Trust & Compliance

Same capability. Your control boundary.

Every S32 product runs three ways — managed on Makom Cloud, in your sovereign cloud or on-premise environment, or fully air-gapped. The capability doesn’t change; who controls the infrastructure does.

The three deployment models

Makom Cloud — managed

Operated by S32

The fastest path to capability: S32 operates the infrastructure, patching, and availability on hardened, dedicated environments — 99.9% uptime, with your data segregated per tenant and never used beyond your mission.

  • S32 operates infrastructure, upgrades, and monitoring
  • Dedicated, tenant-segregated environments
  • Best for teams that want capability, not infrastructure

Sovereign cloud & on-premise

Your environment, your keys

Deploy into your accredited cloud region or your own data center. You hold the keys, control the network boundary, and enforce your own accreditation regime — we deliver, harden, and support the software inside it.

  • Runs in your accredited region or facility
  • You control keys, identity, and the network boundary
  • Best for national, classified, and data-residency mandates

Air-gapped

Zero external connectivity

Full product capability with no external connectivity at all — updates arrive as verified offline packages, and nothing leaves the enclave. Built for denied, classified, and high-side environments.

  • No inbound or outbound connectivity required
  • Verified offline update and threat-intelligence packages
  • Best for high-side and denied environments

What stays true in every model

Invariants, not options

  • Full product capability — no feature tiering by deployment model
  • No data exfiltration to S32: telemetry, content, and intelligence stay in your boundary
  • Immutable, append-only audit in every model — including air-gapped
  • Lawful-boundary controls enforced identically everywhere
  • Export-control and eligibility vetting before any deployment
  • The same engineering team supports every model

Choosing a model

Start from your accreditation regime and data-residency mandate, not from infrastructure preference. Most engagements begin managed and move sovereign as the program matures; classified and denied environments start air-gapped on day one. Our team will walk the decision with you — and the full compliance posture behind every model is published in the Trust & Compliance page.

Deployment planningTell us your accreditation and residency requirements — we’ll map them to a deployment model.

Contact Sales