Our cybersecurity guideline ensures data privacy and protection. Have a look on why Whaller is the most secure collaborative and social platform.
At Whaller, we value digital trust and data security. That's why we're proud that Whaller DONJON is the first collaborative platform to be awarded the ANSSI Security Visa for SecNumCloud qualification, guaranteeing high security standards and unwavering digital sovereignty. This step illustrates our dedication to offering a reliable and secure platform, in line with the most stringent standards on the market.
"Cybersecurity must now be integrated into all serious digital offerings. At Whaller, cybersecurity is at the heart of our strategy. It enables us to guarantee our customers and users state-of-the-art protection for their data. The SecNumCloud qualification of our Whaller DONJON solution reflects our commitment to France's digital sovereignty strategy and our active role in the national cybersecurity ecosystem."
Cyril Bras, Director of Cybersecurity at Whaller
Whaller has just set up its own CSIRT to guarantee our customers an effective incident response and proactive monitoring. Operated by our in-house cybersecurity experts, the CSIRT monitors and analyses cyber threats and manages incident response on our infrastructure.
👉 Discover Whaller CSIRTAt Whaller, data sovereignty is just as fundamental as cyber security. We offer several hosting methods depending on your security needs. Data is stored on a French host, ensuring that it does not leave European territory and is not subject to extraterritorial laws.
Whaller offers by default to host your data on its servers located in France (OVHcloud).
From the Standard offer
Benefit from a hybrid architecture by hosting your data on the servers of your choice, and accessing your networks via whaller.com.
From the Business offer
Install a standalone version of Whaller on your own servers to keep your service and data in house.
Exclusively for European institutional or industrial clients.
With the Enterprise offer
A physically dedicated platform hosted on OVHcloud's qualified IaaS SecNumCloud.
With the Enterprise offer
This offer combines DR hosting (Icodia) and enhanced security, deployed on robust infrastructures.
With the Enterprise offer
Whaller ensures the security of your information and the processing of your personal data in accordance with the provisions of the General Data Protection Regulation.
👉 Read our privacy policyAt Whaller, we strive to keep all our servers and software components used in our platform up to date.
We rely on the CyberWatch 🇫🇷 tool to ensure this permanent monitoring but also on services offered by the CERT-FR of the ANSSI.
The Whaller platform is updated more than 3 times a week.
Software and development rules are established and applied to all new developments, which are thoroughly checked and tested for adverse business or security effects.
Vulnerability tests are conducted automatically on a weekly basis.The correction of any detected issues is followed closely by the tech and cybersecurity teams.
Independent penetration test audits are performed on Whaller twice a year to identify and correct any vulnerabilities.
Each production server is equipped with an antivirus.The infrastructure is equipped with a web application firewall (WAF) and an intrusion detection system (IDS).ANSSI hardening guides are applied.
Whaller's architecture has been designed by applying the principles of Defense in Depth: filtering, dissociation of workflow/administration flows, VLAN/VXLAN segmentation, application of ANSSI recommendations.
Because hackers share information about their victims and attack techniques, we believe it is essential to do the same on the defense side. Whaller is therefore a pioneer in offering all its customers and partners an IoC sharing platform.
Because it is better for our weaknesses to be detected by White Hats than by Black Hats, Whaller is part of a Bug Bounty approach.
Are you a hunter? Have you detected a vulnerability in our product?
👉 Go to our dedicated website
Delivered by Cyril Bras, Whaller's Cybersecurity Director, the aim of this training course is to equip your company's or administration's staff with the best practices for guaranteeing the security of your infrastructures.
The concept of “Privacy by Design” implies protecting users' personal data from the very beginning of the creation of a platform, a website or a mobile app (code, practices, procedures). Have a look on some examples of “Privacy By Design” implementation in Whaller👇.
Spheres are “sealed”, clearly labeled, discussion spaces that provide contextualization. They prevent information from leaking out where it doesn’t belong.
Spheres in an organization are closed by default, but can be made invisible, open, or even public if the organization manager wishes.
An organization can choose to implement its own password and expiration policies.
An organization can choose to enable or disable the visibility of its members directory.
Members can create a different profile for each organization or sphere they belong to. This prevents the diffusion of personal or professional information outside of the concerned networks.
When a new sphere is created, its message history is disabled by default. If desired, it can be enabled by a sphere administrator to allow new members who join to view all public posts from the beginning.
