Security at Whaller

Our cybersecurity guideline ensures data privacy and protection. Have a look on why Whaller is the most secure collaborative and social platform.

Committed to digital security with SecNumCloud

At Whaller, we value digital trust and data security. That's why we're proud that Whaller DONJON is the first collaborative platform to be awarded the ANSSI Security Visa for SecNumCloud qualification, guaranteeing high security standards and unwavering digital sovereignty. This step illustrates our dedication to offering a reliable and secure platform, in line with the most stringent standards on the market.

"Cybersecurity must now be integrated into all serious digital offerings. At Whaller, cybersecurity is at the heart of our strategy. It enables us to guarantee our customers and users state-of-the-art protection for their data. The SecNumCloud qualification of our Whaller DONJON solution reflects our commitment to France's digital sovereignty strategy and our active role in the national cybersecurity ecosystem."

Cyril Bras, Director of Cybersecurity at Whaller
👉 Contact our Cybersecurity team
Whaller CSIRT

Whaller CSIRT

Your safety is our priority with the Whaller CSIRT

Whaller has just set up its own CSIRT to guarantee our customers an effective incident response and proactive monitoring. Operated by our in-house cybersecurity experts, the CSIRT monitors and analyses cyber threats and manages incident response on our infrastructure.

👉 Discover Whaller CSIRT

Tailor-made data hosting

At Whaller, data sovereignty is just as fundamental as cyber security. We offer several hosting methods depending on your security needs. Data is stored on a French host, ensuring that it does not leave European territory and is not subject to extraterritorial laws.

Saas

SaaS

Whaller offers by default to host your data on its servers located in France (OVHcloud).

From the Standard offer

data-on-premise

Data On-Premises

Benefit from a hybrid architecture by hosting your data on the servers of your choice, and accessing your networks via whaller.com.

From the Business offer

all-on-premise

All On-Premises

Install a standalone version of Whaller on your own servers to keep your service and data in house.

Exclusively for European institutional or industrial clients.

With the Enterprise offer

Schedule a demo

OVHcloud Hosted Private Cloud compliance and certifications

rgpd logo

GDPR compliance

Whaller ensures the security of your information and the processing of your personal data in accordance with the provisions of the General Data Protection Regulation.

👉 Read our privacy policy

Cybersecurity best practices

Maintenance of safe conditions

At Whaller, we strive to keep all our servers and software components used in our platform up to date.
We rely on the CyberWatch 🇫🇷 tool to ensure this permanent monitoring but also on services offered by the CERT-FR of the ANSSI.

Maintenance of safe conditions

Development best practices

The Whaller platform is updated more than 3 times a week.
Software and development rules are established and applied to all new developments, which are thoroughly checked and tested for adverse business or security effects.

Development best practices

Dynamic vulnerability analysis

Vulnerability tests are conducted automatically on a weekly basis.The correction of any detected issues is followed closely by the tech and cybersecurity teams.

Dynamic vulnerability analysis

Penetration tests

Independent penetration test audits are performed on Whaller twice a year to identify and correct any vulnerabilities.

Penetration tests

Incident prevention

Each production server is equipped with an antivirus.The infrastructure is equipped with a web application firewall (WAF) and an intrusion detection system (IDS).ANSSI hardening guides are applied.

Incident prevention

Defense in Depth

Whaller's architecture has been designed by applying the principles of Defense in Depth: filtering, dissociation of workflow/administration flows, VLAN/VXLAN segmentation, application of ANSSI recommendations.

Defense in Depth

Indicator of compromise (IoC)

Because hackers share information about their victims and attack techniques, we believe it is essential to do the same on the defense side. Whaller is therefore a pioneer in offering all its customers and partners an IoC sharing platform.

Indicator of compromise (IoC)

Quality control

Because it is better for our weaknesses to be detected by White Hats than by Black Hats, Whaller is part of a Bug Bounty approach.

Are you a hunter? Have you detected a vulnerability in our product?

👉 Go to our dedicated website

Whaller and Smart Formation are launching a cybersecurity awareness training course.

Delivered by Cyril Bras, Whaller's Cybersecurity Director, the aim of this training course is to equip your company's or administration's staff with the best practices for guaranteeing the security of your infrastructures.

Protect your data from scratch

The concept of “Privacy by Design” implies protecting users' personal data from the very beginning of the creation of a platform, a website or a mobile app (code, practices, procedures). Have a look on some examples of “Privacy By Design” implementation in Whaller👇.

lang.product-security-privacy-article-secured-space-img-alt

Secure and dedicated discussion space

Spheres are “sealed”, clearly labeled, discussion spaces that provide contextualization. They prevent information from leaking out where it doesn’t belong.

Spheres in an organization are closed by default, but can be made invisible, open, or even public if the organization manager wishes.

lang.product-security-privacy-article-password-policy-img-alt

Password policy

An organization can choose to implement its own password and expiration policies.

lang.product-security-privacy-article-directory-img-alt

Members directories

An organization can choose to enable or disable the visibility of its members directory.

lang.product-security-privacy-article-custom-profiles-img-alt

Specific profiles

Members can create a different profile for each organization or sphere they belong to. This prevents the diffusion of personal or professional information outside of the concerned networks.

lang.product-security-privacy-article-history-management-img-alt

History management

When a new sphere is created, its message history is disabled by default. If desired, it can be enabled by a sphere administrator to allow new members who join to view all public posts from the beginning.

lang.product-security-privacy-article-messages-accessibility-img-alt

Accessibility of messages

Members can share private or group messages. Clearly labeled buttons avoid confusion and diffusion errors. All private messages are symbolized by a padlock and are automatically blurred in users’ feeds until scrolled over. This prevents curious colleagues from sneaking a peek! They also indicate which other members are involved in the conversation.

lang.product-security-privacy-article-data-protection-img-alt

Data protection

All data stays on Whaller and is never exploited.

lang.product-security-privacy-article-network-access-img-alt

Network access management

Only members of a sphere can see its contents. If an organization manager wants to take over, they must enter in a visible manner (no “invisible” or “ghost” login).

lang.product-security-privacy-article-messages-deletion-img-alt

Deletion of messages

When a member leaves a sphere, all of their messages are deleted except if the data legacy option has been enabled and they have given their consent.

