The secure cloud from Clever Cloud

We see and practice cloud security as an ongoing process, a background task that underpins everything we do, not as something that is added to the code after it has been written. The two pillars of our security policy are immutable infrastructure and avoidance of trusted networks.

Talk to us

Immutable infrastructure

All code deployed on Clever Cloud is in an ephemeral and reproducible environment, ensuring a secure cloud. Even if the security of one of your applications is compromised, its corrupted code is automatically removed the next time it is deployed. This is particularly useful for commonly targeted applications, such as PHP CMS (usually via their plugins).

Find out more

Avoidance of trusted networks

We don’t believe in the ‘fortress metaphor’.

It’s the most attractive approach to IT security, but it’s also the furthest removed from our data security standards. For more than 20 years, it has been common practice to consider a network as a fortress, protected from the outside world by firewalls, NATs (Network Address Translation) and DMZs. This idea is now obsolete.

Our approach is based on security in depth, not perimeter security. Each peer on the same network is identified, authenticated and communicates in encrypted form, to avoid any possibility of harm or data theft in the event of an intrusion. This is what makes Clever Cloud a secure and reliable cloud.

Find out more

Open source security tools

We are committed to developing open source cloud security tools. Through our commitment to open source, we enable communities to contribute to the continuous improvement of our solutions.

See our projects

Biscuit

Token

Sōzu

Reverse proxy

A commitment to the strategic autonomy of data

At Clever Cloud, we are firmly committed to the strategic autonomy of data. This commitment is demonstrated by:

• Hosting data in France and in partner regions committed to sovereignty;
• Strict compliance with local and European regulations;
• Protecting data against extraterritorial laws by hosting it in France by default or in regions that respect confidentiality;
• The development and promotion of tools and practices that strengthen the security of our customers’ data.

To find out more about our commitment to strategic data autonomy, read our blog post.

Q&A – Security in the Cloud

How can I better protect my data and applications in the cloud?

Cloud computing enables businesses to deploy and manage their applications flexibly and efficiently. However, as with any digital environment, it is essential to adopt good security practices to minimise risks. The main security concerns often relate to access management, service configuration and securing the applications themselves:

• Rigorous access management is the first line of defence. We offer strong authentication (2FA OTP, SSO) and apply the principle of least privilege to limit rights according to defined roles. We recommend regular audits of permissions and identities to ensure the effectiveness of these measures.
• An immutable and resilient infrastructure minimises the attack surface. Each application benefits from an isolated and reproducible environment, which ensures that no undesirable alteration persists after redeployment.
• Securing the default configuration of the operating system is our priority. We apply demanding security standards to our environments without encroaching on your application configuration wishes.
• We recommend that you pay particular attention to application security, which is based on continuous vulnerability scanning and automated patching.
• Finally, monitoring and incident preparedness complete the system. Disaster recovery plans and real-time detection of anomalies ensure a rapid, controlled response in the event of an attack.

At Clever Cloud, we integrate security by design. The various types of attack (ransomware, unauthorised access to data, DDoS, etc.) often exploit similar flaws: incorrectly configured access, uncorrected vulnerabilities or exposed data. By securing the infrastructure upstream, we reduce the risks, whatever the attack vector, and thus ensure an optimum level of protection for our users.

How do I choose a secure cloud provider?

When choosing a cloud provider, there are a number of key criteria to consider:

• Security certifications: Check compliance with the standards set according to your needs, such as ISO 27001 (information security management), HDS (Health Data Hosting) and SecNumCloud (French certification ensuring the highest level of security).
• Regulatory compliance: Ensure that the provider complies with the GDPR and local regulations to guarantee data confidentiality.
• Data encryption : Data must be encrypted at rest and in transit, with secure management of encryption keys.
• Transparency of data management: Check that your data will not be used for commercial purposes or accessed by unauthorised third parties.
• Independence and sovereignty: Choose a supplier that hosts its data in Europe or in regions that comply with strict confidentiality standards, protected from extraterritorial laws (e.g. Cloud Act).

Clever Cloud takes this approach by guaranteeing a secure, sovereign cloud, hosted on its own servers in France and in partner regions committed to data protection.

What are the best practices for securing applications in the cloud?

To strengthen the security of applications in the cloud, we recommend adopting the following practices:

• Multi-factor authentication (MFA): Secure access to accounts with a second authentication factor, such as a one-time password (OTP). The use of physical keys or biometric authentication can be considered according to specific needs.
• Regular updates and automatic application of patches: Keep your applications and dependencies up to date, and ensure that security patches are applied as soon as a vulnerability is identified.
• Security audits and penetration tests: Regularly test your infrastructure to identify and correct vulnerabilities.
• Adoption of an immutable infrastructure: Clever Cloud applies this principle, guaranteeing that in the event of an incident, the redeployed application will always be in a healthy and secure state.

