Camille Morhardt 00:12
Hi, welcome to InTechnology Podcast. I’m your host, Camille Morhardt. Today we’re going to have a conversation about cloud security in the age of data sovereignty regulations and Artificial Intelligence.
I have two experts with me, both from Proximus. Jonas De Troy is Head of Public Cloud and Edge at Proximus and based in Belgium. He has worked in IT for almost two decades. He started off very technical, dealing with Active Directory, scripting, automation, clustering, Metaframe, XenApp, virtualization, and then he became even more technical. Today, he leads initiatives in data sovereignty and confidential computing at Proximus. Proximus is known for cloud security and he’s doing this all in an environment where EU regulations are demanding more and more care and knowledge when handling data, and of course, and in the context of ever-evolving and changing Artificial Intelligence. Welcome to the podcast.
Jonas De Troy 01:10
Thank you, Camille. Good evening, or good morning.
Camille Morhardt 01:13
Thank you. I know, I’ll be sipping coffee and you’ll be having wine perhaps.
I also have Gwenaelle Herve who brings over a decade of experience in IT and telecom and currently leads the Public and Sovereign Cloud team at Proximus NXT. This is Proximus group’s subsidiary focusing on the enterprise market, where she works on cloud solutions for European digital sovereignty. Welcome to the podcast, Gwen.
Gwenaelle Herve 01:39
Thanks, Camille.
Camille Morhardt 01:41
So, my first question… it seems today there’s three main themes when it comes to cloud. It’s security, it’s data sovereignty, and it’s AI, and they’re all coming together at once. And I’m wondering if you can provide some perspective on how all of those terms interrelate or affect one another.
Jonas De Troy 02:02
Yeah, of course nowadays if you ask me, we all move to the cloud. We consume cloud as a commodity. We use cloud for everything. We use cloud for our phones; we use cloud for email. So it’s logic that enterprises also start to move more and more to clouds. And that goes together with security because of course, cloud without security, it’s a no-go if you ask me. So the first link, cloud security, I think it’s fairly simple and easy. We need to secure what we do on clouds.
And then the link to data sovereignty, of course, moving more and more to cloud, that brings more and more data to the cloud. And then yeah indeed, you need a regulation around sovereignty. Where is my data? Who can see my data? Where is the control of my data? All those kind of things. So there’s the relationship between clouds and data sovereignty for me.
And then last but not least, nowadays, we use AI models for everything. So yeah, then AI comes into the play and how are you going to secure that data on AI level. Those are for me the links I see between clouds and the various aspects you just mentioned.
Camille Morhardt 03:17
Gwen, too, because you work with enterprise accounts, I wonder if you could give us a sense of what are enterprises worried about right now? What are some of the major undertakings that they have, and what is their focus area and risk considerations?
Gwenaelle Herve 03:32
I think one of the main concerns, if I can express it like this, is also how will I manage to comply with regulation that are appearing on all these different areas that we just mentioned. Keep the innovating path, I think that’s the…innovating pace, that’s definitely one of the main concerns today.
The strategy will need to evolve, together also with the regulation and that’s also I think the next step there for our customers.
Camille Morhardt 04:12
Maybe these concepts are o n the minds of everybody, but who…you know, what…how far along are companies in adopting data sovereignty, understanding how that interplays is going to occur, building out or understanding the infrastructure requirements that they’re going to have. And then similarly for AI, everybody knows about AI, but who’s actually thinking about it in a way that’s really transformational at this point? I’m not asking for the name of the company, just what is really the status of customers who are out there right now.
Jonas De Troy 04:47
If I might chime in, as a spokesman of a company, so a potential customer I would say, I think it indeed is correct what Gwen is saying. I think many companies are still developing their strategy, their way to go. Certainly, if you look into… let’s call it a bit smaller companies, I think bigger companies already have a vision. Not necessarily going faster into the move, but at least they have already a vision. And if I then transfer to what we do at Proximus, we have a cloud strategy, we are now moving more and more to cloud. And of course AI is part of their strategy. And to be fully transparent and clear, not only using ChatGPT for Proximus, so we develop more use cases and we want to do many more things with AI than only just using the ChatGPT-like functions. But I do believe that it varies, depending on the size of the company as well.
