Security

The secure cloud from Clever Cloud

Security is a process

At Clever Cloud, security is not a secondary concern. Our entire platform is built by design with security in mind. Most security work is systemic: we work to eliminate and mitigate entire classes of vulnerabilities before dealing with specific problems. Cela permet à notre plateforme de résister aux menaces nouvelles et inconnues.
Contact us

Key points

Our certifications

ISO 9001

ISO 27001 : 2022

HDS
Hosting of your data on certified partner zones

SecNumCloud
Hosting of your data on certified partner zones

When you place your trust in Clever Cloud,
you can be sure that

The security of your data is our priority

We inform you when we detect a security vulnerability and are proactive in plugging it.

You choose where your data is stored

They are available when you need them thanks to a distribution by default.

Total control over your data

Permanent and instant control, with the possibility of withdrawing them at any time.

Your data belongs to you

They will never be sold or used for advertising purposes.

Our infrastructure is regularly tested

Regular vulnerability scans and pentests of our infrastructure guarantee the security of our cloud.

We see and practice security as an ongoing process, a background task that underpins everything we do, not as something that is added to the code after it has been written. The two pillars of our security policy are immutable infrastructure and avoidance of trusted networks.

Immutable infrastructure

All code deployed on Clever Cloud is in an ephemeral and reproducible environment, ensuring a secure cloud. Even if the security of one of your applications is compromised, its corrupted code is automatically removed the next time it is deployed. This is particularly useful for commonly targeted applications, such as PHP CMS (usually via their plugins).

Avoidance of trusted networks

We don’t believe in the ‘fortress metaphor’.

It’s the most attractive approach to IT security, but it’s also the furthest removed from our data security standards. For more than 20 years, it has been common practice to consider a network as a fortress, protected from the outside world by firewalls, NATs (Network Address Translation) and DMZs. This idea is now obsolete.

Our approach is based on security in depth, not perimeter security. Each peer on the same network is identified, authenticated and communicates in encrypted form, to avoid any possibility of harm or data theft in the event of an intrusion. This is what makes Clever Cloud a secure and reliable cloud.

Open source security tools

We are committed to developing open source security tools. Through our commitment to open source, we enable communities to contribute to the continuous improvement of our solutions.

Sōzu

Reverse proxy

Biscuit

Token

A commitment to the strategic autonomy of data

At Clever Cloud, we are firmly committed to the strategic autonomy of data. This commitment is demonstrated by:

  • Hosting data in France and in partner regions committed to sovereignty;
  • Strict compliance with local and European regulations;
  • Protecting data against extraterritorial laws by hosting it in France by default or in regions that respect confidentiality;
  • The development and promotion of tools and practices that strengthen the security of our customers’ data.

To find out more about our commitment to strategic data autonomy, read our blog post.

BLOG

Our latest articles

Blog

Clever Cloud and DataConnect Africa: the first step towards a secure, sovereign cloud for Africa

As part of its international growth, Clever Cloud has signed its first partnership in Côte d’Ivoire, with DataConnet Africa, to offer the region’s first Sovereign and Secure cloud.
Company

clever cloud fest. is coming

Clever Cloud announces its clever cloud fest. an event to bring together customers, prospects, partners and more.
Company

Clever Cloud: Discover our clever side

Faced with increasingly demanding technical environments, Clever Cloud has established itself as a key player in supporting tech teams and IT decision-makers.
Company