BYOC Architecture: Why Your Data Should Never Leave
A deep dive into our Bring Your Own Cloud deployment model and SOC 2-ready security architecture.
When an AI vendor asks you to upload your financial data to their cloud, they're asking you to trust them with your most sensitive information — vendor contracts, invoice amounts, payment records, employee data. Most enterprises (rightfully) say no.
That's why inferonIQ was built BYOC-first. Your data never leaves your network. Period.
What BYOC Actually Means
Bring Your Own Cloud (BYOC) means inferonIQ deploys as a sealed container inside your infrastructure. It connects to your databases using credentials that only exist inside your network. No data is transmitted to, processed by, or stored on inferonIQ servers.
Supported Deployment Targets
Zero Data Movement Architecture
Traditional SaaS tools follow a “data-to-compute” model: they pull your data into their cloud, process it, and send results back. This creates massive attack surface, compliance risk, and data residency issues.
inferonIQ follows a “compute-to-data” model:
- The container runs inside your VPC — connects to databases using your existing IAM roles, service accounts, or connection strings.
- Queries execute locally — SQL is generated and executed within your network. Results never leave your infrastructure.
- AI models run locally — LLM inference for NL2SQL and document extraction runs inside the container. No API calls to external AI services with your data.
- Updates are pull-based — The container checks for new versions on a schedule you control. No inbound network connections required.
Security Controls
Role-Based Access Control
RBAC with tenant isolation. Users only see databases and schemas they're authorized for. SSO integration via SAML/OIDC.
Audit Trail
Every query, login, configuration change, and data access is logged with timestamps, user IDs, and IP addresses. Exportable for compliance.
PII/PHI Detection
Automatic detection of personally identifiable and health information during schema cataloging. Flagged columns can be excluded from NL2SQL queries.
Encryption
TLS 1.3 in transit. AES-256 at rest for all cached metadata. Database credentials encrypted with per-tenant keys.
SOC 2 Readiness
inferonIQ's architecture is designed to SOC 2 Type II requirements. Formal certification is in progress.
BYOC vs. Traditional SaaS: A Comparison
| inferonIQ BYOC | Traditional SaaS | |
|---|---|---|
| Data location | Your infrastructure | Vendor cloud |
| Network exposure | Zero outbound data | Full data transfer |
| Compliance | Inherits your controls | Depends on vendor |
| Data residency | Your jurisdiction | Vendor's regions |
| Vendor lock-in | Container-based, portable | Data trapped in SaaS |
Getting Started
Deployment takes under 15 minutes. Pull the Docker image, provide your database credentials, and the system auto-discovers your schema. No data migration, no ETL, no staging environment required.