Public administrations: how should you choose your cybersecurity solution?

Finding the right cybersecurity solution for a public administration | Stormshield

The digital transformation has unleashed a storm of cyberattacks that are undermining public administrations and their information systems. Faced with the multitude of firewall options on the market, how can you select the most appropriate cybersecurity solution? A three-part response from Raphaël Granger, Account Manager for Public Administrations at Stormshield.

What kinds of regulatory obligations are imposed on the public sector?

The public sector is subject to a variety of different cybersecurity regulations. As such, each administration must first determine which regulations apply to it. For example, France’s regulatory framework consists of three pillars with varying degrees of strictness. The Military Planning Law (MPL) requires that public administrations under its jurisdiction use ANSSI-qualified solutions, while the General Security Baseline (GSB) merely recommends it. For its part, the Security Policy on Government Information Systems (SPGIS) describes it as good practice, alongside the use of certified solutions. This national framework is complemented at the European level by the GDPR and the Cybersecurity Act.

At present, Stormshield Network Security (SNS) is the only firewall solution qualified as “Standard” by the ANSSI. Why is this important?

It is the result of a complex process that goes beyond certification and attests to the reliability of our product. It’s also a sign of the ANSSI’s trust in us: qualification is bestowed after six to eight months of testing by the agency, which also examines the solution’s source code.

What other criteria should be taken into account when selecting a cybersecurity solution for a public administration?

It is very important to:

  • Focus on the essential features needed to meet your firewall requirements and comply with your regulatory obligations. Instead of choosing a product based on a myriad of proposed features that won’t really be used, it’s more important to select a product that will perfectly meet the needs of your public administration.
  • Make sure the solution is a good fit for the needs and architecture of your information system (IS).
  • Choose a reliable partner that specialises in protecting the information systems of public administrations. This is the case for Stormshield, which does a lot its business in the public sector (local governments, core ministries, etc.).
  • Choose a local partner. Through its distribution network, Stormshield has cultivated a regional presence and a European footprint—two complementary assets that will ensure it will always be by your side

Share on

Our network protection solution—Stormshield Network Security—is the only VPN firewall range that has received EAL4+ Common Criteria certification, as well as Standard-level qualification from the ANSSI.
In sensitive environments, the ANSSI has made it obligatory to use qualified products. It is highly recommended in all other environments, whether public or private. But what is the difference between certification and qualification?

About the author

mm
Florian Bonnet
Director of Product Management, Stormshield

With over 25 years of IT experience in Research & Development, Florian joined Stormshield in October 2018 as Product Manager Director. As someone who spent many years in the field on the front lines, he promotes that same team spirit on the Stormshield Product Manager teams. And whether with his teams or outside of work, he emphasises the strong values that unite hard work and fun: respect, team spirit, and dedication.