Data protection is a major concern for companies. In France, cyber attacks have increased by 51% in 2015. This has had damaging impacts on all those companies in terms of reputation, image, cost and stress for the employees.A Data Breach Investigation Report states that compromised data had cost more than 400 million dollars in 2015.
To strengthen our client confidence, Keepeek has initiated several measures to secure its infrastructure. Sébastien Le Lourec, Chief Information Security Officer (CISO) at Keepeek, details the actions undertook to protect all your digital content against theft or loss, and the upholding of international security standards.
Why is Digital Asset Management particularly affected by the implementation of data securing processes?
Companies use DAM platforms to manage sensitive and strategic content. It is therefore vital to ensure those digital assets are secured, especially since the development of SaaS solutions : the assets indexed in a DAM system are centralized outside the company and accessible from the Internet by a large population of users. Content security must go through extreme control and protection.
Before starting this interview, can you quickly tell us about you?
My previous responsibilities were mainly linked to system administration and their securement, especially in military and banking sectors, both sectors where policies linked to infrastructure security are established at the highest level.
I joined Keepeek three years ago.
How does it concretely work at Keepeek?
Our steady growth these past few years has led us to work with clients and partners who are getting more and more important. To avoid data piracy, content security is about storage security. Hosting infrastructures have therefore a crucial significance. On this topic, we have decided to rely on experts in hosting and data security fields. We have been backed by the Claranet team and hosted on data centers based in France. Proximity is key because it helps create a relationship based on confidence and partnership. About expectations regarding certification, our host, Claranet, is certified ISO 27001 and PCI-DSS.
All our collaborators are also engaged in applying good practice processes linked to data security:
we have provided each collaborator with specific tools for sensitive information storage, be it internal or external data, especially regarding exchanges with our clients. The goal is to alert everyone to make each of us a strong link in the data security process.
Security audits are also regularly performed on our various infrastructures as well as on Claranet’s. Some are performed by our clients who themselves call on to specialized companies. It is very interesting for us because we can have neutral views from outsiders.
For some of our clients, we also deploy specific procedures to encrypt their data (messages, images, etc.). The goal is to make them unreadable unless a specific action is performed to authorize access.
NWe also monitor our cybersecurity procedure performance through the introduction of performance indicators.
And within the Keepeek platform, how does it work?
Our platform offers advanced features to manage rights and accesses, through user groups especially. It is therefore possible to specify authorizations for viewing, downloading, writing but also modifying content. Depending on the position, it is possible to customize user accesses. A DAM platform secures all types of content and avoid possible leaks that can more easily happen when resources are simply stored in a shared folder.
What steps have been taken by Keepeek regarding the General Data Protection Regulation (GDPR)?
It has been a year since we started studying the content of this European standard to evaluate impacts on our activity. It is about data management we do for our clients, but also our own marketing actions. There also, we are supported by experts, especially the Data Protection Officer from Claranet.
Soon, as recommended by the European standard, we will nominate someone at Keepeek to be in charge of data protection.
What other projects are in line for Keepeek?
As a result of our ten-year experience, we are ready to be committed to be accredited under standard PCI DSS. It is a security standard aimed at protecting confidential information, especially information linked to bank information. Considering the sensitivity level of that data, the criterion to award this distinction are the highest. This standard is managed by the PCI Security Standards Council, founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.
We would like to thank Sébastien for this interview in the hope that it will assure our potential clients about the Keepeek policy in terms of protecting the content which has been entrusted to us.