The digital transition now affects all sectors of activity, improving productivity and facilitating information exchange within organizations. However, like all technological advances, this transition brings new technical and organizational challenges and generates security threats.

Today, mobility and cloud computing are at the heart of information technology trends. Indeed, the development of the cloud and the outsourced services it offers, such as Software as a Service (SaaS) solutions (e.g., email), have allowed companies to orient their IT strategy on new bases to take advantage of the benefits offered by this new technology.

Cloud computing and mobility are of interest not only to companies but also to administrations and public bodies. Indeed, the cloud reduces IT investments and optimizes operating and operating costs. Furthermore, it offers more elasticity and agility because it allows quicker access to IT resources and adjustment of subscribed services at any time, based on needs or activity peaks, without having to invest in a very expensive infrastructure. The cloud also helps reduce the digital divide: applications that were once reserved for large companies, because they were complex and expensive, can now be shared through the cloud to offer small and medium-sized enterprises a professional application environment.

Mobility adds to this as a natural evolution accompanying the rise of cloud services. Indeed, more and more software, which was previously only available on disks or had to be installed on a computer before use, is now available for use as SaaS. These cloud-based software allow mobile workers to continue working and access their work environment seamlessly. Furthermore, in recent years, there has been a strong influx of mobile devices (tablets, smartphones, etc.) in the professional world, with great success due to the practicality of these devices as well as their increasing power and autonomy.

However, the advent of mobile devices and the use of cloud services have profoundly changed the way we work. Organizations that had to secure an information system based on protection from external threats now find themselves obliged to operate according to a less conventional model. Moreover, the adoption of certain practices such as Bring Your Own Device (BYOD), the proliferation of applications capable of collecting or transmitting sensitive information, the diversity of access, and the proliferation of public online storage spaces, are all factors that raise concerns and pose serious challenges for security.

To this end, certain points of vigilance must be considered with the utmost attention in the context of any use of mobile devices or recourse to cloud computing. An internal risk analysis should be undertaken to assess the possible impacts beforehand and to distinguish between informational assets that can be accessed or outsourced from those that cannot, especially for reasons of sensitivity.

In this context and in continuation of its awareness and training actions in cybersecurity, the Directorate General of Information Systems Security (DGSSI) is organizing its annual seminar, the 4th edition of which will focus on cybersecurity in the context of mobility and cloud computing.

This 4th Edition, which took place on May 18, 2016, aims to be a participatory forum, involving representatives from administrations, public bodies, Critical Infrastructure, as well as national and international experts. The seminar constitutes an opportunity to share national and international experiences in this field.

The following actions are a non-exhaustive list of the expected outcomes of this seminar:

Sensitization of DIS and ISSR on the opportunities and risks related to data security in the context of mobility and cloud computing;
Identifying the needs of administrations and public bodies regarding mobility and cloud computing resources; Initiating a reflection on the legislative and regulatory framework that can govern the use of mobility and cloud computing, taking into account both user expectations and security requirements.