Skip to content
InTechnology Podcast

What Keeps IT Leaders Up at Night? The Complexities of Cloud Security and Data Sovereignty (218)

Cloud Security, Data Sovereignty, and AI: An Interconnected Landscape

In this InTechnology Podcast episode, Camille Morhardt engages in a discussion with Jonas De Troy and Gwenaelle Herve from Proximus about the interplay of cloud security, data sovereignty, and AI. Jonas De Troy emphasizes the growing reliance on cloud computing and the subsequent need for robust security measures. He highlights the link between cloud adoption and data sovereignty, emphasizing the importance of controlling data location and access. Additionally, Jonas acknowledges the role of AI in enhancing security and analyzing data.

Enterprise Challenges and Regulatory Compliance

Gwenaelle Herve sheds light on the challenges enterprises face in navigating the evolving landscape of data sovereignty and AI. She points out the difficulties in keeping pace with rapid technological advancements while complying with emerging regulations. Gwenaelle underscores the need for a dynamic strategy that aligns with both innovation and regulatory requirements. They also discuss the varying levels of AI adoption among companies, with larger enterprises often having a more defined vision.

The Significance of Data Sovereignty and Security

This episode emphasizes the importance of data sovereignty in giving control back to end-users. Gwenaelle highlights the urgency of understanding and complying with upcoming EU regulations, which have immediate implications for businesses. The complexities of encryption, attestation, and key management are discussed, emphasizing the need for robust security measures to protect sensitive data. The importance of striking a balance between innovation and compliance while ensuring data security and user control is also discussed.

The Future of AI and Cloud Computing

Jonas and Gwenaelle provide insights into the future of AI and cloud computing. They acknowledge AI’s potential to analyze security events and offer intelligent insights. However, concerns persist around data control and the risk of breaches. They anticipate a hybrid cloud environment where businesses strategically utilize both public and private clouds based on specific workload requirements. They emphasize the importance of data qualification and a comprehensive data strategy for successfully navigating this evolving landscape.

Jonas De Troy, Head of Public Cloud & Edge at Proximus

Working in IT since 2002, started from a very technical scope – dealing with Active Directory, scripting, automation, clustering, Metaframe, XenApp, virtualization and many more – became even more technical – dealing with more virtualization, XenApp, PVS, clustering, Exchange and more, many more automation. At this moment executing a management function to build a Centre of Excellence for Public Cloud. A big interest in technology, innovation and Top technology, more specifically in the Public cloud area.

Gwénaëlle Hervé, Public & Sovereign Cloud Lead at Proximus NXT

Gwenaelle brings over a decade of experience in IT and telecom and currently leads the Public and Sovereign Cloud  team at Proximus NXT, the Proximus Group’s subsidiary focusing on the Enterprise market, where she advances secure and innovative cloud solutions for European digital sovereignty.

To find the transcription of this podcast, scroll to the bottom of the page.

To find more episodes of InTechnology, visit our homepage. To read more about cybersecurity, sustainability, and technology topics, visit our blog.

The views and opinions expressed are those of the guests and author and do not necessarily reflect the official policy or position of Intel Corporation.

Follow our host Camille @morhardt.

Share on social:

Facebook
Twitter
LinkedIn
Reddit
Email

Camille Morhardt 00:12

Hi, welcome to InTechnology Podcast. I’m your host, Camille Morhardt. Today we’re going to have a conversation about cloud security in the age of data sovereignty regulations and Artificial Intelligence. 

I have two experts with me, both from Proximus. Jonas De Troy is Head of Public Cloud and Edge at Proximus and based in Belgium. He has worked in IT for almost two decades. He started off very  technical, dealing with Active Directory, scripting, automation, clustering, Metaframe, XenApp,  virtualization, and then he became even more technical. Today, he leads initiatives in data sovereignty and confidential computing at Proximus. Proximus is known for cloud security and he’s doing this all in an environment where EU regulations are demanding more and more care and knowledge when handling data, and of course,  and in the context of ever-evolving and changing Artificial Intelligence. Welcome to the podcast.