By applying these best practices, it is possible to increase the security of cloud environments and offer users greater peace of mind.

Why is data encryption essential in cloud computing?

Encryption protects data against unauthorised access and interception attempts. There are two essential types of encryption:

• Encryption of data in transit: Secures exchanges between the user and the cloud, or between different cloud services, using protocols such as TLS (Transport Layer Security).
• Encryption of data at rest: Protects files stored on cloud servers using state-of-the-art encryption algorithms, when this option is enabled.

The absence of encryption can expose data to risks such as traffic interception, industrial espionage or server compromise. At Clever Cloud, we systematically encrypt communications and offer solutions enabling our customers to encrypt their sensitive data as required.

Does Clever Cloud comply with European data security regulations?

Yes, Clever Cloud is fully compliant with current regulations and security standards:

• RGPD: Our solutions guarantee the confidentiality and control of personal data in accordance with the General Data Protection Regulation.
• ISO 27001: This certification attests to our rigorous management of information security.
• HDS: Clever Cloud is authorised to host healthcare data in a secure environment that complies with French standards.
• SecNumCloud: Clever Cloud is in the process of obtaining SecNumCloud certification. Pending validation, you can now host your data in a SecNumCloud-certified zone belonging to our partner Cloud Temple. Contact us for more information.
• Protection against extraterritorial laws: We guarantee that your data is not subject to the Cloud Act or other extraterritorial regulations.

By choosing Clever Cloud, you benefit from an independent European provider, applying high security standards and transparent data management.

How does Clever Cloud protect my data in the cloud?

We apply a multi-level security approach including:

• Data encryption: The majority of data can be encrypted at rest and in transit, depending on the configuration chosen by the user and the technologies employed. We recommend enabling these options when provisioning compatible services.
• Strong authentication: We use robust authentication protocols to prevent unauthorised access.
• Immutable infrastructure and automatic updates: Each deployment creates a new secure instance, automatically incorporating the latest updates and security patches. This eliminates any legacy build-up, reducing the risks associated with vulnerabilities in older versions.

Where is my data stored with Clever Cloud?

With Clever Cloud, you have complete control over where your data is hosted, to meet your regulatory and strategic requirements.

Hosting tailored to your location and needs

We prioritise European data sovereignty where relevant, but we also offer hosting options close to your users, such as in Canada, Poland, Singapore or Australia.

List of available data centres

Depending on your preferences, you can choose from several hosting zones that comply with security standards:

France

• Greendata – Nanterre Le Capitole (ISO 27001, Tier 3+)
• Telehouse – TH2 Léon Frot (ISO 9001, ISO 14001, ISO 27001, ISO 50001, PCI-DSS, HDS, CoC, Tier 3+)
• Exa Infrastructure – Gardinoux (ISO 27001, PCI-DSS, Tier 3)
• Scaleway DC5 (PCI DSS, CoC)
• OVHCloud Gravelines GRA-1 (ISO 27001, HDS, CoC)
• OVHCloud Roubaix RBX-5 (ISO 27001, HDS, CoC)
• Cloud Temple (Zone SecNumCloud sur demande)

Europe

• OVHCloud, Warsaw WAW-1 (Pologne) (ISO 27001)

North America

• OVHCloud Beauharnois Québec BHS-6 (Canada) (ISO 27001)

Asia-Pacific

• OVHCloud Singapore SGP-1 (Singapour) (ISO 27001)
• OVHCloud Sydney SYD-1 (Australie) (ISO 27001)

Middle East

• Oracle Cloud Dubai (Émirats arabes unis) (ISO 27001, SOC 2)

Want to find out more or choose a specific data centre? Contact us to discuss the right options for your project.

How does Clever Cloud manage security updates?

Thanks to our immutable infrastructure, security updates are automatically integrated into each deployment:

• Automated deployments: Each update creates a new instance of its own, ensuring that the latest security patches are applied immediately.
• Elimination of vulnerabilities: Any potential vulnerabilities introduced in a previous version are automatically eliminated with the redeployment.

This approach significantly reduces the risk of exploitation by attackers and ensures that your environment always remains up-to-date and secure.

What’s the best cloud for hosting healthcare data?

Clever Cloud, of course.