Skip to main content

Security and control

The customer controls their appliance

The customer's appliance runs in their cloud account, on hardware they own and control. They pay for their own hardware, and are at liberty to administer it with familiar tools (e.g. AWS GuardDuty). Customers can also change their appliance's configuration. For example, they can restrict the range of IP addresses that can access their appliance's endpoint. Another example: they can shutdown appliance-provisioned hardware at any time using their cloud provider's console or APIs. Such changes can, of course, break the vendor's software.

Firewall and the audit log

The customer's appliance has a customer-controlled firewall that inspects all data into and out of the appliance. This means that the vendor's software cannot send data out of the appliance (even by accident) unless the customer explicitly allows it. Further, any bytes that egress the appliance are appended to an audit log the appliance maintains in the customer's cloud account (e.g. AWS CloudWatch, Google Cloud Platform Logging).

No access to vendor software

The customer does not have access to or visibility into the containers or virtual machines in their appliance where the vendor’s software (including ML model weights) reside. Capacity (virtual machines) running in that isolated VPC is provisioned with: keys owned by the vendor, encrypted disks, serial port access is disabled, and adding SSH keys disabled (via sshd_config). The customer only has external access to the capacity: they can see it exists, monitor its resource utilization, modify its network access, and delete it.