SeveUp

SeveUp had built its initial cloud infrastructure on OVHcloud, the French hyperscaler and one of the largest cloud providers in Europe. For a fast-growing startup this was a practical choice: OVHcloud offered competitive pricing and data residency within France, which aligned with SeveUp’s domestic market focus.

An Enterprise Customer’s Security Ultimatum

The situation changed when a major enterprise customer in the European real estate sector imposed strict new security requirements as a condition of continued and expanded engagement. The client manages a large portfolio of complex built assets across multiple countries, including properties where the confidentiality of building data is not merely a commercial concern but a genuine operational security matter.

BIM models in this context contain far more than floor plans. A fully developed model can expose structural load-bearing details that reveal where a building is most vulnerable; MEP (mechanical, electrical, and plumbing) schematics showing the exact routing of power, water, gas, and fire suppression systems; security and access control infrastructure including door schedules, lock specifications, and surveillance layouts; emergency egress routes and assembly points; and asset-level data on high-value or sensitive equipment. In the wrong hands, this information could enable targeted physical intrusions, infrastructure sabotage, or detailed intelligence gathering about occupants and operations — risks that go well beyond a conventional data breach.

The Case for Azure

The customer’s security requirements specifically demanded alignment with internationally recognised cloud security benchmarks — something OVHcloud’s product ecosystem could not deliver at the required depth.

CIS Security Baseline

The project adopted the CIS (Center for Internet Security) Benchmarks for Azure as its security baseline. CIS is an internationally respected cybersecurity organisation that produces consensus-based security configuration guidelines for major cloud platforms. Its Azure benchmark is compiled from the contributions of more than 12,000 IT security professionals worldwide and is updated continuously to reflect the evolving threat landscape.

The CIS Azure Benchmark underpins the security requirements of several global regulatory and standards frameworks, including the World Economic Forum cybersecurity guidelines, ENISA recommendations, the NIST Cybersecurity Framework, FFIEC information security requirements, and HIPAA security rule guidance. This breadth of coverage meant that full CIS compliance positioned SeveUp’s infrastructure not only to satisfy the customer’s immediate requirements, but also to meet the security expectations of any future enterprise customer operating in regulated industries.

Azure’s built-in CIS compliance tooling — available through Microsoft Defender for Cloud — was leveraged to accelerate the assessment and remediation process. This allowed a systematic, policy-driven approach rather than ad hoc configuration, and provided an auditable compliance score that could be demonstrated directly to the customer’s security team.

DevOps Pipeline Migration

In parallel, SeveUp’s DevOps pipelines were migrated to Azure DevOps, with automated release management configured for development and staging environments, and controlled, approval-gated release processes put in place for production. This brought SeveUp’s software delivery lifecycle into full alignment with its new cloud infrastructure.

“SeveUp’s strict security requirements made the decision to move operations to Azure straightforward. The robust security configuration and tooling available in Azure meant that the project went very smoothly. The collaboration with the SeveUp team was outstanding. Their expectations and requirements were very clear, which made the project easier to execute.”

Gunnar ÓttarssonCloud Infrastructure Specialist

The project was delivered smoothly and ahead of expectations. Despite the depth and breadth of the CIS benchmark controls, Azure’s native compliance tooling meant that the remediation process was systematic and efficient. SeveUp’s clear requirements and well-prepared team made the engagement straightforward to execute.

• Full CIS compliance — all Azure CIS benchmark controls implemented, giving enterprise clients auditable security assurance
• Faster queries — infrastructure optimised for SeveUp’s compute-intensive BIM workloads, with improved query performance across the platform
• Cost flexibility — access to Azure’s wide VM size catalogue allows right-sizing per workload type, creating new opportunities for infrastructure cost optimisation
• Full observability — Application Insights and Azure Monitor provide comprehensive telemetry, load visibility, and alerting across the entire stack

Beyond immediate compliance, the migration to Azure opened new strategic possibilities for SeveUp. The platform’s breadth of data and analytics services — including Azure Synapse Analytics, Azure AI Foundry, and Power BI Premium — creates a natural pathway for SeveUp to deepen the analytical capabilities of its BIM dashboards and expand its product offering.