Headquartered in Helsinki, UpCloud stands at the forefront of the European cloud infrastructure industry, rooted in Finnish traditions of technical and business excellence. Every customer who chooses to partner with us isn’t just selecting a cloud hosting solution; they’re placing their business, their confidence, and their aspirations in the hands of a certified Cloud Service Provider (CSP).
Recognising the weight of this responsibility, it is important to highlight our operations and the shared responsibility model, ensuring all stakeholders have a clear understanding of both the opportunities and the responsibilities inherent in cloud operations – especially relating to data and information security and compliance.
Alongside our ISO 27001 certification and CISPE Code of Conduct compliance, ensuring the highest standards of data security, UpCloud’s European approach to cloud security offers unique benefits to businesses looking to operate in the EU.
Customer data belongs to the customer
Customers are in control of the data they store in our cloud infrastructure and, with data residency, customer data is always stored in the country and data centre they select through the UpCloud control panel. We will not move data without customer’s requests. Governed by GDPR and Finnish and European data privacy laws and regulations, we are committed to helping customers seamlessly achieve their compliance objectives in this field.
Continuous Improvement Cycle
We have a bug bounty program open to committed security researchers and offer a public Vulnerability Disclosure Program for reporting any possible vulnerabilities. We also believe in maintaining an open dialogue with our customers about our security practices. If you have any questions or concerns about how we manage and protect our customers’ data, we’re here to answer them. We undergo regular external testing, reviews and audits, pushing ourselves to continuously improve and adapt our security posture in response to the evolving threat landscape, including reacting immediately to discovered vulnerabilities.
Shared responsibility model
When customers build IT-infrastructure with UpCloud they are entering a model where both parties, UpCloud and them – have responsibilities for maintaining the security of the services. Customers are responsible for their applications and configuring the services – but as a cloud infrastructure provider, UpCloud offers high-level security at datacentres and server/storage locations, as well as connectivity and networking solutions like load balancing, SDN, and virtual servers as a service – and additionally certain managed services such as Backups, Databases and Kubernetes containers.
In a landscape rife with cybersecurity threats, the credibility and trustworthiness of your Cloud Service Provider (CSP) are non-negotiable. At UpCloud, we make it easier for you by demonstrating our unwavering commitment to data security. Our ISO 27001 certification and CISPE Code of Conduct compliance aren’t just badges – they’re promises of robust, transparent, and secure cloud infrastructure services.
ISO 27001: The Gold Standard in Security
As an integral part of our security framework, we’re proud to be ISO 27001 certified. This international standard not only signifies our dedication to maintaining the high level of information security but also ensures that we adhere to industry-recognized best practices in managing and safeguarding your data.
Risk Management
Part of our ISO 27001 commitment involves a holistic approach to risk management. We don’t just focus on technology; we encompass people, processes, and tech in our security endeavours. Human error can be a significant security risk. We invest in regular training for our team, ensuring they’re always up to date with the latest security protocols and practices.
Regular Audits
The ISO 27001 standard is not a one-off certification. We are regularly audited by independent third parties to ensure our adherence to ISO 27001 standards and the efficiency of our security controls.
Beyond ISO 27001
While ISO 27001 remains a core component of our security compliance, we’re also committed to aligning with other global and regional security standards and regulations, ensuring a comprehensive and multi-faceted approach to security. We are aligned with ISO 31000, NIST CSF and CISPE Code of Conduct and our data centres have multiple industry certifications on top of ISO 27001.
What is the CISPE Code of Conduct?
The Cloud Infrastructure Services Providers in Europe (CISPE) is a non-profit organisation with members that include Amazon Web Services, OVH, Hetzner, Leaseweb, Aruba, and UpCloud. The CISPE Code of Conduct focuses on data protection principles, and adhering to this ensures that your data remains within your control, isn’t used for anything other than what you’ve authorized, and remains in the EEA (EU countries, Norway, Liechtenstein, and Iceland), providing an additional layer of protection given the stringent data protection laws in place.
Choosing a European CSP with ties to a legal framework protecting personal and business data can give you an edge when it comes to security promises to customers. We are committed to complying with applicable data protection and privacy laws and helping customers achieve their compliance objectives in this field. Choosing a European CSP carries unique advantages:
GDPR and Data Protection Laws
Europe boasts the world’s most robust data protection regulations, including GDPR and upcoming NIS2, the Data Act and more. With UpCloud, customers benefit from a cloud infrastructure provider that is governed by these rigorous laws, ensuring the utmost protection for your data.
No Data Offshoring
With UpCloud, your data can reside in the country of your choosing and our systems and operations are based in Europe. This means that not only is it protected by European regulations, but it’s also protected against unauthorised legal requests from other jurisdictions that might want to access your data.
Data access, retention and cooperation
Customers control their data, server storage location and determine the retention period – your data, your rules.
The heart of our promise at UpCloud is the unwavering security of your data. Certifications like ISO 27001 and adherence to the CISPE Code of Conduct demonstrate our commitment to this promise. UpCloud can be a trusted European partner for your cloud infrastructure needs.