u00e9s au <em>Cloud<\/em>. Enfin, outre- Atlantique, l\u2019association Cloud Security Alliance, qui regroupe les acteurs majeurs, a mis au point la <em>Cloud Controls Matrix<\/em>. Cette matrice permet de comparer de nombreux fournisseurs sur des crit\u00e8res de s\u00e9curit\u00e9 pr\u00e9cis. Bien que fond\u00e9e sur les seules d\u00e9clarations desdits fournisseurs, elle peut s\u2019av\u00e9rer utile pour comparer les offres.<\/p>\n<h4>Le chiffrement : graal de la s\u00e9curit\u00e9 <em>Cloud\u00a0<\/em>?<\/h4>\n<p>Parmi les solutions techniques permettant de r\u00e9duire les risques du <em>Cloud<\/em>, le chiffrement se positionne en t\u00eate. Et si aujourd\u2019hui son utilisation n\u00e9cessite souvent de donner les cl\u00e9s de d\u00e9chiffrement au fournisseur, des innovations technologiques se profilent. Elles permettront de transf\u00e9rer et de traiter des donn\u00e9es \u00e0 distance sans jamais donner au fournisseur d\u2019acc\u00e8s direct. Bien qu\u2019encore exp\u00e9rimentales, ces techniques, rassembl\u00e9es sous la banni\u00e8re du <a title=\"Chiffrement : la cl\u00e9 d\u2019un cloud computing s\u00e9curis\u00e9 ?\" href=\"http:\/\/www.solucominsight.fr\/2013\/05\/chiffrement-la-cle-dun-cloud-computing-securise\/\">chiffrement homomorphique<\/a>, m\u00e9ritent qu\u2019on les suive avec attention.<\/p>\n<h4>Ne pas mettre ses responsabilit\u00e9s dans les nuages<\/h4>\n<p>Contrairement \u00e0 ce que trop d\u2019entreprises pensent, leur responsabilit\u00e9 ne s\u2019arr\u00eate pas une fois la solution <em>Cloud<\/em> mise en production. Si le fournisseur est tenu de respecter un certain nombre<\/p>\n<p>de r\u00e8gles de s\u00e9curit\u00e9, le maintien du niveau de protection dans le temps rel\u00e8ve aussi de la \u00a0responsabilit\u00e9 de l\u2019entreprise. Pour cela, les bonnes pratiques appliqu\u00e9es au SI d\u2019entreprise doivent \u00eatre transpos\u00e9es au <em>Cloud<\/em> : gouvernance de la s\u00e9curit\u00e9 (processus, sensibilisation des utilisateurs), administration fonctionnelle de la s\u00e9curit\u00e9, configuration des options de s\u00e9curit\u00e9 avanc\u00e9es, restriction des droits requis par les utilisateurs, formation des administrateurs, revue r\u00e9guli\u00e8re des param\u00e8tres de configuration\u2026 Ceci est particuli\u00e8rement vrai pour la gestion des identit\u00e9s et des acc\u00e8s, \u00e9l\u00e9ment cl\u00e9 pour garantir la confidentialit\u00e9 des donn\u00e9es dans le <em>Cloud<\/em>.<\/p>\n<p><strong><em>\u00a0<\/em><\/strong><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Lorsque l&#8217;on parle de cloud computing, les questions de s\u00e9curit\u00e9 s&#8217;invitent rapidement dans la conversation. Mes services seront-ils disponibles ? O\u00f9 et comment vont \u00eatre stock\u00e9es mes donn\u00e9es ? Avec quel niveau de contr\u00f4le ? Les risques mis en avant&#8230;<\/p>\n","protected":false},"author":15,"featured_media":4252,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[3223,36],"tags":[1166,1145,80,3119,1469,417,1167],"coauthors":[837],"class_list":["post-4748","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud-next-gen-it-security","category-cybersecurity-digital-trust","tag-anssi","tag-chiffrement","tag-cloud","tag-cloud-security","tag-confidentialite-des-donnees","tag-conformite","tag-enisa"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>S\u00e9curit\u00e9 et Cloud, un mariage de raison<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/2013\/12\/securite-et-cloud-un-mariage-de-raison\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"S\u00e9curit\u00e9 et Cloud, un mariage de raison\" \/>\n<meta property=\"og:description\" content=\"Lorsque l&#8217;on parle de cloud computing, les questions de s\u00e9curit\u00e9 s&#8217;invitent rapidement dans la conversation. Mes services seront-ils disponibles ? O\u00f9 et comment vont \u00eatre stock\u00e9es mes donn\u00e9es ? Avec quel niveau de contr\u00f4le ? Les risques mis en avant...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/2013\/12\/securite-et-cloud-un-mariage-de-raison\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2013-12-15T20:12:45+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-12-31T10:26:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/10\/\u00a9-maxkabakov-Fotolia.com_-52x39.