Jonas De Troy 01:10

Thank you, Camille. Good evening, or good morning. 

Camille Morhardt 01:13

Thank you. I know, I’ll be sipping coffee and you’ll be having wine perhaps. 

I also have Gwenaelle Herve who brings over a decade of experience in IT and telecom and currently leads the Public and Sovereign Cloud team at Proximus NXT. This is Proximus group’s subsidiary focusing on the enterprise market, where she works on cloud solutions for European digital sovereignty. Welcome to the podcast, Gwen. 

Gwenaelle Herve 01:39

Thanks, Camille. 

Camille Morhardt 01:41

So, my first question… it seems today there’s three main themes when it comes to cloud. It’s security, it’s data sovereignty, and it’s AI, and they’re all coming together at once. And I’m wondering if you can provide some perspective on how all of those terms interrelate or affect one another. 

Jonas De Troy 02:02

Yeah, of course nowadays if you ask me, we all move to the cloud. We consume cloud  as a commodity. We use cloud for everything. We use cloud for our phones; we use cloud for email. So it’s logic that enterprises also start to move more and more to clouds. And that goes together with security  because of course, cloud without security, it’s a no-go if you ask me. So the first link, cloud security, I  think it’s fairly simple and easy. We need to secure what we do on clouds.

And then the link to data sovereignty, of course, moving more and more to cloud, that brings more and  more data to the cloud. And then yeah indeed, you need a regulation around sovereignty. Where is my data?  Who can see my data? Where is the control of my data? All those kind of things. So there’s the  relationship between clouds and data sovereignty for me. 

And then last but not least, nowadays, we use AI models for everything. So yeah, then AI comes into the  play and how are you going to secure that data on AI level. Those are for me the links I see between  clouds and the various aspects you just mentioned. 

Camille Morhardt 03:17

Gwen, too, because you work with enterprise accounts, I wonder if you could give us a sense of what are  enterprises worried about right now? What are some of the major undertakings that they have, and what is  their focus area and risk considerations? 

Gwenaelle Herve 03:32            

I think one of the main concerns, if I can express it like this, is also how will I manage to comply with regulation that are appearing on all these different areas that we just mentioned. Keep the innovating path, I think that’s the…innovating pace, that’s definitely one of the main concerns today. 

The strategy will need to evolve, together also with the regulation and that’s also I think the next step there for our customers. 

Camille Morhardt 04:12

Maybe these concepts are o n the minds of everybody, but who…you know, what…how far along are companies in adopting data sovereignty, understanding how that interplays is going to occur, building out or understanding the infrastructure requirements that they’re going to have. And then similarly for AI, everybody knows about AI, but who’s actually thinking about it in a way that’s really transformational at this point? I’m not asking for the name of the company, just what is really the status of customers who are out there right now. 

Jonas De Troy 04:47

If I might chime in, as a spokesman of a company, so a potential customer I would say, I think it indeed is  correct what Gwen is saying. I think many companies are still developing their strategy, their way to go.  Certainly, if you look into… let’s call it a bit smaller companies, I think bigger companies already have a  vision. Not necessarily going faster into the move, but at least they have already a vision. And if I then transfer to what we do at Proximus, we have a cloud strategy, we are now moving more and more to cloud. And of course AI is part of their strategy. And to be fully transparent and clear, not only using  ChatGPT for Proximus, so we develop more use cases and we want to do many more things with AI than  only just using the ChatGPT-like functions. But I do believe that it varies, depending on the size of the  company as well. 

Gwenaelle Herve 05:49

And also, I believe that one challenge that our customers are facing is the fact that today technology is  going faster than regulation. And I think that’s something that makes it also more difficult to really adopt  and make sure that the strategy, our customer’s roadmap, is really in line with both technological  innovation and complying with regulation. 

Camille Morhardt 06:20

And Proximus has recently shifted to an IT provider, correct, IT integrator? Can you tell us a little bit  more about the shift and what that means for you and for your customers? 

