← Glossary

IaaS

In brief

The most basic layer of the cloud. You rent machines, storage and networking, and install everything else yourself. Like renting an empty space — it's up to you to fit it out.

Precise definition

Infrastructure as a Service: on-demand provision of virtualised infrastructure resources (compute, storage, network). The provider manages the hardware and virtualisation; the customer manages the system, middleware and applications. This is the layer that delegates the least, and therefore leaves the most control.

Our analysis

IaaS is the most basic layer, and the one where the customer has the greatest degree of control. You choose your system, your versions, your network configuration and your encryption method. On paper, this is the most autonomous tier possible, because nothing running on the machine itself depends on the service provider. The key word here is ‘possible’.

Possible, because technical control does not alter the legal relationship. If the provider operating the infrastructure falls under a foreign jurisdiction, they may be compelled to cut off access or hand over data, regardless of the quality of what the customer has built on top of it. The sovereignty of an IaaS is not determined by the service layer, but by the law to which the operator is subject.

Hence a common misconception among French companies: the belief that owning one’s own application stack is sufficient to ensure sovereignty. It is not enough. If the computing runs on an IaaS subject to the CLOUD Act, an in-house stack does nothing to alter that exposure. The code remains yours; access, however, depends on who controls the machine and under which law.