Gwenaelle Herve 05:49
And also, I believe that one challenge that our customers are facing is the fact that today technology is going faster than regulation. And I think that’s something that makes it also more difficult to really adopt and make sure that the strategy, our customer’s roadmap, is really in line with both technological innovation and complying with regulation.
Camille Morhardt 06:20
And Proximus has recently shifted to an IT provider, correct, IT integrator? Can you tell us a little bit more about the shift and what that means for you and for your customers?
Gwenaelle Herve 06:31
So indeed, that’s total even rebranding I would say. So I’m now currently part of Proximus NXT, and Proximus NXT is really the convergent B2B brand for the Proximus group, for both telecom and IT. I think with this shift we want to go further than our initial telecom DNA, by really making sure that we bring additional value to our customers on their digital transformation path.
Camille Morhardt 07:07
So what is different now for customers looking for IT integrators that they didn’t have to consider previously, that they need to be looking at when selecting IT integrator today?
Gwenaelle Herve 07:18
I think customers are looking for the completeness of vision, that their IT integrator is capable of really apprehending all the needs. To make sure that everything is coming together with a strategy that makes sense. So including indeed AI, cybersecurity, cloud, and really understanding that digital transformation is happening on all levels.
Camille Morhardt 07:48
I’m also curious, and maybe I’ll ask Jonas this question… as you deal with cloud, and then we see AI, obviously a lot of models are being trained and processed in the cloud, but there’s a lot of data collection and inferencing at the edge. Help us understand how a cloud company and cloud security company has to comprehend the edge and the transfer of data between the two.
Jonas De Troy 08:16
It’s a very difficult question. First of all, yeah, I’m of course part of Proximus, the mother company I would say and we are focused on telecommunications. So not specifically in IT company as such, although we do public clouds and we do public cloud for our internal use, I would say.
For the moment we have a heavy focus on everything AI really in the public cloud. So we are currently not developing any specific things on the edge, but of course looking into the capabilities and ensuring that we can bring value on all the different levels, I would say. I think if you ask me, the more AI becomes general use, I would say, the more use cases we will see for edge use cases as well.
Camille Morhardt 09:09
And can you talk a little bit about … you’re working with Thales and Intel as well on data sovereignty solution. Can you talk a little bit about that?
Gwenaelle Herve 09:18
On the B2B perspective, we decided to go to market with four mandatory components in the way we approach data sovereignty. And on the four components we bring confidential compute together with Microsoft, the Sovereign Landing Zone and the independent attestation, together with the external key management. And to provide this integration and bring in the data sovereignty value prop, we indeed decided to partner with Thales, with CipherTrust, the CipherTrust solution, and with Intel with the Tiber Trust Security solution.
Camille Morhardt 10:02
Can you talk…I mean, it’s a lot of complicated terminology when we’re talking about keys and encryption as it relates to data sovereignty and is there a simple way to explain why all of these things are necessary? I mean, attestation and encryption. What is the ultimate goal here and why does it take so many companies and so much technology to achieve it?
Gwenaelle Herve 10:33
The end goal is reaching real data sovereignty, so making sure that we are bringing control back to the end user/end customers. That’s what we want to activate as an IT service provider. We want to make sure that our customers can benefit from real data sovereignty. For various reasons, by the way, one of them being obviously compliance with regulation.
Camille Morhardt 11:05
If you were to tell customers who are not as familiar with especially the EU data sovereignty regulations, and I think there’s a number of them coming into effect in 2027… What are some of the main, if you want to say couple of things, two, three things, that people should be thinking about or becoming knowledgeable about?
Gwenaelle Herve 11:26
First of all, it’s even closer than this. It’s even 2024. Some of them already came into application past October, so a month ago. And then we have another one coming in 2025, January. So that’s even closer than ’27. It’s really happening right now.
