How certifications create transparency and protect your data

Kevin Falhon

September 09, 2024

Certifications are good indicators to understand how your data will be protected

When the time to talk about regulation is nigh, and you need to choose a cloud-based infrastructure provider, certifications are often a good indicator to understand how your data is going to be protected. Let’s have a look at the “must-haves” regarding regulation and take a deeper dive into the world of data protection certifications Rainbow™ by Alcatel-Lucent Enterprise has to offer.

International and local certifications and compliance with industry standards

ISO/IEC 27001

ISO/IEC 27001 is an international standard regarding information security. It provides a framework for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). This standard insists on the protection of several properties of information: availability, integrity, confidentiality and traceability. Through different controls related to multiple topics such as physical security, business continuity and suppliers, and a complete risk analysis, an organization must demonstrate that it follows such best practices in terms of information security.

HDS certification

Healthcare Data Security (HDS) is an important certification when it comes to storing and securing healthcare data. HDS is a strong certification that Rainbow uses to ensure that Rainbow users in the healthcare industry can share, communicate, and store data securely. This includes a strong internal audit of Rainbow done by the security team and many additional procedures involving a third-party auditor who ultimately grants or denies the certification. With Rainbow, Alcatel-Lucent Enterprise offers a solution hosted in dedicated and independent data centers specifically designed for hosting sensitive healthcare data (HDS in France).

ANSSI CSPN

Rainbow has obtained the First Level Security Certification (CSPN) issued by the French National Agency for Information Systems Security (ANSSI). This certification, based on Rainbow's private cloud infrastructure, underscores ALE's ongoing commitment to information security and customer data protection. It certifies that an employee or a person is knowledgeable and proficient enough to manage security incidents in a work environment. This is one of the highest level security certifications a cloud infrastructure provider can acquire.

GDPR

The General Data Protection Regulation (GDPR) has been in effect since May 25, 2018. It allows for more transparency toward the user regarding data collected, how it is stored, where what treatment it can be submitted to and who can access it – hence, there is a consequential awareness regarding this regulation. Rainbow services are designed to be compliant with the European GDPR, which enforces individual privacy and data protection on a pan-European scale.

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law set up by the United States. It regulates ePHI (electronic personal health information) for American healthcare providers, ensuring data security and integrity. It requires multiple safeguards for PHI.

FERPA

The Family Educational Rights and Privacy Act (FERPA) is another federal law in the United States. This certification ensures the data privacy of students and forces schools to provide a layer of security to their data. It builds on the fact that students should have total control over their records.

ENS

This certification was established by the government information systems related to public infrastructure to guarantee proper protection of information systems against internal and external threats or incidents.

Secure and affordable infrastructure with the ability to federate existing on-premises investments

Secure and adhering to local regulations since its inception in 2015, Rainbow is developed with security by design and it remains at the core of our concerns when thinking of improvements and new features. Our design, conception and service reliability engineer teams are based in the three French ALE offices located in Brest, Illkirch and in Colombes, our headquarters. Both our European and worldwide Rainbow services are operated by the strategic ALE partner, OVHcloud. Our data centers are available in multiple geographically dedicated regions. Rainbow Edge allows the service to be operated in a customer’s private cloud of choice, providing even more proficient data security. When we say “secure by design”, we mean that data in Rainbow is encrypted in transit and at rest (WebRTC, AES-256), providing secure communications for business of all sizes regardless of location. As a solution developed in and operated from Europe. Rainbow is not required to comply with the CLOUD act or the PATRIOT Act.