KEYWORDS
France’s sovereignty depends on its independence.
Data being the new black gold, our independence today begins with digital sovereignty. How can we tackle digital transformation at a reasonable cost, based on open source software?
How can we protect the sovereign data of our democratic institutions and governments, in a world hyper-connected to the Internet, at a time when we have witnessed an increase in cyber-attacks since 2010?
These are the motivations behind our entrepreneurial adventure, which began in 2014.
Digital transformation means doing more with less
There are countless IT projects that fail or get bogged down.
Sunk costs” are the main bias faced by decision-makers: when significant costs have already been paid and the project is still not delivering concrete results, it takes courage to decide to stop the project.
The profusion of consultants and “Powerpoint” and a sprawling comitology are symptoms of the crisis.
In IT, the “agile”, “cloud” and “devops” approach has recently made it possible to break with this divergent spiral of long cycles, because the new paradigms of digital transformation, built on open source components, make it possible to very rapidly produce code that works and interacts with what already exists.
We can therefore measure the project’s trajectory in real time.
We tested this challenge at the French Ministry of the Interior, thanks to the trust placed in us by the Direction Générale des Étrangers en France.
Against the urgent backdrop of the migration crisis and the reform of the right of asylum, in just over 6 months and starting from a blank page, we were able to :
- set up an agile, collaborative project organization involving some fifty business and technical players,
- model the business,
- design a “data” and “process” oriented software architecture, with a backend providing secure access to data silos, and a frontend presenting data in line with business processes,
- design and develop the “Asylum IS” using agile methods, with the aim of implementing the reform of the right of asylum within legally constrained timeframes,
- design and develop an exchange platform interconnecting four historical partner information systems, one of which dates back to 1995,
- design and deploy a fault-tolerant inter-system message orchestration mechanism,
- Demonstrate the validity of safety choices through an SSI audit;
- and finally to put the system into production at 33 sites on schedule, using the cloud infrastructure developed by the French Ministry of the Interior (Openstack cloud).
All this with less than ten top-level IT engineers!
The Cour des Comptes (French Court of Auditors) underlined the quality of the work done.
Data sovereignty, in the public cloud, at the end of the user’s terminal
Another challenge we’ve been given since 2017 is that of Data Sovereignty on the public cloud. In designing our architectures, we had identified significant room for progress in the control and security of data storage on the public cloud.
Based on the realization that the enemy can be anywhere and even inside the protected IT network, starting with privileged users, there are two approaches to cybersecurity:
- The most common type, called perimetric , consists of monitoring all network flows and detecting the attack signature in real time.
- Another approach, the one we wanted to explore, consists in partitioning ” data at rest ” in sovereign enclaves controlled exclusively by a secret linked to the workstation.
Based on this simple idea, we proposed an applied research project to the DGA, in conjunction with a laboratory thesis.
The main challenge of such an approach is to synchronize very rapidly data that, in essence, only the user can control, while maintaining a fluid, ergonomic interface for the user, despite the security algorithms.
The underlying technology is called ” asynchronous programming “.
A few years later, after a colossal task of iterative architectural redesign and contributions to numerous Open Source libraries, the “PARSEC” solution, licensed under the Affero GPL, is a technical and commercial reality.
Since April 2021, the PARSEC solution has been CSPN certified by ANSSI.
The guarantee of using an approved solution for sharing and storing files in the cloud is a pledge of assurance and confidence for businesses.
Today, it’s possible to exchange data from one end of the world to the other, with complete control of the data from your terminal.
Exchanges take place in complete confidence, without the fear of espionage or extraterritoriality laws to which public cloud providers are subject.
This paradigm shift opens the way to numerous use cases requiring confidentiality, integrity, authenticity and versioning, as well as to a different approach to the security of connected objects through sovereign partitioning.
The security of sensitive data in the public cloud is therefore no longer inaccessible; PARSEC ‘s innovation opens up many new possibilities for using the public cloud, while keeping digital sovereignty intact at both national and corporate level. 