Advanced data security

lang.product-security-data-security-article-2fa-img-alt

Two-Factor Authentication (2FA)

Secure accounts by adding a second authentication factor (TOTP, Key Fido). Force your members to set up a second authentication factor.

From the Standard offer

lang.product-security-data-security-article-sso-img-alt

Single Sign-On (SSO)

Eliminate password fatigue and boost network security by implementing a Single Sign-On policy for members.

From the Business offer

lang.product-security-data-security-article-ldap-img-alt

LDAP synchronization

Already have a directory and don’t want to create another? Synchronize the existing list of members with your Whaller network.

From the Business offer

lang.product-security-data-security-article-password-img-alt

Password policy

Upgrade your network protection by putting an advanced password policy in place. Whaller propose a level of complexity in line with the requirements of the CNIL and the ANSSI. Length, complexity (minimum number of characters, numbers, uppercase, lowercase, special characters), expiration, number of connections before renewal, duration of the reset token (the length of time a password renewal request is valid)…

With the Enterprise offer

lang.product-security-data-security-article-newspaper-img-alt

Audit logs

Monitor user network activity, identify any suspicious behaviors and take the necessary actions to remedy access issues within your organization.

With the Enterprise offer

Whaller commits to cybersecurity awareness

Raising awareness of cybersecurity issues

All our employees regularly follow prevention modules organized by Cyril Bras, our Cybersecurity Director.

For example, all our employees have obtained the SecNumAcademy diploma issued by ANSSI.

Cyber-attack analysis

Whaller has monitoring and alerting tools to detect potentially abnormal situations. The investigation and qualification of any incident that may affect the cyber security of the facilities is an essential and indispensable step. Whenever necessary and appropriate, Whaller reports attempted intrusions or malicious actions to the appropriate authorities.

Labels and certificates

ANSSI Security Approval obtained for SecNumCloud qualification

Whaller DONJON is the only collaborative platform to have been awarded the SecNumCloud Security Visa by ANSSI: a French guarantee of excellence in cloud security. This guarantee of advanced security underlines our commitment to data protection on our social and collaborative platform.

ANSSI Security Approval obtained for SecNumCloud qualification

Used by the French armies

Since 2019, Whaller has equipped the Ministry of the Armed Forces, and was awarded the label “Used by the French Armed Forces” in 2021. In 2020, during the first lockdowns, Whaller was chosen to equip the entire Ministry as a temporary teleworking solution.

Used by the French armies

Privacy Tech

Whaller is the first company to be awarded the “Sovereign Solution” label by the Privacy Tech association. The label, created in partnership with AFNOR certification, includes 5 categories and is aimed at French BtoB and BtoC software publishers.

Privacy Tech

UBCYBER

On 19/11/2020, UBCOM announces that it has selected and labelled the solution developed by the French startup Whaller, leader in secure social and collaborative solutions. This decision was taken as part of UBCOM's research and selection process for cybersecurity offers.

UBCYBER

Partnerships

Pôle d’excellence Cyber

The Pôle d’excellence Cyber was created by the French Ministry of the Armed Forces and the Brittany Region in 2014.
Its objective is to develop the cybersecurity ecosystem at regional, national, European and especially international level.

Pôle d’excellence Cyber

Hexatrust

Whaller, a company committed to cybersecurity, has joined forces with Hexatrust, a group of innovative companies that promotes good practice in the field of trusted clouds and cybersecurity while raising awareness of French and European regulations.

Hexatrust

Open Trusted Cloud by OVHcloud

This programme is aimed at software publishers, as well as SaaS and PaaS solution providers. The ambition is to co-build an ecosystem of SaaS and PaaS services, hosted in the open, reversible and reliable OVHcloud. It will thus offer a common platform of competitive solutions.

Open Trusted Cloud by OVHcloud

Institute for Digital Fundamental Rights

Chaired by Jean-Marie Cavada, iDFRights is dedicated to the study, promotion and defense of digital human rights. The iDFRights is an initiative led by lawyers, academic researchers, NGOs, actors of the digital ecosystem and public figures.

Institute for Digital Fundamental Rights

WaToo

Thanks to its data and document marking technology, WaToo enables you to identify the origin of information leaks quickly and accurately and minimise their impact.

WaToo

icodia

Icodia specialises in secure web hosting and IT solutions for businesses. Renowned for its expertise in cybersecurity, Icodia offers highly secure hosting services, ideal for organisations wishing to protect their critical data.

icodia
Whaller DONJON Logo

Whaller DONJON, sovereign and cyber-enforced communication and collaboration platform

Whaller DONJON offers all public institutions and private companies concerned about protecting their sensitive data a physically dedicated platform.
Whaller DONJON is the only SecNumCloud (SaaS) qualified collaborative platform on the market.