S3NS, a Thales subsidiary collaborating with Google Cloud, has secured the SecNumCloud 3.2 qualification from France’s National Agency for the Security of Information Systems (ANSSI) for its PREMI3NS trusted cloud service. This certification positions PREMI3NS as one of the most comprehensive cloud offerings compliant with Europe’s strictest standards for data protection and resilience against extraterritorial laws. Organizations in sensitive sectors can now deploy critical workloads with enhanced sovereignty guarantees.
The qualification underscores a strategic alliance formed in 2022, blending Thales’ cybersecurity expertise with Google Cloud’s infrastructure. PREMI3NS operates under French jurisdiction, with all management handled by S3NS personnel in domestic data centers. This setup addresses growing concerns over data sovereignty amid geopolitical tensions and regulatory pressures in the European Union.
Significance of SecNumCloud 3.2
The SecNumCloud framework sets the benchmark for cloud security in Europe, emphasizing resilience against cyber threats and legal overreach from non-EU jurisdictions. Unlike broader certifications such as ISO 27001, SecNumCloud 3.2 mandates comprehensive controls across infrastructure, operations, and supply chain security. France uniquely requires public sector entities to adhere to it for sensitive data processing, reflecting national priorities for citizen privacy and strategic autonomy.
PREMI3NS meets these demands through rigorous isolation of technologies. S3NS quarantines, scrutinizes, and validates all Google Cloud updates before integration, ensuring no unvetted components enter production environments. This process minimizes risks from third-party dependencies, a common vulnerability in multi-tenant clouds.
Christophe Salomon, Thales’ Deputy CEO for Secure Information and Communication Systems, highlighted the milestone: the qualification stems from deep collaboration between Thales and Google Cloud, delivering an unmatched breadth of services under SecNumCloud. Thales itself relies on PREMI3NS for its internal IT and engineering workloads, demonstrating practical confidence in the platform.
Partnership Foundations and Operational Model
S3NS emerged from a 2022 joint venture, with Thales holding full control to align operations with French law. The company manages PREMI3NS end-to-end, from data center hosting to service delivery, without external operators. This model contrasts with hyperscale providers where sovereignty can be diluted by global teams or offshore elements.
Infrastructure draws on Google Cloud’s infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) foundations, adapted for compliance. Virtual machines run on Compute Engine equivalents, storage leverages durable object systems akin to Cloud Storage, and databases use managed relational options like Cloud SQL. These form a scalable base for enterprise needs.
Container orchestration mirrors Google Kubernetes Engine (GKE), enabling microservices deployment with built-in security hardening. Analytics workloads benefit from serverless data warehousing similar to BigQuery, which supports massive-scale querying and positions users for AI integration. Networking features provide low-latency interconnections and advanced traffic management, critical for hybrid environments.
Future expansions include generative AI capabilities, ensuring PREMI3NS evolves with technological shifts while preserving qualification standards. S3NS commits to quarterly service rollouts, balancing innovation with validation timelines.
Early Adoption Across Key Sectors
Since launching its early adopter program earlier this year, PREMI3NS has attracted around 30 organizations testing migrations. Participants span insurance (MGEN, Matmut, AGPM), manufacturing (Thales, Birdz—a Veolia subsidiary), finance (Qonto, BConnect), services (Club Med), and energy (EDF). These firms use it for data storage, processing, and analytics on strategic assets.
EDF, France’s state-owned utility, selected PREMI3NS to handle group-wide data valorization, prioritizing compliance for operational intelligence. Thales’ internal adoption covers engineering simulations and IT operations, workloads that demand high confidentiality. Insurers like MGEN migrate core systems to reduce legacy risks, while fintech Qonto builds secure transaction platforms.
Adopters report benefits in performance and compliance. The platform’s managed services accelerate modernization without sovereignty trade-offs. For instance, manufacturing firms leverage containerized apps for supply chain visibility, and healthcare-adjacent users ensure patient data isolation.
This traction validates PREMI3NS amid Europe’s push for digital independence. The EU’s Gaia-X initiative and NIS2 Directive amplify demand for qualified clouds, with France leading certification rigor.
Broader Market and Regulatory Context
Europe’s cloud market faces dual pressures: explosive growth in AI and data demands versus sovereignty mandates. Hyperscalers dominate with 70% share, but regulated sectors hesitate due to U.S. CLOUD Act exposures. SecNumCloud addresses this by certifying providers that neutralize such risks through technical and contractual barriers.
PREMI3NS stands out with its service depth—no other qualified offering matches its IaaS/PaaS/CaaS span. Competitors like OVHcloud and Outscale hold similar certifications but offer narrower portfolios. S3NS’ edge lies in Google Cloud’s maturity, delivering enterprise-grade SLAs (99.99% uptime) within a sovereign envelope.
Public sector uptake could accelerate post-qualification. French ministries handling classified data must comply, potentially funneling billions in workloads. Private firms in defense-adjacent industries follow suit, as seen with Thales’ ecosystem.
Challenges persist. Qualification demands continuous audits, straining resources, and service expansion requires revalidation. Yet S3NS’ three-year roadmap—from inception to full qualification—signals execution discipline.
Technical Highlights of PREMI3NS Services
- Compute and Orchestration: Isolated virtual instances and Kubernetes clusters support stateful apps with auto-scaling.
- Storage and Databases: Multi-tier object storage and managed SQL/NoSQL for petabyte-scale persistence.
- Analytics and AI-Readiness: Serverless querying engines handle exabyte analytics, prepped for ML pipelines.
- Networking: Virtual private clouds with encryption-at-rest/transit and DDoS mitigation.
These enable digital transformation: manufacturers optimize IoT dataflows, banks secure transaction ledgers, and utilities model grid resilience.
Implications for European Digital Strategy
PREMI3NS reinforces France’s role as a cloud sovereignty hub. By 2025, ANSSI aims for multiple qualified providers, fostering competition. This counters U.S./Chinese dominance, aligning with the EU Data Act’s interoperability rules.
For enterprises, it simplifies vendor selection: one platform covers diverse needs without multi-cloud complexity. Early data suggests 20-30% faster migrations versus brownfield clouds, per adopter feedback.
As geopolitical risks rise—think U.S. executive orders on data access—qualified clouds like PREMI3NS become table stakes. S3NS’ model, merging local control with global tech, sets a template for others.
About S3NS
An alliance between Thales, a global leader in data protection and cybersecurity, and Google Cloud, a global leader in cloud technologies, S3NS offers public institutions and private companies, concerned about further protecting their most sensitive data, highly secure public cloud offerings to operate their transition to the trusted cloud, meeting the criteria of the ANSSI SecNumCloud framework. S3NS is a company under French law entirely controlled by Thales.
