Arnaud Dufournet, TheGreenBow: “protecting connections in any situation is a natural gesture for all”

As the threat of cyberattacks increases in today’s interconnected world, protecting data and communication connections for all is the natural path.

In light of the rapid growth of cybertechnology, organizations at the highest levels are facing complex security issues. Problems that need leading solutions for protecting their data and communications. Even if they use the best antivirus software available, it still wouldn’t be enough. Thankfully, there are advancing VPN technologies that offer secure, reliable answers for even the most sensitive data connections.

To navigate this data protection landscape and address the privacy, sovereignty, and security of organizations at every critical level, we turned to Arnaud Dufournet, the Chief Marketing Officer of TheGreenBow, a trusted VPN software publisher.

How did the idea of creating TheGreenBow come to life in 1998?

At TheGreenBow, we strongly believe that ensuring the protection of data and communications should be a natural gesture for all.

Roger Simon and Jérôme Chappe, TheGreenBow’s founders, arrived at this conviction by taking part in the development of the first real-time IP traffic encryption device. They established TheGreenBow in 1998 to put their vision into action.

They chose the name TheGreenBow to signify the strengths of their company. On the product side, security is in the form of a protective shield. On the human side, the link is the strong relationship with users. The green color emphasizes the essential human dimension that new technologies must have. It represents balance, sharing, trust, and growth.

Can you introduce us to what you do? How does TheGreenBow differ from other VPN services?

TheGreenBow is a trusted VPN software publisher. We help organizations and individuals become cyber-responsible. To achieve this, we design and develop reliable and easy-to-use solutions.

We protect endpoints and connections to information systems and ensure the integrity and confidentiality of the data exchanged, regardless of whether these exchanges are between organizations, mobile employees, telecommuters, or even connected objects.

What set us apart is that the certification and qualification of our products are fully integrated into our product development strategy. Our ongoing efforts have led us to become the first European VPN software provider to obtain the EAL3+ Common Criteria certification as well as NATO and EU Restricted approval for our Windows VPN Client.

It's evident that ensuring confidentiality and sovereignty is an important part of TheGreenBow. Would you like to share more about your vision?

Confidentiality and sovereignty are two different things. Confidentiality is a matter of protecting business assets and personal data. To that extent, new EU regulations, like the NIS 2 directive and DORA regulations, will constrain organizations. It's making them dramatically improve their cybersecurity and become obsessed with data security.

As for sovereignty, absolute autonomy is not possible. When it comes to digital technologies and many other subjects, we believe sovereignty means freedom of choice. It means keeping technological control while allowing for the possibility of questioning certain decisions and turning to other solutions when needed.

Do you think the pandemic has altered the way businesses perceive cybersecurity?

Clearly, the pandemic has had a deep impact on the way people work and manage their time. Offering remote work options has become an important tool in recruiting and retaining staff for public and private organizations. However, it has also become one of the main cybersecurity challenges for CISOs.

Not only do they fear the lack of control over computer equipment once it leaves the company’s premises, but also that users might develop some high-risk habits. For instance, using personal computer equipment for work-related purposes. The opposite is also true, i.e., personal use of IT equipment provided for work purposes is also a fact of life.

What would you consider the most common reasons internet users choose to use a VPN service?

This question is irrelevant since TheGreenBow does not offer VPN service, it offers corporate VPN clients security solutions, which is quite different. TheGreenBow solutions are aimed at all types of organizations: VSEs/SMEs, major corporations, critical market operators, public administrations, and local authorities. TheGreenBow does not address the BtoC market.

What would you consider the most serious network security threats concerning organizations today?

Supply chain attack is one of the most serious cybersecurity challenges. In particular, securing key information exchanges with third parties or subcontractors. Information systems are becoming more interrelated, and cyber attackers are targeting the weakest links. It's no coincidence that the new NIS 2 directive or DORA regulation for the financial sector both tackle this issue. CISOs must take into account cybersecurity risks in supplier relationships.

With remote work becoming the new normal, what security practices do you think companies should adopt to secure their workload?

As the French National Cybersecurity Agency (ANSSI) recommends, to mitigate the digital risks of a remote workforce, companies should deploy remote connection software. For example, employing an encrypted VPN to protect communications.

Users should be asked to open a VPN tunnel whenever they log on to Windows and start working, i.e., start accessing web applications or documents stored on the corporate network. A full-tunneling mode should also be the VPN configuration of choice. That way, all data traffic is routed through an IPsec tunnel, ensuring its' full protection.

CISOs simply cannot stand behind each user to make sure they use their VPN client correctly. The VPN software should be as straightforward and transparent as possible. For example, TheGreenBow recommends opening an IPsec tunnel even before a user logs on to Windows. It has two major advantages that enhance endpoint security. The first is authentication. When connecting to an access rights management server, such as Active Directory, which is within the organization’s network, a user will have to authenticate.

Secondly, the domain controller will then update the security profiles of the workstation and the applications, in particular the firewall. This step is very important to ensure the workstation’s compliance.

Besides using a VPN, what other security measures do you think everyone should implement?

First, apply basic security rules. Begin with defining robust passwords, running regular data backups, implementing patch management policies, using firewall and anti-virus software, avoiding unknown Wifi networks, separating personal use and professional use of IT devices, and finally, educating and training collaborators regularly is key.

What does the future hold for TheGreenBow?

TheGreenBow will stick to its mission which is protecting connections in any situation, more specifically, we intend to support organizations in their transition to quantum-resistant cryptography. As you might know, quantum computing technology will enable us to compromise many of the current cryptographic algorithms. Especially public-key cryptography, which is widely used to protect digital information.

This is the next big challenge for companies in the following decade. As a pioneer of VPN technologies, TheGreenBow wants to play a major role in securing communication in the post-quantum era. Besides, TheGreenBow has already participated in a successful POC with a central bank intending to protect communications with VPN software by combining current cryptographic algorithms with quantum-resistant algorithms.