Replatforming: How we Make Security a Top Priority for Digital Products
August 19, 2019 09:00

You heard about the cloud, about a platform, platforming (maybe?) but wait... replatforming? At the Factory, we aim to uncover the mysterious world and the odds of digital concepts.

What do we mean by (re)platforming? 

Replatforming is the process by which a digital product moves from one platform (on-premise or cloud) to another in order to test out its capacity, compliance and security. 

At Thales Digital Factory, we support hosting and managing any digital product that aims to enhance its performance by exploiting the capacity, performance and features offered by the Thales Digital Platform. 

In the 8 weeks dedicated to the replatforming development, testing and making sure we deliver a ready and safe-to-use product, the cybersecurity has a decisive impact. Let’s see how it works with one of our Replatforming Security Partners, Jean-Siri Luang-Aphay: 

What is your typical day to day on a 8-week project? 

Jean-Siri L-A: The Security Partners team aims to ensure the operational steering of the cybersecurity at the Thales Digital Factory. This consists in coaching, security analysis, controlling… and on a daily basis, to identify any security need in digital product and provide options and solutions. 

We ensure the cooperation of many skills at the Factory: Core Automation Security experts, Blue team, Red team etc. with 2 main common goals: ensuring that each product is resilient facing a challenging environment, and ensuring the security to the whole platform. 

We also contribute to the overall maturity of the security management in cooperation with the Security team through activities like the audit follow up, process design, reporting and KPI production, and documentation consolidation. 

What are the assets brought to the product and users through replatforming? 

Jean-Siri L-A: Our value proposition is a « secured by design » environment through 3 top offers: 

- A security tooling embedded in the environment. This is the best way to lead the code to a robust level in production. 

- A complete set of methodology, policies and process to steer, implement and control the security on a daily basis with a strategic view. This cover the project period as much as the run of the product. 

- A continuous challenging and controled lifecycle. Security and compliance checks are performed at every step of the product lifecycle, the Blue Team is monitoring security events whereas the Red Team (and associated Bug Bounty process) could highlight at each moment the vulnerabilities of the product. 

According to the type of service suscribed with the product (IAAS, PAAS or SAAS), Thales Digital Factory provides the associated level of service that will contribute to the success and security of the service. 

Can you think of a positive impact on the user security thanks to this methodology? 

Jean-Siri L-A: Of course, we avoid key security bugs! The Factory process strictly prohibits significant vulnerabilities in production thanks to the Red Team’s skills and Bug Bounty process. 

But the main bug we avoid is wasting time in the MVP development. Our security process and solutions provide trust. In this environment, you can then focus on data, delivery and user experience. In a competitive context, this is a major added value. 

Replatforming: How we Make Security a Top Priority for Digital Products