Are the health data of more than 40 million French people safe with Doctolib? To answer this question in part, the medical meeting platform, the flagship of French Tech, planned for several weeks to present its partnership with another Frenchman, Atos, to a handful of journalists. Coincidentally, a few days before this presentation, an article from the Franceinfo investigation unit pointed to an inconsistency in the company’s communication regarding the aspect of its cyber security, encryption.
If this last point was not enough to call into question Doctolib’s overall data security, the article revived the platform’s recurring criticism: hosting its data on the Amazon Web Services (AWS). Behind this allegation are the Phantoms of the Cloud Act and the Foreign Intelligence Surveillance Act (FISA), two U.S. laws that allow the authorities of Uncle Sam’s country to seize data stored by any domestic company, including Amazon, under credentials. Even if this data belongs to French companies.
In response to this allegation, Doctolib has always reiterated that AWS offers the software services that best suit its operations. And during a meeting attended by La Tribune, the startup discussed in detail the protection put in place against possible abuses of US legislation.
Amazon cloud, Doctolib efficiency option
When Doctolib started in 2013, it operated its own “hardware,” the servers on which the data is stored. But the victim of his success and the need for additional computing capacity, the startup quickly ceased to have the means to increase the number of servers itself. It therefore decided to move its IT infrastructure to “99.99% cloud coverIn other words, with the exception of a few servers, all of the company’s data is stored in Amazon Web Services data centers in Paris and Frankfurt.
The platform does not hesitate to promote this all-round model, which allows it in particular to collect its huge peaks of activity at more than 2 to 3 times the usual traffic. On the evening of the vaccination card, Doctolib, for example, recorded 3 million meetings in 5 hours. “The elasticity of the cloud allows you to multiply its infrastructure in ten to about ten minutes“, Says Jean-Baptiste Voron, Atos’ CTO for Cybersecurity, at the press conference. In particular, AWS, like other cloud providers, has thousands of servers that can be temporarily mobilized to absorb peak traffic, while if Doctolib managed its own infrastructure, it would not be able to install large numbers of other servers in a reasonable amount of time. However, guaranteeing the availability of its services is crucial to its economic model: taking its tools offline would have serious consequences for its clients’ organizations.
When moving to the cloud, Doctolib immediately turned to Amazon Web Services, the second company to receive health data hosting certification after Microsoft. The startup has become more than a satisfied customer, a true VRP of American cloud security services, which it considers “very good quality“a”so far unrivaled“in France – an observation necessarily discussed by French companies (OVHCloud, Scaleway, Clever Cloud, etc.). This relationship of trust is well maintained by the host: during a pandemic, for example, AWS developed tailor-made to meet the needs of the French.
“The problem with cloud scaling is not to add additional computing capacity. Anyone can add servers. What is difficult is to add computing power while maintaining a constant level of security“, Develops Jean-Baptiste Voron. And it is Doctolib who believes that the software tools offered by AWS enable it to fulfill that promise.
French partner Atos in the field of data protection
Therefore, if Doctolib fully assumes its choice of AWS, it will not give it 100% confidence, which is common best practice in cybersecurity. He therefore calls on the French company Atos to manage an essential part of data confidentiality: encryption.
Specifically, encryption involves modifying the content of the data — using cryptographic algorithms — so that it is unreadable to anyone who does not have a read key. It is possible to encrypt data transmission (against the risk of traffic interception), encrypt data at rest (against the risk of hardware theft) or even encrypt data “on the server side” (for the curiosity of people who have virtual access to data). Therefore, a good encryption policy must ensure that data is not compromised in the event of a leak at any point in the value chain. “If large and massive data stores get into nature but are unreadable and cannot be reconnected to the original data, they will have no value.“, Jean-Baptiste Voron recalls.
To read encrypted data, you must either have the key that was used to encrypt – we’ll talk about decrypting the data – or crack encryption – then we’ll talk about decryption. However, the latter option requires considerable computing capacity and is difficult to achieve market standards. Therefore, one of the big challenges of cyber security for companies is managing (generating, distributing, revocating) and storing encryption keys so that they do not fall into the wrong hands.
Safes with encryption key
Initially, cloud providers also provided a key manager, which meant that enterprise customers put their eggs in one basket. However, since mid-2010, the cloud industry has turned to the concept ofbring your own key“(literally,”bring your own keyIn other words, the cloud provider’s customer takes care of the encryption problem.
Here, Doctolib opted for a sovereign technology, HSM (Hardware Security Module or “Hardware Security Module”) from Atos. Specifically, it is a physical mailbox that contains the master cryptographic key (virtual math formula). “The cryptographic key system takes the form of a pyramid with an upper master key that allows access to all keys“, Popularizes Atos’ Cybersecurity Manager.
Due to the sensitivity of its contents, the box meets the entire list of international security standards. She also obtained specific qualifications from Anssi, a comparative public cyber security agency, especially on how to generate keys. “There is no diy in cryptography. We rely on proven mechanisms, tested by the world of free softwareHowever, notes Jean-Baptiste Voron.
Access to the enclosure is regulated by an algorithm known as “Shamir’s Secret Key Sharing”. Specifically, when setting up the HSM, seven people get the “secret” that secures the case. It will then be necessary for five of these seven people to come together and put their pieces together to open the HSM and gain access to the key. So only a malicious individual, at most a duo, a trio or even a quartet, cannot access the content. “This is the same principle as nuclear missile launch procedures“Jean-Baptiste Voron sums up. If someone tries to open the box illegally, it … will destroy itself and with it the key. This risk forces Doctolib to have at least two redundant HSMs in order to lose the encryption key forever.
According to several cryptography experts contacted by La Tribune, the system deployed by Doctolib drastically reduces the risk of losing data confidentiality, even if there is zero risk.
“Amazon does not have access to unencrypted data”
For Doctolib, the deportation of the administration’s encryption to Atos also allows it to respond in large part to the threat posed by US legislation. Even in the extreme case of the US authorities ordering the European Court of Justice to seize the Doctolib data, the data would be encrypted because “Amazon Web Services does not have access to unencrypted data“, To defend Cédric Voisin, Director of Information Systems Security (CISO) startup.
And for good reason: the encryption keys are in HSM’s Atos, which, as a French company, is not subject to US legislation. The result: to read the data entered, US authorities would have to work to break encryption, a particularly difficult task that is even doomed to failure with today’s technologies.
Cédric Voisin advocates the use of Atos boxes as proof that the startup does not shy away from French technology when it believes they meet its criteria. “of that we can take sovereign technology, yesIt recalls that digital sovereignty does not only depend on the choice of data host.
But despite legitimate reasons, Doctolib’s AWS choice remains a symbol of the grip of three US cloud giants (Google, Amazon, Microsoft) on data produced by French Tech’s flagships. And the debate over the choice of a French platform is far from over.