Cloud of trust: what roadmap for S3NS, the Google-Thales joint venture?

Under the S3NS umbrella, Google and Thales are sketching out a first offer while waiting for the one that will target the SecNumCloud label. What is the roadmap like?

“A way of occupying the field. This is how David Chassan, director of strategy at 3DS Outscale, interprets last week’s announcement about Bleu. In absolute terms, the structure will not be effectively operational until 2024. It is partnering with Orange and Capgemini at Microsoft to offer a “trusted cloud” labeled SecNumCloud.

The Google-Thales alliance has the same objective. And vice versa the same deadline – more precisely, the 2e half of 2024. However, it has put together an “intermediate” offer. Six Early adopters will test it from this summer.

This offer will not apply for the SecNumCloud label. It will however constitute, we are promised, a springboard towards the “trusted cloud”: similar integration environment, common bricks, simplified strategy of redeployment…

To carry these two offers, a company under French law: Thales Cloud de Confiance, a SASU created last October, when the two groups formalized their partnership. It is known under the trademark S3NS (pronounced “meaning”). Cyprien Falque is the general manager. This former BCG and ManoMano was already responsible, at Thales, for the said partnership. The presidency of S3NS goes to Walter Cappilati, CEO of Thales Digital Services (and ex-Capgemini).

Thales fully controls the S3NS company. Google is a minority shareholder (less than 10% of the capital). The workforce currently amounts to dozens of employees. It is about reaching the hundred. Among the positions currently open, an SRE, a customer engineer and a sales manager.

The “intermediate” offer will be sold under the “Local controls with S3NS” brand. It will give access to the following Google Cloud services (with the same SLAs as the public offer):

No SecNumCloud planned, therefore, but a certain number of certifications targeted. Among which :

certificationsGoogle Cloud

S3NS: Thales not yet at full power

What do we mean by “local controls”? Basically :

– Location of data in France or in Europe, at the request of the customer

– Technical support initially provided by Google Cloud from the EU (“with possible exceptions for rare cases of advanced support)”; then by S3NS from the end of 2023, with French-speaking interlocutors

– Cryptographic control over data access

This “cryptographic control” will rely on two services. The very ones that form the basis of the Assured Workloads offer, which Google Cloud has been experimenting with for a few months in Europe. On one side, Key Access Justifications (KAJ). On the other, External Key Manager (EKM).

EKM makes it possible to use external encryption keys – which will be, in the case of S3NS, transformed on Thales equipment.
KAJ populates all EKM requests (calls for a key for decryption) with a “credential” field. Objective: to explain the why of the queries in question. And allow an automatic response that will have been configured at the level of the equipment in question.

In the future, S3NS plans to offer KAJ log correlation functionality. And define more granular policies specific to each client. Among its other priorities:


The “intermediate” offer uses the three data centers Ile-de-France residents who make up the France region of Google Cloud. The SecNumCloud offer will use dedicated rooms nearby. With physical (network, racks, servers) and cryptographic (identities, root of trust, encryption at rest and in transit) isolation. S3NS provides support and supervision (telemetry partially shared with Google Cloud). The company will benefit from a code audit capability. Software updates, in particular, will go through a “security lock” that Thales will manage.

S3NS trusted cloud

Main illustration © sdecoret – Adobe Stock

Leave a Comment