Members can share private or group messages. Clearly labeled buttons avoid confusion and diffusion errors. All private messages are symbolized by a padlock and are automatically blurred in users’ feeds until scrolled over. This prevents curious colleagues from sneaking a peek! They also indicate which other members are involved in the conversation.
All data stays on Whaller and is never exploited.
Only members of a sphere can see its contents. If an organization manager wants to take over, they must enter in a visible manner (no “invisible” or “ghost” login).
When a member leaves a sphere, all of their messages are deleted except if the data legacy option has been enabled and they have given their consent.
Secure accounts by adding a second authentication factor (TOTP, Key Fido). Force your members to set up a second authentication factor.
From the Standard offer
Eliminate password fatigue and boost network security by implementing a Single Sign-On policy for members.
From the Business offer
Already have a directory and don’t want to create another? Synchronize the existing list of members with your Whaller network.
From the Business offer
Upgrade your network protection by putting an advanced password policy in place. Whaller propose a level of complexity in line with the requirements of the CNIL and the ANSSI. Length, complexity (minimum number of characters, numbers, uppercase, lowercase, special characters), expiration, number of connections before renewal, duration of the reset token (the length of time a password renewal request is valid)…
With the Enterprise offer
Monitor user network activity, identify any suspicious behaviors and take the necessary actions to remedy access issues within your organization.
With the Enterprise offer
Encrypt your most sensitive spheres with "Cryptoner", Whaller's native end-to-end encryption technology. Messages and files are encrypted directly in your browser and accessible only to your intended recipients. End-to-end encryption ensures that none of your exchanged data is ever transmitted or stored in plaintext.
From the Business offer
Managers can access file box activity logs for detailed monitoring of actions: modifications, downloads and shares. These logs can be accessed from a file, a box or the management pages for complete organization-wide supervision.
With the Enterprise offer
All our employees regularly follow prevention modules organized by Cyril Bras, our Cybersecurity Director.
For example, all our employees have obtained the SecNumAcademy diploma issued by ANSSI.
Whaller has monitoring and alerting tools to detect potentially abnormal situations. The investigation and qualification of any incident that may affect the cyber security of the facilities is an essential and indispensable step. Whenever necessary and appropriate, Whaller reports attempted intrusions or malicious actions to the appropriate authorities.
Whaller DONJON is the only collaborative platform to have been awarded the SecNumCloud Security Visa by ANSSI: a French guarantee of excellence in cloud security. This guarantee of advanced security underlines our commitment to data protection on our social and collaborative platform.
Since 2019, Whaller has equipped the Ministry of the Armed Forces, and was awarded the label “Used by the French Armed Forces” in 2021. In 2020, during the first lockdowns, Whaller was chosen to equip the entire Ministry as a temporary teleworking solution.
Whaller is the first company to be awarded the “Sovereign Solution” label by the Privacy Tech association. The label, created in partnership with AFNOR certification, includes 5 categories and is aimed at French BtoB and BtoC software publishers.
On 19/11/2020, UBCOM announces that it has selected and labelled the solution developed by the French startup Whaller, leader in secure social and collaborative solutions. This decision was taken as part of UBCOM's research and selection process for cybersecurity offers.
The Pôle d’excellence Cyber was created by the French Ministry of the Armed Forces and the Brittany Region in 2014.
Its objective is to develop the cybersecurity ecosystem at regional, national, European and especially international level.
Whaller, a company committed to cybersecurity, has joined forces with Hexatrust, a group of innovative companies that promotes good practice in the field of trusted clouds and cybersecurity while raising awareness of French and European regulations.
This programme is aimed at software publishers, as well as SaaS and PaaS solution providers. The ambition is to co-build an ecosystem of SaaS and PaaS services, hosted in the open, reversible and reliable OVHcloud. It will thus offer a common platform of competitive solutions.
Thanks to its data and document marking technology, WaToo enables you to identify the origin of information leaks quickly and accurately and minimise their impact.
Icodia specialises in secure web hosting and IT solutions for businesses. Renowned for its expertise in cybersecurity, Icodia offers highly secure hosting services, ideal for organisations wishing to protect their critical data.
OpenSezam is a major player in the field of strong authentication. Specialising in biometric security technologies and password-less authentication, the company offers advanced solutions to guarantee secure and fluid access to critical systems. Thanks to its artificial intelligence modules, OpenSezam provides effective protection against fraud, while simplifying the user experience.
Whaller DONJON offers all public institutions and private companies concerned about protecting their sensitive data a physically dedicated platform. Whaller DONJON is the only SecNumCloud (SaaS) qualified collaborative platform on the market.