Digital vault: why integrating EDM into a SecNumCloud qualified solution makes all the difference

A safe whose keys are stored in another piece of furniture loses much of its purpose. It is not a question of lock quality: it is a question of overall architecture. This reflection applies directly to collaborative platforms that are now entering the SecNumCloud qualification ecosystem. As this trust signal spreads and IT directors, CISOs, and public procurement officers integrate it into their selection criteria, one question deserves to be asked plainly: what is the overall architecture of the solution on offer? Are the most critical features for sensitive use cases, in particular document management, natively integrated within a unified offering, or do they rely on separate components that must be coordinated?

The answer to that question is not a technical detail reserved for security teams. It is a governance decision that engages the responsibility of executive officers, secretaries-general, and leaders of public administrations towards their stakeholders.
 

The real terrain of executive collaboration

 

To understand why this question is decisive, one must start from the reality of actual usage. In a large corporation, a multi-subsidiary group, a mid-sized enterprise operating in sensitive markets, a ministry, or a central government body, collaboration among decision-makers does not simply consist of exchanging messages or holding video conferences. It relies, on a daily basis, on the production, sharing, and retention of documents: minutes of executive committee or board meetings, briefing notes on confidential operations, unpublished consolidated financial projections, acquisition or restructuring files under active negotiation, correspondence between senior management and its legal or financial advisers.

It is these files, not the conversations surrounding them, that concentrate the bulk of the informational value that sophisticated attackers seek to capture. According to the ANSSI 2024 Cyber Threat Panorama, economically motivated espionage attacks increasingly mobilised the agency’s operational teams, with actors linked to foreign powers precisely targeting strategic data ahead of its public disclosure. This targeting focuses on high-value information: strategic intentions, ongoing negotiations, decisions not yet made public. And this information lives in files.

Securing communications without natively integrating the management of accompanying documents within the same architecture of trust means accepting additional operational complexity and friction points within the chain of protection. For organisations that have made the protection of executive data a governance priority, this fragmentation deserves careful evaluation.
 

SecNumCloud qualification: a guarantee to be read in detail

 
The SecNumCloud qualification awarded by ANSSI is today the most demanding reference for digital trust in cloud offerings in France. It attests that a solution meets a rigorous set of criteria covering technical security, legal sovereignty, and operational resilience. For any organisation handling sensitive information — whether subject to the obligations of the NIS2 directive, the constraints of the LPM, or simply concerned with protecting its strategic data, it represents the most credible trust signal on the market.

 

Within the ecosystem, different approaches exist for achieving this qualification. Some publishers have chosen to qualify each component of their suite independently: a messaging tool, a video conferencing solution, a document management module, each carrying its own qualification. This modular architecture has its own technical and commercial logic. It requires organisations that adopt it to coordinate the use of several separate components in order to cover the full scope of their secured collaborative needs.

Other publishers have made the opposite choice: qualifying a comprehensive, integrated offering in which all use cases (internal messaging, video conferencing, document management, file sharing), rest on a unified architecture and a continuous qualification perimeter. It is this choice of native integration that determines, in practice, the fluidity of the user experience and the continuity of the chain of trust in day-to-day use.

 

Document management: a central component, not an add-on module

 
Within the architecture of a secure collaboration platform for executive bodies, electronic document management is not simply one feature among many. It is the repository of everything the platform produces and retains: the minutes drafted after every meeting, the presentations shared ahead of each deliberation, the successive versions of a strategic document being finalised, the attachments to a sensitive negotiation. It is also where traceability becomes tangible: who deposited what, when, in which version, with what access rights, for which recipients.

When document management is natively integrated into the same platform and the same architecture of trust as the surrounding exchanges, operational coherence is total. Teams do not need to switch between tools. Access rights are managed within a single perimeter. Traceability is continuous. And the cognitive burden placed on users, often executives for whom this is not their primary function, is minimised.

This integration requirement is particularly critical for organisations subject to stringent regulatory obligations. Essential Entities (EE) and Important Entities (EI) covered by the LPM and NIS2, banking and insurance establishments under DORA, public bodies subject to DINUM’s Cloud au Centre doctrine: for all these organisations, document management forms an integral part of sensitive use cases, and its native integration within a unified platform represents a guarantee of coherence and long-term robustness.

 

Whaller DONJON: your digital safe

 
Whaller DONJON was designed around a simple conviction: digital protection capability gains in robustness when it does not require users to assemble the pieces of the puzzle themselves. The first French collaborative platform to have obtained ANSSI’s SecNumCloud 3.2 qualification by “composition”, Whaller DONJON integrates electronic document management as a central component of the platform from the outset, for every file deposited, rather than as an external module to be connected separately.

In practice, every file deposited on Whaller DONJON benefits from the same architecture of trust as the exchanges that surround it. Storage is sovereign, on SecNumCloud-qualified IaaS infrastructure (OVHcloud). End-to-end encryption, provided by Cryptoner technology, ensures that neither servers nor Whaller teams can access stored content. Full versioning guarantees irreproachable traceability of each version of a sensitive document. Access rights are defined at the level of each sphere, in granular fashion, without an access granted in one instance being able to propagate to another. And digital watermarking of documents makes it possible to identify precisely the origin of any potential leak.

From message to attachment, from deliberation to minutes: the chain of trust is continuous, within a single, integrated offering.
 

The organisations that stand to gain most

 
This architecture meets specific needs that recur across three broad categories of organisations sharing a common characteristic: the value of their strategic data is sufficiently high to justify the market’s most demanding requirements, and their appetite for operational complexity is naturally limited.

Large enterprises and multi-subsidiary groups face a cross-cutting document governance challenge. Strategic data does not concern only the holding company: it covers perimeters involving decision-makers distributed across multiple legal entities, sometimes multiple countries, with levels of cyber maturity that often vary considerably from one subsidiary to the next. Having a unified platform that includes document management, organised into watertight spheres by governing body, directly addresses the risk of a fragmented exposure surface.

Mid-sized enterprises, often positioned in strategic markets or integrated within sensitive supply chains, are an increasingly frequent target of economic espionage — precisely because they combine high informational value with more limited cyber resources than large groups. An integrated offering enables them to achieve a high level of protection without requiring additional technical layers or dedicated internal expertise for assembling separate components.

Public administrations and ministries, subject to DINUM’s Cloud au Centre doctrine and the regulatory obligations arising from NIS2 and the LPM, require solutions whose architecture covers the full scope of the use cases they deploy, within a coherent operational framework. For data relating to government deliberations, sensitive public procurement procedures, or confidential inter-ministerial exchanges, the simplicity of an integrated offering is also a guarantee of effective deployment and lasting adoption.
 

Qualification as an architectural commitment

 

As SecNumCloud qualification begins to spread more widely across the landscape of French collaborative offerings, a sign that the market is recognising the importance of the issue, a key reflection is required of public procurement officers and IT leadership: beyond the presence of the qualification itself, what is the architecture of the solution? Are the use cases I need to secure covered by an integrated offering, or by an assembly of components I must coordinate myself? What level of operational complexity does this imply for my teams and my users?

These questions are not exercises in style. They are the conditions under which SecNumCloud qualification can genuinely fulfil the guarantee for which it was designed: protecting sensitive data under real conditions of use, not merely under ideal conditions of deployment.

With Whaller DONJON, the answer is unambiguous: electronic document management sits at the heart of the offering, within the same architecture and the same qualified perimeter as the platform as a whole. From the very first file deposited, the very first sensitive dossier shared among members of the executive committee, the very first board deliberation recorded in the platform. Because a safe, by definition, protects everything deposited within it, without asking the user to assemble the lock themselves.