The SecNumCloud qualification is an initiative of the Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI). Its aim is to identify and promote a range of services from trusted cloud providers for public entities, or critical services for operators of vital importance (OIV) and essential service operators (OSE), with a focus on security and trust. By introducing this label (the highest level of security for sensitive and strategic data), ANSSI is clearly distinguishing cloud operators who respect best practices in terms of security.
SecNumCloud: definition
SecNumCloud is a cloud service qualification developed by ANSSI specifically for cloud service providers offering PaaS (Platform as a Service), IaaS (Infrastructure as a Service) or SaaS (Software as a Service) solutions. By setting up this label, ANSSI wants to avoid market fragmentation and domination by a few American players (Google Cloud, Amazon AWS, Microsoft Azure, Dropbox, Salesforce ...) subject to the American Patriot Act (2001) and Cloud Act (2018) laws allowing American judicial authorities access to data stored abroad.
By obtaining SecNumCloud qualification, service providers demonstrate their compliance with the best practices set out in the reference framework, and prove that their system has been assessed by PASSI-qualified auditors by ANSSI. In addition, this qualification enables customer organizations to identify suppliers offering an optimum level of security, in line with the standards set by ANSSI.
The SecNumCloud qualification was developed in 2016 and was revised in March 2022, resulting in version 3.2 currently in force. This qualification derives from the Secure Cloud label introduced by ANSSI in 2014. Although it is largely based on ISO 27001, which sets out requirements and best practices for information security management, SecNumCloud goes beyond this by integrating additional requirements specifically tailored to cloud service providers.
Who does the SecNumCloud label concern?
SecNumCloud qualification is for cloud service providers wishing to demonstrate their compliance with best security practices.
All providers offering cloud services are eligible for SecNumCloud qualification: SaaS (Sofware as a Service), PaaS (Platform as a Service), IaaS (Infrastructure as a Service), CaaS (Container as a Service).
This qualification is of particular interest to corporate customers looking for trusted cloud services to ensure the security of their data. Of course, achieving this qualification means that the service is recommended by the French government, which opens the door to its adoption by certain government entities.
SecNumCloud: challenges and issues for cloud providers
Companies who have obtained SecNumCloud qualification are virtually unanimous: the process of obtaining the label is far from easy. It requires not only compliance with best security practices, but also detailed process documentation and adequate network segmentation. In addition, the criteria of the standard are wide-ranging and cover various aspects, from the physical security of installations to employees authorized to work on the qualified offer. On another note, given that the standard is partly based on the ISO 27001 standard, obtaining ISO 27001 compliance certification is a relevant first step before moving on to SecNumCloud qualification.
À propos : Le blog d'AlgoSecure est un espace sur lequel notre équipe toute entière peut s'exprimer. Notre personnel marketing et commercial vous donne des informations sur la vie et l'évolution de notre société spécialisée en sécurité sur Lyon. Nos consultants techniques, entre deux tests d'intrusion ou analyses de risque, vous donnent leur avis ainsi que des détails techniques sur l'exploitation d'une faille de sécurité informatique. Ils vous expliqueront également comment sécuriser votre système d'informations ou vos usages informatiques particuliers, avec autant de méthodologie et de pédagogie que possible. Vous souhaitez retrouver sur ce blog des informations spécifiques sur certains sujets techniques ? N'hésitez pas à nous en faire part via notre formulaire de contact, nous lirons vos idées avec attention. Laissez-vous guider par nos rédacteurs : Alessio, Alexandre, Amine, Anas, Arnaud, Benjamin, Damien, Enzo, Eugénie, Fabien, Françoise, Gilles, Henri, Hicham, Jean-Charles, Jean-Philippe, Jonathan, Joël, Joëlie, Julien, Jéromine, Lucas, Ludovic, Lyse, Matt, Nancy, Natacha, Nicolas, Pierre, PierreG, Quentin, QuentinR, Sébastien, Tristan, Yann, Yannick, et bonne visite !