Gwenaelle Herve 06:31

So indeed, that’s total even rebranding I would say. So I’m now currently part of Proximus NXT, and  Proximus NXT is really the convergent B2B brand for the Proximus group, for both telecom and IT. I  think with this shift we want to go further than our initial telecom DNA, by really making sure that we  bring additional value to our customers on their digital transformation path.  

Camille Morhardt 07:07

So what is different now for customers looking for IT integrators that they didn’t have to consider  previously, that they need to be looking at when selecting IT integrator today? 

Gwenaelle Herve 07:18

I think customers are looking for the completeness of vision, that their IT integrator is capable of really  apprehending all the needs. To make sure that everything is coming together with a strategy that makes  sense. So including indeed AI, cybersecurity, cloud, and really understanding that digital transformation  is happening on all levels. 

Camille Morhardt 07:48

I’m also curious, and maybe I’ll ask Jonas this question… as you deal with cloud, and then we see AI,  obviously a lot of models are being trained and processed in the cloud, but there’s a lot of data collection  and inferencing at the edge. Help us understand how a cloud company and cloud security company has to  comprehend the edge and the transfer of data between the two. 

Jonas De Troy 08:16

It’s a very difficult question. First of all, yeah, I’m of course part of Proximus, the mother company I  would say and we are focused on telecommunications. So not specifically in IT company as such,  although we do public clouds and we do public cloud for our internal use, I would say. 

For the moment we have a heavy focus on everything AI really in the public cloud. So we are currently  not developing any specific things on the edge, but of course looking into the capabilities and ensuring  that we can bring value on all the different levels, I would say. I think if you ask me, the more AI  becomes general use, I would say, the more use cases we will see for edge use cases as well.

Camille Morhardt 09:09 

And can you talk a little bit about … you’re working with Thales and Intel as well on data sovereignty  solution. Can you talk a little bit about that?  

Gwenaelle Herve 09:18

On the B2B perspective, we decided to go to market with four mandatory components in the way we  approach data sovereignty. And on the four components we bring confidential compute together with  Microsoft, the Sovereign Landing Zone and the independent attestation, together with the external key  management. And to provide this integration and bring in the data sovereignty value prop, we indeed  decided to partner with Thales, with CipherTrust, the CipherTrust solution, and with Intel with the Tiber  Trust Security solution. 

Camille Morhardt 10:02

Can you talk…I mean, it’s a lot of complicated terminology when we’re talking about keys and encryption as it relates to data sovereignty and is there a simple way to explain why all of these things are necessary? I mean, attestation and encryption. What is the ultimate goal here and why does it take so many companies and so much technology to achieve it? 

Gwenaelle Herve 10:33

The end goal is reaching real data sovereignty, so making sure that we are bringing control back to the  end user/end customers. That’s what we want to activate as an IT service provider. We want to make sure  that our customers can benefit from real data sovereignty. For various reasons, by the way, one of them  being obviously compliance with regulation. 

Camille Morhardt 11:05

If you were to tell customers who are not as familiar with especially the EU data sovereignty regulations,  and I think there’s a number of them coming into effect in 2027… What are some of the main, if you want to say couple of things, two, three things, that people should be thinking about or becoming knowledgeable about? 

Gwenaelle Herve 11:26

First of all, it’s even closer than this. It’s even 2024. Some of them already came into application past  October, so a month ago. And then we have another one coming in 2025, January. So that’s even closer  than ’27. It’s really happening right now. 

I think, let’s see, one or two key takeaways. First one is taking the time to really identify and list up the  sovereign requirements, because not all data require sovereignty. Some data are insensitive and they can  benefit from a standard public cloud, but some data are definitely sensitive and need additional protection.  And that’s when it comes to adopting sovereignty, data sovereignty or digital sovereignty. 

Camille Morhardt 12:30

Where do you guys think that AI is headed in terms of helping with security in the cloud? Or for AI itself,  oddly, ironically, I guess AI could help secure its own self. 

Jonas De Troy 12:43

I think it’s a rather easy answer if I’m honest, to say where does AI help. In analyzing events, security  events, AI can certainly help in analyzing those events because AI is way much better in analyzing than  human beings, I would say. That, combined with the power of GenAI, you can ask a question to your  security system; it gets decent responses back based on what you give. So for me, that’s absolutely a use  case where we can leverage AI for security reasons and to help in security. 

