The deadline is approaching: December 16, 2025, Matmut will shut down its on-premises data platform.
This Spark-Hadoop foundation had been built in 2017, using the open-source Cloudera stack. On paper it remained a PoC. In practice, it became production.
In 2022, with the arrival of a new Chief Data Officer (CDO), two modernization visions clashed.
The CTO advocated for a unified platform, with a tool close to those already in place. An option that would ensure broad vendor support, but would require additional development efforts for the data teams, more management for production teams, and training for use across all entities.
The CDO championed the idea of a fully open-source platform – still on-prem – with a multitude of suppliers. It would entail ensuring support for a plethora of services, in addition to training (on new tools: ML, an orchestrator…).
At S3NS, no immunity to the CLOUD Act… but encryption that Matmut controls
In this context, Matmut studied the possibility of moving to a hyperscaler. It turned to S3NS and its “Local Controls” offering (recently renamed CRYPT3NS).
This offering uses hardware security modules (HSMs) provided and hosted by Thales. It “will not prevent an American entity from asking Google to dump the data,” acknowledged Jean-Jacques Mok, cloud program director within Matmut’s Digital and Innovation Directorate, at the DEVOPS REX show. This dump, however, is not performed live, he tempers: the data are retrieved at rest. “And that’s convenient: that is what is encrypted by the HSM device.”
A BigQuery-Dataflow-Cloud Composer backbone
The platform assembled at S3NS is built around BigQuery, with Dataflow for transformations and Cloud Composer – the packaged version of Airflow – for orchestration. “We’ve basically stripped the gown a bit,” admits Jean-Jacques Mok. “That’s the core advantage of a cloud provider: we come to fetch only the services we need.”
To structure the data, Matmut stayed with the classic: the medallion architecture (bronze = raw data; silver = cleaned data; gold = specialized data). It added a vermilion zone; which, compared to the silver zone, is agnostic to the data source.
Another zone, called the relay zone, was put in place. An executive-driven requirement. It houses all master data to be sent to the cloud.
The promised end of the “candy jar”…
The project lasted about a year and a half. “We weren’t aiming for lift & shift, but for a transformation of the data organization,” says Pascal Deshayes, president of TerraOps, which accompanied the project (the IT services firm is based in Rouen, like Matmut). Not least because of the transition from an entirely on-site system, including a CI/CD process “not automated at all.”
They had to contend with the limits of the “Local Controls” offering, both in terms of versions and the number of managed services usable. An advantage, however: the ease of onboarding for consultants accustomed to GCP.
“Now that we have users and data, we need to be able to control this consumption,” explains Jean-Jacques Mok. Today, IT at Matmut is still a “candy pot,” he concedes: “Everyone helps themselves until there’s no more budget.”
… and open-bar access
The “Trusted Cloud” offering – the one for which S3NS is applying for SecNumCloud certification – has been rolled out broadly for several months. Matmut has not yet adopted it. It is, however, one of the prerequisites that enabled moving toward these services.
With GDPR, DORA and CSRD in the background, the migration is also an opportunity to better govern data lineage and access. “On the old platform, it was a completely open bar,” says Mok. “Here, we return to a more standard framework: you only access the data that is authorized for you and, above all, you will request the right to consume it from the owners.”
Matmut does not shy away from it: leaving a Spark-Hadoop mode for a world oriented toward managed services based on BigQuery implies rewriting the career plans of some people. “They need to understand that the SaaS model won’t last forever,” hints Mok…