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"52\" \/>\n\t<meta property=\"og:image:height\" content=\"39\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"G\u00e9r\u00f4me Billois\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"G\u00e9r\u00f4me Billois\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/12\/securite-et-cloud-un-mariage-de-raison\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/12\/securite-et-cloud-un-mariage-de-raison\/\"},\"author\":{\"name\":\"G\u00e9r\u00f4me Billois\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17\"},\"headline\":\"S\u00e9curit\u00e9 et Cloud, un mariage de raison\",\"datePublished\":\"2013-12-15T20:12:45+00:00\",\"dateModified\":\"2019-12-31T10:26:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/12\/securite-et-cloud-un-mariage-de-raison\/\"},\"wordCount\":1469,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/12\/securite-et-cloud-un-mariage-de-raison\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/10\/\u00a9-maxkabakov-Fotolia.com_.jpg\",\"keywords\":[\"ANSSI\",\"chiffrement\",\"Cloud\",\"Cloud security\",\"confidentialit\u00e9 des donn\u00e9es\",\"conformit\u00e9\",\"ENISA\"],\"articleSection\":[\"Cloud &amp; Next-Gen IT Security\",\"Cybersecurity &amp; Digital Trust\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/12\/securite-et-cloud-un-mariage-de-raison\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/12\/securite-et-cloud-un-mariage-de-raison\/\",\"name\":\"S\u00e9curit\u00e9 et Cloud, un mariage de raison\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/12\/securite-et-cloud-un-mariage-de-raison\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/12\/securite-et-cloud-un-mariage-de-raison\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/10\/\u00a9-maxkabakov-Fotolia.com_.jpg\",\"datePublished\":\"2013-12-15T20:12:45+00:00\",\"dateModified\":\"2019-12-31T10:26:54+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/12\/securite-et-cloud-un-mariage-de-raison\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/2013\/12\/securite-et-cloud-un-mariage-de-raison\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/12\/securite-et-cloud-un-mariage-de-raison\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/10\/\u00a9-maxkabakov-Fotolia.com_.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/10\/\u00a9-maxkabakov-Fotolia.com_.jpg\",\"width\":3600,\"height\":2700},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2013\/12\/securite-et-cloud-un-mariage-de-raison\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"S\u00e9curit\u00e9 et Cloud, un mariage de raison\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17\",\"name\":\"G\u00e9r\u00f4me Billois\",\"description\":\"G\u00e9r\u00f4me Billois is a Partner at Wavestone in the Cybersecurity and Digital Trust practice. He graduated from the National Institute of Applied Sciences in Lyon. He has deep expertise in risk management and cybersecurity, developed over more than 15 years of experience. G\u00e9r\u00f4me is a board member of CLUSIF, a member of the ISO JTC1\/SC27 committee, responsible for information security standardisation, and a founding member of Club27001, a non-profit dedicated to promoting the ISO 27001 standard. He holds CISA, CISSP and ISO 27001 PA certifications. G\u00e9r\u00f4me co-authored several books on cybersecurity (Eyrolles, Cepadues, Wiley &amp; Sons, Larcier), is a regular media and conference speaker (Assises de la S\u00e9curit\u00e9, ISACA, CLUSIF, CNIS, etc.), and gives university lectures.\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/gerome-billois\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"S\u00e9curit\u00e9 et Cloud, un mariage de raison","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/2013\/12\/securite-et-cloud-un-mariage-de-raison\/","og_locale":"en_US","og_type":"article","og_title":"S\u00e9curit\u00e9 et Cloud, un mariage de raison","og_description":"Lorsque l&#8217;on parle de cloud computing, les questions de s\u00e9curit\u00e9 s&#8217;invitent rapidement dans la conversation. Mes services seront-ils disponibles ? O\u00f9 et comment vont \u00eatre stock\u00e9es mes donn\u00e9es ? Avec quel niveau de contr\u00f4le ? Les risques mis en