Camille Morhardt 13:24

What do you guys worry about? What is keeping you up at night in this space? 

Jonas De Troy 13:28

Yeah, sometimes many things, because of course AI needs data. Your data needs to transfer to it. You  need to kind of give away data, so keeping control of it. And ensuring that you keep the overview in case of a breach, because imagine that there is a breach, then you always need to know which data was breached. So data qualification, I’m coming back to that one as well, like Gwen mentioned, is really crucial in all  these. So we need to ensure that we can have a correct data qualification and ensure that we know which  data resides where. And then I want to come back on the various levels of data. Some of them might not require sovereignty or sovereign controls, but it’s complex. It’s complex to make the vision to say, okay, which data is sovereign required, which one not? So that’s all those things that are things that keep me awake sometimes. Yes. 

Camille Morhardt 14:39

How about you, Gwen? 

Gwenaelle Herve 14:41

I think on my side it’s more making sure that we can really build up the right solution for our customers,  helping them grow and really making sure that they can innovate with the right speed.So either by using  sovereignty or either using sovereign AI, the most important part is really to make sure that we can give  them all the tools that they require to do and to be able to create what they need to create. 

Camille Morhardt 15:22

It seems like there’d been a major shift to the cloud, especially in COVID, post-COVID, giant transfer to  cloud. And now there’s a lot of regulations in the cloud coming up and there’s AI that can do process  inferencing and whatnot at the edge. Are you seeing a pendulum swing back to on-premise? Are you  seeing people interested in hybrid models? Are you not seeing any slow to the cloud, like everything’s  growing? What is the overall landscape looking like now? 

Gwenaelle Herve 15:57

Multi-cloud is definitely a trend on the public side, I would say, and then definitely hybrid as well. 

I mean, no, it’s even difficult to answer your question. I think that all clouds are actually used and are here  to stay. To each workload there will be a cloud that can match the initial need. So I don’t expect especially  or a shift back to on-prem. I expect that customers will be more careful, and careful if I can say it like this, but will make sure that they can select for the right workload, the right cloud. That’s more what we see happening. 

Jonas De Troy 16:45

To complement that, I agree there. I agree that it’s per use case selection that needs to be available. So  not pinpointing to only one cloud, but at least offer certainly parts on public clouds, but also parts on  private clouds, so the on-prem clouds. 

In any case, I do believe in a hybrid world. What is difficult of course is to put numbers on it. How many  percent will move to public, how many percent will stay? I don’t think it makes much sense to pinpoint on  numbers, but I do believe you need them all as a company. 

Camille Morhardt 17:26

So what do you think that people should be thinking about when it  comes to their data or the data that they’re collecting to inform their decisions that they might not have thought of right now? 

Jonas De Troy 17:37

Yeah. Yeah, in any case, I think data qualification, ensuring that you know which kind of data qualifies to  what level within your company. So have a data qualification strategy goes together with that, I do  believe. And then put out the correct measurements for each category. And on public cloud, I would certainly say go and look to everything related to confidential compute to ensure that you also protect the data, that the so-called data in use protection. So I think that’s in any case one of the emerging technologies that we see within the cloud landscape. 

Camille Morhardt 18:22

Okay. Well, Jonas De Troy and Gwen Herve, thank you very much, both from Proximus. Thank you so  much for being on the podcast today. 

Jonas De Troy 18:32

Thank you for the opportunity. 

Gwenaelle Herve 18:34

Thanks, Camille. 

More From
Vivek Sharma John Gildea AI marketing omnichannel marketing Movable Ink Intel Capital

Personalized Marketing: How Movable Ink Delivers with AI and Automation (219)

Federated Learning: A New Era of Collaboration for Pharma (217)

Sunil Kurkure Anand Kashyap data security AI confidential computing Intel Capital Fortanix

Securing Tomorrow: How Fortanix Is Shaping the Future of Data Protection (216)