Yves Reding, CEO, EBRC

By Solutions Numériques

With many banks and international institutions as its customers, EBRC, operator of integrated IT services and 3 Tier IV data centres, sets itself apart from the hyper-clouds that have made Europe a priority. Its strengths: local services and cyber-resilience.

Historically positioned on the hosting of critical IT resources in the banking and finance sector, Luxembourg-based company EBRC cultivates a unique positioning compared to the North American and Asian giants of the Cloud, that of cyber-resilience. “In 2011, we built our “Trusted Cloud Europe” offer to demonstrate our desire to become a local trusted centre, whose positioning was very different from that of the major Cloud operators, the hyper-clouds” explained Yves Reding, CEO of EBRC. “We focus on security, agility and the proximity of our services in contrast to those stakeholders’ entirely standardises offers.”

That high level of security is backed by an extremely ambitious certification process.  EBRC has been ISO 27001 “Full Scope” certified for over 10 years, and has ISO 22301 business continuity certification. “The combination of ISO 27001 and 22301 certifications, in addition to ISO 31000 (Risk Management) and ISO 22316 (Security and resilience) non-certifying standards represent what we call cyber-resilience, i.e. the integration of information security and business continuity.”

We focus on security, agility and the proximity of our services in contrast to those stakeholders’ entirely standardises offers.

Cyber risk management goes far beyond the banking sector

Although the banking/finance sector still accounts for close to 50% of the EBRC’s 75 million Euro turnover, the operator has convinced around 400 customers in many other sectors, including FinTech companies, international institutions, stakeholders in the healthcare sector, in critical industries, in e-Commerce, in the aerospace sector, and more. “The banking world was the first to understand the importance of risk management, but the healthcare sector is raising the bar in terms of requirements. The market will further expand with OVIs and OESs as defined by the NIS Directive” added Yves Reding. Philippe Dann, Director Risk & Business Advisory at EBRC details EBRC’s approach: “There are two key points in a cyber-resilience process. The risks must first be fully mapped and then be contextualised with respect to the company’s business. This contextualisation of risks will be different depending on whether it relates to the financial sector, the healthcare sector, or the transport sector.” Thus, many companies engaged in their digital transformation are moving towards a multi-cloud architecture. It is becoming necessary to take a snapshot of the customer’s business, to identify the processes that use sensitive and not-so-sensitive data, to identify critical and not-so-critical operations in the ad hoc regulatory context. On that basis, it becomes possible to optimise the IT infrastructure actually used by the business lines, and to use the risk assessment to propose various architectures, including the private cloud and the hybrid cloud. These are all areas to which EBRC consulting activities can bring its expertise beyond the provision of purely IT-based services.


The EBRC group currently comprises 210 individuals, in addition to the 130 from Digora in France, proof that the French market currently has significant strategic value for EBRC.

"Companies must strike the right balance between agility and security within a multi-cloud approach"

“In the framework of their digital transformation, companies are now seeking agility and trusted partners to take charge of their IT operations and focus on their core business and their end customers. In addition, we are witnessing the rise of hyper-clouds which are gaining ever larger market shares. Nevertheless, companies have critical data, sensitive data, and other data which is less critical and sensitive. They now have to strike the right balance between agility and security. It is in order to meet this demand that we have created a Cloud Assessment offer which uses a risk assessment to identify the data that is actually sensitive and identify critical operations. It is only by conducting such an analysis that companies can be provided with recommendations relating to the target cloud architecture (private, public, hybrid) that will best meet its needs.” - Yves Reding, CEO, EBRC.