The combination of security and trust at the center of LuxTrust’s strategy

The combination of security and trust at the center of LuxTrust’s strategy
By A. Keilmann for ITOne.lu 25/02/2019
Banking, Insurance & Fintech
Technology & Software Providers

In a context of digital transformation which impacts businesses but also individuals, LuxTrust, which was founded in Luxembourg more than 13 years ago, aims at providing trusted and secure environments to citizens and enterprises. The IT One team recently met with Pascal Rogiest, CEO of LuxTrust, to discuss the vision of the expert in security and data, his company's latest collaborations – notably with the ICT expert and fellow company EBRC (European Business Reliance Centre), headquartered in Luxembourg –, but also the pioneering role of Luxembourg and the development of the country's digital ecosystem.

"LuxTrust was created as an initiative of the government of Luxembourg, backed with several national banks. Our main mission was to provide tools to the entire active population to manage digital identities – through a secure banking access and an electronic signature –, which we did", starts Pascal Rogiest. He also highlights that since the implementation of the eIDAS – Electronic IDentification Authentication and trust Services – a couple of years ago in Europe, his company has opened its doors to a wider European market and is now seen as a trusted and quality service provider, not only in Luxembourg, but also over the Old Continent. LuxTrust is therefore known for its tokens which allow a secure connection to online banking accounts, its mobile declinations but as well as its legally-valued electronic signature offer. The latter has been a key element for LuxTrust for the past two years, with the mission to provide an integrated solution allowing the digitalization of entire processes within organizations and institutions. "Replacing paper with digital requires entire platforms where authentication, security and signature are some of the main ingredients of a digital process which must be implemented end-to-end," the CEO adds.

All these solutions, together, interoperable and/or embedded, allow the creation and management of entire digital identities, assigned to persons but also to institutions. "In nowadays digital and mobile environments, security remains essential and must not be left off, even if companies sometimes request more flexibility and customers simpler and smoother interactions," explains Pascal Rogiest, whose company is also currently working on increasing and augmenting the value of digital IDs with additional pieces of personal information.

Partnering with a trusted local player

In such a context of internationalization and product development, LuxTrust, which claims more than 700,000 users in Luxembourg with more than 300,000 daily connections, needed a partner able to allow strong development of LuxTrust's service delivery processes while providing a stable environment and state-of-the-art information security. As explained by Pascal Rogiest, "expanding on a European level means more requests from our clients and therefore more flexibility and agility. Working hand in hand with EBRC, a local partner with international expertise, adds more depth and credibility to our service offer. Again, trust and reliability are important elements in today's digital world". The LuxTrust data are hosted in Luxembourg in dedicated infrastructures, which means not shared with others, with the highest level of security requested to answer to specific audit needs. "At LuxTrust, as a trusted third party, we need to ensure a certain level of security, with 6 different audits being held each year. Keeping this status is crucial for LuxTrust and we therefore needed a specific infrastructure to match local and European regulations, from the CSSF and ILNAS to CNPD and many more within Europe. For instance, the QTSP certification – Qualified Trusted Service Provider –allows us to deploy our strong authentication services, our digital identities and our signature services, in all sectors in Europe and worldwide," the CEO says. This is what we do today for the European Commission.

Therefore, the EBRC experts, leveraging the knowledge of the LuxTrust team, had to manage the move of IT critical operations from an external Data Centre to one of their own, without impacting the quality of service. From the RFP and the definition of the new architecture to the set-up of the infrastructure and its audit as well as hand-over to EBRC IT operations, the project lasted 12 months. The actual transfer was successfully done overnight in September 2018, in 20 minutes with no service interruption.  This fruitful collaboration was recently recognized with the "Managed Services of the Year" prize, awarded to both EBRC and LuxTrust last December, during the IT One Gala (see picture). Ludovic Gilles, EBRC Head of Sales BeLux comments: "LuxTrust is the first certificate authority client for EBRC. This is perfectly in line with our Managed Services practice, focusing on managing critical infrastructures and workloads throughout Europe. With this project, we have been able to tailor our services to the highest level of security and availability requested by LuxTrust, a great collaboration partner".

This collaboration with EBRC and this new infrastructure allow LuxTrust to provide its clients in Luxembourg and abroad with "more digital", in a period where all companies are dealing with concrete and sometimes severe transformations while still having to follow and match a growing number of European and global regulations.

The challenges of creating digital identities

Over the years, LuxTrust has worked on providing secure means of payments and therefore on building trust with its partners and users. "We started by providing banks with tokens, but the current and future generations are asking for mobile apps, that are as secure and even easier to use. And when it comes to electronic signatures, LuxTrust has also created a qualified and strong product. Yet, challenges remain and getting people to use these innovative and digital tools is one of them," underlines Pascal Rogiest. According to the trust expert, most people have not accepted these yet, hence the need for campaigns as well as marketing and communication actions to show citizens how they can benefit from the digital tools that are already available, by first reassuring and educating them about our digital world. "It may have started with online banking, digital identities and electronic signatures, but the trends are clearly pointing towards more and more dematerialization, and we therefore need to embark people for this deep transformation to succeed," highlights the CEO of LuxTrust.

The ambiguity and ambivalence between the need for security and the necessity to provide services that are smoother and easier to use, can also be seen as a huge challenge for almost all the companies navigating in a digital environment. "Combining security with regulation – notably with GDPR which is already impacting major players as well as smaller and medium enterprises –, with customer needs and with business demands first requests the definition of the boundaries that companies do not want to cross while seeking for best user experience. Therefore, building and providing the perfect customer journey takes time and each step of digitalization must be tackled independently depending on the use cases of our customers. In this respect, digitalization needs to be more pragmatic," the expert comments.

Finally, Pascal Rogiest underlines the fact that the Grand Duchy of Luxembourg has an advanced and expert level when it comes to digital, which is a splendid vitrine that the country shall further leverage. For instance, LuxTrust has been working at the international level for a couple of years now, with very good traction from multiple clients in France and Belgium. Moreover, the company has concluded several partnerships in Belgium and Italy, and has also signed a contract with the European Commission to provide it and 80 non-EU countries a strong electronic signature for the importation of foodstuffs into EU. Another challenge appears: making sure that digital identities are compatible and interoperable in all these countries.

A digital pioneer in a digital country

"In Luxembourg, almost everyone already has a digital identity, whether it is through the use of a token or a mobile to access banking records, or by using and accepting electronic signatures. In this respect, our country is already well-placed in the race towards digitalization, as an effective digital identity ecosystem. Yet, several additional processes could be more developed in both the private and public sectors. Fortunately, our public administration has already jumped on the digital train with many initiatives, from Digital Luxembourg thanks to the services provided by the CTIE. The national economy could further take advantage of the momentum created and we actively work on making this happen," Pascal Rogiest comments when asked about the status of our country.

Together with the help of the Luxembourgish government, LuxTrust is indeed currently working on reinforcing digital identities by actually giving them more value. With the question of data privacy growing, the company based in Capellen aims at assigning more information to the citizens' digital identities allowing them to manage and share their health, education, professional and private data. "Luxembourg is also building an entire ecosystem which will eventually lead to the creation of a data-driven economy. It is our duty, as ICT company with an expertise in data and cybersecurity, to give these new opportunities to people while making sure they can use it in a safe, secure and trusted environment. Yet, this entire strategy of digitalization will only be successful if people trust their digital identities. We have to ensure such Trust," concludes Pascal Rogiest.

Photo credit : Dominique Gaul