The secure cloud from Clever Cloud

We see and practice cloud security as an ongoing process, a background task that underpins everything we do, not as something that is added to the code after it has been written. The two pillars of our security policy are immutable infrastructure and avoidance of trusted networks.

Talk to us

Immutable infrastructure

All code deployed on Clever Cloud is in an ephemeral and reproducible environment, ensuring a secure cloud. Even if the security of one of your applications is compromised, its corrupted code is automatically removed the next time it is deployed. This is particularly useful for commonly targeted applications, such as PHP CMS (usually via their plugins).

Find out more

Avoidance of trusted networks

We don’t believe in the ‘fortress metaphor’.

It’s the most attractive approach to IT security, but it’s also the furthest removed from our data security standards. For more than 20 years, it has been common practice to consider a network as a fortress, protected from the outside world by firewalls, NATs (Network Address Translation) and DMZs. This idea is now obsolete.

Our approach is based on security in depth, not perimeter security. Each peer on the same network is identified, authenticated and communicates in encrypted form, to avoid any possibility of harm or data theft in the event of an intrusion. This is what makes Clever Cloud a secure and reliable cloud.

Find out more

Open source security tools

We are committed to developing open source cloud security tools. Through our commitment to open source, we enable communities to contribute to the continuous improvement of our solutions.

See our projects

Sōzu

Reverse proxy

Biscuit

Token

A commitment to the strategic autonomy of data

At Clever Cloud, we are firmly committed to the strategic autonomy of data. This commitment is demonstrated by:

• Hosting data in France and in partner regions committed to sovereignty;
• Strict compliance with local and European regulations;
• Protecting data against extraterritorial laws by hosting it in France by default or in regions that respect confidentiality;
• The development and promotion of tools and practices that strengthen the security of our customers’ data.

To find out more about our commitment to strategic data autonomy, read our blog post.

FAQ – Cloud security

What are the main threats to cloud security?

Cloud computing offers many advantages, but it also exposes data and infrastructures to a range of risks. The most common threats include:

• Data theft and security breaches: Cybercriminals target cloud services to gain access to sensitive information (personal, financial, industrial data). Incorrect configuration or compromised credentials can facilitate these attacks.
• Ransomware and malware: Ransomware attacks, in which data is encrypted and made inaccessible until a ransom is paid, are on the rise.
• Configuration flaws: Errors in the management of access, permissions or encryption can inadvertently expose data to unauthorised persons.
• Unauthorised access: The absence of strong authentication or rigorous management of roles and permissions can allow attackers or malicious employees to access critical resources.
• DDoS (Distributed Denial of Service) attacks: Certain cloud infrastructures can be targeted by massive attacks aimed at making them inaccessible.

At Clever Cloud, we mitigate these risks through a ‘by design’ approach, integrating security and resilience into the design of our platform. Our immutable infrastructure ensures that no malicious tampering persists after redeployment. We also carry out regular security audits to identify and correct any vulnerabilities.

How do I choose a secure cloud provider?

When choosing a cloud provider, there are several key criteria to consider:

• Security certifications: Check compliance with established standards, such as ISO 27001 (information security management), HDS (Health Data Hosting) and SecNumCloud (French cybersecurity certification).
• Regulatory compliance: Make sure the provider complies with the GDPR and local regulations to ensure data confidentiality.
• Data encryption: Data must be encrypted at rest and in transit, with secure management of encryption keys.
• Transparency of data management: Check that your data will not be used for commercial purposes or accessed by unauthorised third parties.
• Independence and sovereignty: Choose a supplier that hosts its data in Europe or in regions that comply with strict confidentiality standards and are protected from extraterritorial laws (e.g. Cloud Act).

Clever Cloud meets these requirements by guaranteeing a secure, sovereign cloud, with priority hosting in France and in partner regions committed to data protection.

What are the best practices for securing applications in the cloud?

To enhance the security of applications in the cloud, we recommend adopting the following practices:

• Principle of least privilege: Each user, service or application should only have the necessary rights, to limit the risk of abusive access.
• Multi-factor authentication (MFA): Secure access to accounts with a second authentication factor (temporary code, physical key, biometrics).
• Regular updates: Keep your applications and dependencies up to date to prevent known vulnerabilities from being exploited.
• Security audits and penetration tests: Regularly test your infrastructure to identify and correct vulnerabilities.
• Adoption of an immutable infrastructure: Clever Cloud applies this principle, guaranteeing that in the event of an incident, the redeployed application will always be in a healthy and secure state.

These measures considerably reduce the risks associated with cloud security and ensure greater resilience in the face of cyber attacks.

Why is data encryption essential in cloud computing?

Encryption protects data against unauthorised access and interception attempts. There are two main types of encryption:

• Encryption of data in transit: Secures exchanges between the user and the cloud, or between different cloud services, using protocols such as TLS (Transport Layer Security).
• Encryption of data at rest: Protects files stored on cloud servers using advanced algorithms such as AES-256.

Lack of encryption can expose data to risks such as traffic interception, industrial espionage or server compromise. At Clever Cloud, we systematically encrypt communications and storage to guarantee data confidentiality and integrity.

Does Clever Cloud comply with European data security regulations?

Yes, Clever Cloud is fully compliant with current regulations and security standards:

• GDPR: Our solutions guarantee the confidentiality and control of personal data in accordance with the General Data Protection Regulation.
• ISO 27001: This certification attests to our rigorous management of information security.
• HDS: Clever Cloud is authorised to host healthcare data in a secure environment that complies with French standards.
• Protection against extraterritorial laws: We guarantee that your data is not subject to the Cloud Act or other extraterritorial regulations by favouring hosting in France and Europe.

By choosing Clever Cloud, you benefit from a sovereign European provider, applying high security standards and transparent data management.

How does Clever Cloud protect my data in the cloud?

We apply a multi-layered security approach including:

• Data encryption: All data is encrypted at rest and in transit, guaranteeing confidentiality even in the event of physical access to servers or traffic interception.
• Strong authentication: We use robust authentication protocols to prevent unauthorised access.
• Immutable infrastructure: Each deployment creates a new secure instance, automatically eliminating any potential vulnerabilities and guaranteeing an always healthy environment.

Where is my data stored with Clever Cloud?

With Clever Cloud, you have total control over where your data is stored.

• Default hosting in France: We favour European data sovereignty, guaranteeing compliance with EU regulations.
• Storage options in other partner regions: Depending on your geographical or strategic needs, you can choose other locations that comply with security standards.

How does Clever Cloud manage security updates?

Thanks to our immutable infrastructure, security updates are automatically integrated into each deployment:

• Automated deployments: Each update creates a new instance of its own, ensuring that the latest security patches are applied immediately.
• Elimination of vulnerabilities: Any potential vulnerabilities introduced in a previous version are automatically eliminated with the redeployment.

This approach considerably reduces the risk of exploitation by attackers and ensures that your environment always remains up-to-date and secure.