Enonic Cloud Enterprise - Web application platform and CMS

Enonic Cloud Enterprise is a high-performance web application platform that includes the essential components to deliver external and internal facing web applications, services and websites. The platform includes a flexible and feature-rich Web Content Management System (CMS). Clients include government departments, banks, insurers, logistics companies and healthcare providers.


  • Simplified stack that replaces CMS, DB, Search, and Appengine
  • Serverside Javascript (any web developer can implement)
  • Continuous deployment
  • Clustered environment (high availability and performance)
  • NoSQL storage to store any data
  • Container based hosting
  • Metrics for server environment and hosting
  • Live Trace for performance tuning
  • Ready made integrations on market.enonic.com
  • Application management option


  • Fresh and responsive admin interface (mobile to large screens)
  • Rich text editor (what you see is what you get)
  • Image handling with focal point and scaling
  • Landing page editor with responsive preview
  • Version control
  • Access rights and roles
  • Schedule publishing
  • Accessibility
  • SEO compliant
  • Supports to user directories for authentication


£1380 to £10000 per unit per month

Service documents


G-Cloud 11

Service ID

7 6 4 5 6 7 8 1 9 8 9 0 8 9 0



Casper Ninteman

+44 (0) 203 808 6995


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints No special contraints.
System requirements Web browser management (supports all major browsers)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Depends on SLA. Silver i next business day response, Gold is 7 AM to 7 PM with 5 hours response time. Platinum is 2 hours response time 24/7/365.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We deliver next business day to 24/7/365 support levels. See pricing list for details. Support is generally through our ticket system with dedicated support engineers.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide onsite training and support in addition to documentation for developers and users. We can also provide remote training and support.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction Export in XML and folder stucture.
End-of-contract process XML export is includes in the price.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The admin console is fully responsive. Some functions might not be practical to complete on small mobile screens.
Service interface Yes
Description of service interface The Content Studio is the tool for creating and managing content and websites.
Accessibility standards None or don’t know
Description of accessibility The interface supports all major web browser and supports keyboard-only navigation. Contrast and use of colours are consistent with requirements.
Accessibility testing Not much done yet.
What users can and can't do using the API User typically create and expose their own public APIs built in Javascript on the server using Rest or GraphQL. There's also an application that enables full GraphQL API access for content. Including image scaling and URL generation. This enables reuse of content like a Headless CMS.

Enonic offers comprehensive Java/Javascript APIs. Containers are managed using Docker.
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • Other
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Developer build and customise the full website templating and functionality using Javascript on the server and the template engine of choice. You can also customize content types and build integration with other systems. All customisation of code is packaging in an Enonic Apps.

In addition content, menu structure and page layout can be customised using the Content Studio. You can give access for groups and roles to manage parts of the websites/content.


Independence of resources Based on modern Open Stack infrastructure with pinned hardware.


Service usage metrics Yes
Metrics types Request tracing details to find bottle necks, CPU, storage, HTTP request and response status, Memory usage, Network, Number of active instances, JVM metrics.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency Less than once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach There's a command line tool and an app to run the export function.
Data export formats Other
Other data export formats XML and folder structure
Data import formats
  • CSV
  • Other
Other data import formats
  • XML
  • JSON
  • All files can be uploaded to the Content Studio

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network Other
Other protection within supplier network Virtual sub networks for each customer project.

Availability and resilience

Availability and resilience
Guaranteed availability Up to 99.9% refund based on the following model based on reduction in availability : 0 to 6 hours: 25%. 6 hours to 12 hours: 50%. 12 hours or more 100%
Approach to resilience All infrastructure is virtualized and redundant. There's also offsite backups of data and configuration. We also offer clustered customer instances for resilience and scaling.
Outage reporting E-mail alerts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
Other user authentication We have support for pluggable authentication. Current support for LDAP, AD, ADFS, Auth0 etc.
Access restrictions in management interfaces and support channels Username and password. 2 factor if required by customer. We can also restrict based on IP.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for Less than 1 month

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach OWASP and ISO-9001 certified framework.
Information security policies and processes ISO-9001 certified framework with deviations and external auditor.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All configuration is stored using Git.
Vulnerability management type Supplier-defined controls
Vulnerability management approach The service is built on popular technology like Linux, Java and Docker. We monitor updates and deploy patches when needed.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We inform the affected customers and proceed to find a solution and patch the system.
Incident management type Supplier-defined controls
Incident management approach Incident reporting is defined in our ISO-9001 procedures. Reports are sent by e-mail.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £1380 to £10000 per unit per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Enonic Cloud is based on the free open source platform Enonic XP. It includes all core functionality, except the cloud management features like metrics, backup etc. You can launch Enonic XP for free (if you haven't signed up before) in Google Cloud Platform (https://console.cloud.google.com/launcher/details/enonic-xp-launcher/enonic-xp) or request a trial at https://enonic.com/try.
Link to free trial https://enonic.com/try

Service documents

Return to top ↑