avant...","og_url":"https:\/\/www.riskinsight-wavestone.com\/2013\/12\/securite-et-cloud-un-mariage-de-raison\/","og_site_name":"RiskInsight","article_published_time":"2013-12-15T20:12:45+00:00","article_modified_time":"2019-12-31T10:26:54+00:00","og_image":[{"width":52,"height":39,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/10\/\u00a9-maxkabakov-Fotolia.com_-52x39.jpg","type":"image\/jpeg"}],"author":"G\u00e9r\u00f4me Billois","twitter_misc":{"Written by":"G\u00e9r\u00f4me Billois","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/12\/securite-et-cloud-un-mariage-de-raison\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/12\/securite-et-cloud-un-mariage-de-raison\/"},"author":{"name":"G\u00e9r\u00f4me Billois","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17"},"headline":"S\u00e9curit\u00e9 et Cloud, un mariage de raison","datePublished":"2013-12-15T20:12:45+00:00","dateModified":"2019-12-31T10:26:54+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/12\/securite-et-cloud-un-mariage-de-raison\/"},"wordCount":1469,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/12\/securite-et-cloud-un-mariage-de-raison\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/10\/\u00a9-maxkabakov-Fotolia.com_.jpg","keywords":["ANSSI","chiffrement","Cloud","Cloud security","confidentialit\u00e9 des donn\u00e9es","conformit\u00e9","ENISA"],"articleSection":["Cloud &amp; Next-Gen IT Security","Cybersecurity &amp; Digital Trust"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/12\/securite-et-cloud-un-mariage-de-raison\/","url":"https:\/\/www.riskinsight-wavestone.com\/2013\/12\/securite-et-cloud-un-mariage-de-raison\/","name":"S\u00e9curit\u00e9 et Cloud, un mariage de raison","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/12\/securite-et-cloud-un-mariage-de-raison\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/12\/securite-et-cloud-un-mariage-de-raison\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/10\/\u00a9-maxkabakov-Fotolia.com_.jpg","datePublished":"2013-12-15T20:12:45+00:00","dateModified":"2019-12-31T10:26:54+00:00","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/12\/securite-et-cloud-un-mariage-de-raison\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/2013\/12\/securite-et-cloud-un-mariage-de-raison\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/12\/securite-et-cloud-un-mariage-de-raison\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/10\/\u00a9-maxkabakov-Fotolia.com_.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2013\/10\/\u00a9-maxkabakov-Fotolia.com_.jpg","width":3600,"height":2700},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/2013\/12\/securite-et-cloud-un-mariage-de-raison\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"S\u00e9curit\u00e9 et Cloud, un mariage de raison"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17","name":"G\u00e9r\u00f4me Billois","description":"G\u00e9r\u00f4me Billois is a Partner at Wavestone in the Cybersecurity and Digital Trust practice. He graduated from the National Institute of Applied Sciences in Lyon. He has deep expertise in risk management and cybersecurity, developed over more than 15 years of experience. G\u00e9r\u00f4me is a board member of CLUSIF, a member of the ISO JTC1\/SC27 committee, responsible for information security standardisation, and a founding member of Club27001, a non-profit dedicated to promoting the ISO 27001 standard. He holds CISA, CISSP and ISO 27001 PA certifications. G\u00e9r\u00f4me co-authored several books on cybersecurity (Eyrolles, Cepadues, Wiley &amp; Sons, Larcier), is a regular media and conference speaker (Assises de la S\u00e9curit\u00e9, ISACA, CLUSIF, CNIS, etc.), and gives university lectures.","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/gerome-billois\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/4748","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=4748"}],"version-history":[{"count":4,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/4748\/revisions"}],"predecessor-version":[{"id":8134,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/4748\/revisions\/8134"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/4252"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=4748"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=4748"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=4748"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=4748"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}