I think, let’s see, one or two key takeaways. First one is taking the time to really identify and list up the sovereign requirements, because not all data require sovereignty. Some data are insensitive and they can benefit from a standard public cloud, but some data are definitely sensitive and need additional protection. And that’s when it comes to adopting sovereignty, data sovereignty or digital sovereignty.
Camille Morhardt 12:30
Where do you guys think that AI is headed in terms of helping with security in the cloud? Or for AI itself, oddly, ironically, I guess AI could help secure its own self.
Jonas De Troy 12:43
I think it’s a rather easy answer if I’m honest, to say where does AI help. In analyzing events, security events, AI can certainly help in analyzing those events because AI is way much better in analyzing than human beings, I would say. That, combined with the power of GenAI, you can ask a question to your security system; it gets decent responses back based on what you give. So for me, that’s absolutely a use case where we can leverage AI for security reasons and to help in security.
Camille Morhardt 13:24
What do you guys worry about? What is keeping you up at night in this space?
Jonas De Troy 13:28
Yeah, sometimes many things, because of course AI needs data. Your data needs to transfer to it. You need to kind of give away data, so keeping control of it. And ensuring that you keep the overview in case of a breach, because imagine that there is a breach, then you always need to know which data was breached. So data qualification, I’m coming back to that one as well, like Gwen mentioned, is really crucial in all these. So we need to ensure that we can have a correct data qualification and ensure that we know which data resides where. And then I want to come back on the various levels of data. Some of them might not require sovereignty or sovereign controls, but it’s complex. It’s complex to make the vision to say, okay, which data is sovereign required, which one not? So that’s all those things that are things that keep me awake sometimes. Yes.
Camille Morhardt 14:39
How about you, Gwen?
Gwenaelle Herve 14:41
I think on my side it’s more making sure that we can really build up the right solution for our customers, helping them grow and really making sure that they can innovate with the right speed.So either by using sovereignty or either using sovereign AI, the most important part is really to make sure that we can give them all the tools that they require to do and to be able to create what they need to create.
Camille Morhardt 15:22
It seems like there’d been a major shift to the cloud, especially in COVID, post-COVID, giant transfer to cloud. And now there’s a lot of regulations in the cloud coming up and there’s AI that can do process inferencing and whatnot at the edge. Are you seeing a pendulum swing back to on-premise? Are you seeing people interested in hybrid models? Are you not seeing any slow to the cloud, like everything’s growing? What is the overall landscape looking like now?
Gwenaelle Herve 15:57
Multi-cloud is definitely a trend on the public side, I would say, and then definitely hybrid as well.
I mean, no, it’s even difficult to answer your question. I think that all clouds are actually used and are here to stay. To each workload there will be a cloud that can match the initial need. So I don’t expect especially or a shift back to on-prem. I expect that customers will be more careful, and careful if I can say it like this, but will make sure that they can select for the right workload, the right cloud. That’s more what we see happening.
Jonas De Troy 16:45
To complement that, I agree there. I agree that it’s per use case selection that needs to be available. So not pinpointing to only one cloud, but at least offer certainly parts on public clouds, but also parts on private clouds, so the on-prem clouds.
In any case, I do believe in a hybrid world. What is difficult of course is to put numbers on it. How many percent will move to public, how many percent will stay? I don’t think it makes much sense to pinpoint on numbers, but I do believe you need them all as a company.
Camille Morhardt 17:26
So what do you think that people should be thinking about when it comes to their data or the data that they’re collecting to inform their decisions that they might not have thought of right now?
Jonas De Troy 17:37
Yeah. Yeah, in any case, I think data qualification, ensuring that you know which kind of data qualifies to what level within your company. So have a data qualification strategy goes together with that, I do believe. And then put out the correct measurements for each category. And on public cloud, I would certainly say go and look to everything related to confidential compute to ensure that you also protect the data, that the so-called data in use protection. So I think that’s in any case one of the emerging technologies that we see within the cloud landscape.
Camille Morhardt 18:22
Okay. Well, Jonas De Troy and Gwen Herve, thank you very much, both from Proximus. Thank you so much for being on the podcast today.
Jonas De Troy 18:32
Thank you for the opportunity.
Gwenaelle Herve 18:34
Thanks, Camille.