ANSSI SecNumCloud: the highest level of security for sensitive and critical data
As the national authority for security and information systems defence in France, the French National Agency for the Security of Information Systems (ANSSI) recommends using solutions that hold its security visa. The agency also created the SecNumCloud framework to promote, enrich and improve cloud provider offerings to public authorities, Operators of Vital Importance (OVI) and Operators of Essential Services (OES). This way, these organisations can outsource their data hosting, applications and information systems to trusted partners.
OVHcloud’s SecNumCloud services are hosted in two of our new datacentres. Built specifically in France, Roubaix and Strasbourg, they address the security challenges associated with storing sensitive and critical data. These datacentres have enhanced security measures. The services hosted there are operated, maintained and monitored exclusively by personnel based in Europe. Furthermore, the SecNumCloud solutions are a guarantee to customers that none of their data will be accessible, transferred or processed outside the European Union.
In today’s interconnected global environment, digital sovereignty is a major political issue. In 2017, ANSSI published the SecNumCloud framework and a qualification procedure for “cloud computing service providers”, modelled on those existing for trusted service providers (electronic certification, incident detection, timestamping, security audit, etc.). Its aim is to guide administrative authorities, operators of vital importance (OVIs), and all European and French economic operators towards trusted cloud providers.
SecNumCloud-qualified Hosted Private Cloud powered by VMware
In December 2020, OVHcloud obtained the SecNumCloud certification for its Hosted Private Cloud product. This service, which has been ISO 27001 certified since 2012, consists of a highly automated dedicated infrastructure in the form of a VMware Software-Defined Data Centre (SDDC), and includes vSphere, vCenter, NSX and vROps features. The customer data is not subject to non-European regulations.
SecNumCloud framework origins
The SecNumCloud framework, which resulted from the Cloud plan (one of the 34 plans proposed by the 2014 New Industrial France programme) and a dialogue with relevant stakeholders, is aligned with the ISO 27001 standard. It specifies the security measures to be implemented in order to provide a highly secure cloud service for critical processing. The framework of requirements was updated in June 2018. In the new release, the Essential and Advanced levels have been removed to leave only one qualification level. In addition, privacy requirements have been added to take into account the General Data Protection Regulation (GDPR) in Europe.
About ANSSI Security Visas
The Security Visas issued by the National Cybersecurity Agency (ANSSI) allow reliable security solutions to be identified following an evaluation carried out by approved laboratories in accordance with a rigorous and proven methodology. This assessment involves an in-depth analysis of the organisation and its procedures, architecture and technical configurations in order to verify the compliance of these solutions with the relevant framework of requirements. A Security Visa is issued with a certificate or qualification, depending on the context and need. Security Visas are a guarantee of security for users in a framework of trust built by the ANSSI (source: ANSSI)
Certifications and reports
Our customers can request access to our certifications and reports. They may also obtain documents relating to our certifications, under certain conditions.
We only authorise audits carried out by third parties for the purpose of certifying all relevant parties. Contact our sales department to access this type of service.