A World That’s More Accessible and More Vulnerable

More Accessible, Yet More Vulnerable World

The digitization of operational processes has reached an unprecedented pace: today, IT has become the engine of activity throughout the entire value chain. The central role now played by information systems and networks means that a single incident can halt operations or even threaten the existence of a company. At the same time, cyberthreats are increasing both in number and complexity. Gérard Hoffmann, CEO of Proximus NXT Luxembourg, explains how the integrator helps its clients navigate these new challenges.

Q: As a company supporting businesses in their digital transformation projects, how do you assess the evolution of threats in our interconnected economies, and what measures should be taken to strengthen defenses?

GH: “For some time, the global environment—perceived as more aggressive—has increased awareness of information security and data protection. High-profile events, such as the Panama Papers case, for example, alerted law firms, prompting them to approach us to implement cybersecurity projects.”

“The interconnection of economies, the omnipresence of mobile technology, and the rise of social networks have made the world more accessible, but at the same time more vulnerable. Threats increase proportionally with accessibility. As a result, there is a growing need to protect both private data and business processes. One of our clients, for instance, experienced a breach of its production system by an external element that managed to take control of production machinery.”

“In our market, we observe a growing share of cybersecurity in ICT projects. Today, nearly every ICT project includes a component dedicated to information and data security. This is why the Proximus group has chosen to invest in these technologies. Cybersecurity is one of the four priorities of Proximus NXT, alongside fixed and mobile communications, cloud, and outsourcing. In this context, Proximus has also decided to invest in Luxembourg in a Security Operations Center, which will be operational by the end of this year.”

Q: Companies—particularly in the financial sector, often cite data security as a key barrier to adopting cloud services. Ultimately, what is the link between data location—and infrastructure location—and information security?

GH: “It’s true that security is often seen as a barrier to cloud adoption. The threat is real: in recent years, we have witnessed breaches of cloud and internet services, putting data at risk. Moreover, the financial sector is legally required to host its data in Luxembourg. So the barrier is also regulatory, reflecting the sector’s desire to maintain control over sensitive data.”

“Today, however, hybrid cloud solutions allow companies to store sensitive data in a private cloud while still leveraging public cloud resources to run applications based on that data. Choosing hybrid cloud provides the best of both worlds depending on the type of applications, temporary fluctuations in IT resource consumption, and security requirements.”

“In this context, Proximus NXT partnered with Microsoft to offer a public-private hybrid cloud solution based on the Azure Stack software suite. Unlike other major cloud providers, Microsoft has always pursued a partnership strategy with operators and integrators like Proximus NXT. We combined our Luxembourg-based private cloud service with Microsoft’s public cloud through a single interface.”

“This innovative solution has long been awaited by the financial sector, which can now move non-strategic applications to the cloud based on economic considerations. Hybrid cloud also enables customized protection depending on the nature of the data being hosted, favoring either cost savings from public cloud use or service continuity and control over data via a local cloud provider. Proximus NXT is the first company to offer this solution in Luxembourg.”

“The legal framework will naturally evolve alongside these hybrid cloud solutions. As president of ICTluxembourg and Fedil-ICT, I am working with regulators to shape this new regulatory environment.”

Q: Do policymakers fully appreciate the risks posed by cyberthreats? Do we need a better legal framework, or financial incentives, to support defense mechanisms for businesses and public services?

GH: “Last year, Fedil-ICT, in collaboration with EY, conducted a study on the cybersecurity landscape in Luxembourg, highlighting weaknesses in public infrastructure. We met with the government several times, encouraging the creation of a centralized cybersecurity center to consolidate functions currently spread across multiple ministries. On June 8, the Minister of the Economy confirmed the government’s intention to clarify and make the public framework more visible.”

“Overall, I believe policymakers understand the threat, the levels at which it operates, and the resulting needs. While the private sector is the first affected, we must not overlook the public sector and its particular needs in defense, healthcare, and other central government services.”

“The regulatory framework, however, must adapt to technological changes. The shift toward public cloud via hybrid cloud requires regulatory adjustments. Regulators—CSSF, CNPD, ILR, etc.—must adopt an iterative approach. As for financial or tax incentives, the threat is now sufficiently understood that the investment burden is justified, much like an insurance policy whose relevance is clear. Such incentives could help small businesses recognize risks more quickly and equip themselves accordingly.”

“The issue goes beyond cybersecurity alone. In promoting the IT industry, we see that our sector suffers from general investment disadvantages. Tax credits, for example, cover production equipment but exclude IT, especially when IT services are outsourced. We advocate for at least partial extension of these tax incentives to information systems.”

Q: In this context, how can a managed security service, like that offered by Proximus NXT, help companies—especially smaller ones—address rapidly evolving cyberthreats and protect against vulnerabilities?

GH: “I repeat: outsourcing is one of our group’s four priorities. Managed services clearly address the pace of technological evolution. It’s also a matter of corporate culture: we need to convince small businesses of the benefits of entrusting their IT systems to an external provider. They have always done this for telecommunications but haven’t reached the same maturity level with IT and cloud services. We must help them understand the advantages of managed services.”

“As part of the Proximus NXT–Tango integration strategy launched earlier this year, we have focused on SMEs, a segment with real growth potential. SMEs face an IT environment lagging five years behind large corporations. Companies can no longer manage continuous transformation of production tools alone: their IT, telecom, and cybersecurity needs must be outsourced to operators like Proximus NXT and Tango.”

“Some governments have recognized this—Switzerland, Singapore, and Scandinavian countries, for instance by implementing strategies with strong incentives to help SMEs catch up technologically. Luxembourg’s government should follow suit, accelerating the digitalization of its services to lead by example for small businesses.”