Case study: AXA Group Reinsurance – France

Overview

When AXA Group Reinsurance expanded its use of Salesforce to manage treaty placements — the reinsurance contracts that transfer risk between insurers — the team faced a new challenge: how to keep thousands of document exchanges fully secure in one of the world’s most regulated industries.

By partnering with WithSecure Cloud Protection, AXA was able to protect its Salesforce environment, meet strict compliance requirements, and give its teams peace of mind that every file shared through Salesforce was safe.

The challenge: a growing platform, a hidden security gap

Originally implemented in 2019 to improve efficiency and transparency, Salesforce quickly became the backbone of AXA’s treaty placement and collaboration with hundreds of reinsurers and brokers worldwide.

As the system expanded to include Conga CLM for contract lifecycle management, a security assessment revealed a significant gap: neither Salesforce nor Conga automatically scanned documents exchanged with external partners.

“We realized that files moving in and out of Salesforce weren’t being scanned. Given the sensitive nature of what we handle — including health data — that was a major risk.”
— Xavier Léon, Head of Reinsurance Business Applications, AXA France

Each renewal cycle involves up to 900 partners and around 2,000 documents. Without automated protection, even a single infected file could have opened a path into AXA’s internal systems — an unacceptable risk in a highly regulated environment.

The solution: real-time file protection for regulated data in Salesforce

After reviewing options, AXA’s architecture and security teams recommended WithSecure Cloud Protection — a solution already validated within the AXA Group’s IT catalogue and successfully used in other business units.

“That gave us immediate confidence,” says Léon. “It meant we could move quickly, knowing the product met all our standards.”

Working closely with WithSecure Cloud Protection, the team first deployed the solution for Conga CLM and then extended it across the entire Salesforce platform. The deployment was smooth, required no workflow changes, and immediately began scanning all shared documents for malware and other threats.

“WithSecure Cloud Protection’s solution runs quietly in the background,” Léon adds. “It doesn’t get in the way, but it gives us the assurance that everything passing through Salesforce is safe.”

The impact: compliance, confidence, and trust

WithSecure Cloud Protection helped AXA secure a key business platform while maintaining the speed and collaboration Salesforce was built for.

The solution enabled AXA to close a critical audit finding, achieve full compliance with EIOPA and group security policies, and eliminate potential malware entry points in Salesforce.

Most importantly, it helped preserve customer trust by ensuring that no sensitive data — especially health information — could be exposed through external file sharing.

“It’s not just about technology — it’s about confidence,” Léon says. “We can focus on our work instead of worrying about hidden risks. That’s a huge value for our teams.”

Advice for other organizations

“Start with a clear security assessment and identify what needs protection,” advises Léon. “Then look for a solution that integrates natively with Salesforce and ask for customer references. WithSecure Cloud Protection is simple to deploy, easy to manage, and gives you the peace of mind that your Salesforce environment is truly secure.”