At a messaging aggregator like M Target, security isn’t a bonus: it’s a cornerstone. Behind every message, every API, every piece of data transmitted, lie dozens of verifications, rules and concrete commitments.
Laurent Samitier, the Group’s Information Systems Security Manager, oversees this critical mission. His role: to protect what matters to our customers, without ever slowing down innovation.
Can you introduce yourself and explain your role at M Target?
Laurent Samitier, Head of Information Systems Security at Groupe M Target, having previously worked as a developer and then technical project manager.
What does your day-to-day work actually involve?
My job is to make sure that all the people who run M Target on a day-to-day basis are constantly mindful of the need to protect our customers’ data.
What are the safety issues specific to an environment like M Target's?
The challenges are many: threats are evolving, the business environment is competitive, and regulations are becoming increasingly complex. You need to know the risks and understand the business needs, manage day-to-day operational security and anticipate medium- and long-term developments, and speak the language of both technical teams and compliance specialists. We fight smishing in the morning, and tighten our network security in the afternoon to protect our customers.
Customers are increasingly demanding when it comes to data. How does M Target respond?
We are constantly improving our governance, constantly working to enhance the skills of our teams, and constantly striving to achieve the state of the art, in line with the recommendations of specialized French and international bodies. We continuously audit our security systems, and have them regularly audited by third parties. Finally, we are ISO/IEC 27001 certified, and adhere to the philosophy of continuous improvement that lies at the heart of this standard.
What guarantees does M Target offer in terms of personal data protection?
We’re all aware of the importance of this issue, and we’re working hard to achieve it. All our management decisions and the work of our operational staff are aimed at ensuring this protection. Despite this, we must remain humble but vigilant.
How do you approach regulatory requirements like the RGPD in your security perimeter?
Regulatory requirements are increasing, which is logical and even reassuring in a world where personal data is taking on such importance. But the security of our customers’ data would be our responsibility even in the absence of regulatory requirements.
How do you see the role of CISO evolving in a context where cybersecurity is a strategic issue?
The messaging business is changing fast. Data is at the heart of people’s lives, even if they are not always aware of it. The role of the CISO will increasingly be to act as a bridge between the endless possibilities promised by technology, and the fundamental human aspiration to live in peace and security.
Do you have any advice for our customers on how to make their communications more secure?
Be demanding with your service providers. Ask them what they do with your data, how they protect it, where they store it and who decides what happens to it.
What aspect of your job deserves to be better understood?
The CISO’s aim is not to constrain the business, but to enable it to thrive on solid foundations.
If you had to sum up your role in a single sentence, what would you say?
“I am the watcher on the firewalls, the shield that guards the realms of men’s data. “
