Zilliz Cloud Introduces BYOC for Greater Data Sovereignty and Compliance
Introducing Zilliz Cloud BYOC
Ten months ago, we launched Zilliz Cloud, bringing a managed Milvus service that promised better performance and lower total cost of ownership (TCO). Despite its huge success, we encountered a recurring request, particularly from prospects in financial institutions, healthcare organizations, and other highly regulated industries: the need for data to reside within their own network due to stringent security and compliance requirements.
We've listened—and today, we're excited to introduce Zilliz Cloud BYOC (Bring Your Own Cloud). This solution lets you take advantage of Zilliz Cloud's managed services while maintaining your data within your private network. It's designed to meet your security, sovereignty, and compliance needs without sacrificing performance.
What Is Zilliz Cloud BYOC?
Zilliz Cloud architecture is built on two main pillars: the Data Plane and the Control Plane.
Data Plane: encompasses all the essential components for data collection, management, and query processing, forming the backbone of our service's performance and scalability. All the customer data will reside here.
Control Plane: tasked with deployment, management, and seamless coordination across all instances of the Zilliz Data Plane, ensuring a smooth and efficient operational experience.
In the Zilliz Cloud SaaS model, both the Data Plane and Control Plane are hosted within Zilliz's VPC. This setup streamlines security and management for managing vector databases.
The Zilliz Cloud BYOC, however, introduces a different deployment model that allows customers to deploy the Data Plane within their own Virtual Private Cloud (VPC) while the Control Plane remains managed by Zilliz.
This configuration offers several key benefits:
Data Security and Compliance: By keeping the Data Plane within your security boundary, Zilliz Cloud BYOC ensures that data does not leave your controlled environment. This setup allows strict adherence to your data governance and regulatory standards, granting complete control over data access permissions.
Fine-grained Control: Zilliz Cloud BYOC puts the reins of database configuration and service support in your hands, allowing for tailor-made setups suited to specific operational requirements, whether high-volume data processing or real-time querying. It integrates seamlessly with your existing monitoring and security systems, providing an added layer of customization and control.
Cost Saving: Leveraging your existing cloud vendor relationships and savings plans becomes easier with Zilliz Cloud BYOC. It allows for cost-effective infrastructure deployment while also taking advantage of Zilliz Cloud's resource pooling solutions, enhancing resource utilization and unlocking additional cost savings.
Despite these in-depth controls and customizations, the essence of our SaaS offering remains intact. You still enjoy a full SaaS-like experience, free from the complexities of specialized internal management. Deployment, upgrades, and routine cluster maintenance are managed by Zilliz, ensuring your operations remain hassle-free and your focus can stay on what matters most—innovation and development.
Security Considerations for BYOC
In Zilliz Cloud BYOC, security and compliance are built into the architecture from the ground up, ensuring your data is safeguarded within your VPC. The following outlines our approach to maintaining stringent security protocols:
Adhering to the Principle of Least Privilege (PoLP): Our access management for the Zilliz Support team is rigorously aligned with the Principle of Least Privilege, as detailed in our Public Cloud Permission Policy. From the outset, we ensure that only the essential permissions are provided to perform required tasks, with a structured protocol in place for securely requesting additional permissions as necessary. This adherence to PoLP is a cornerstone of our security framework, ensuring robust governance over access rights within Zilliz Cloud BYOC.
Controlled Access for Software Updates: During software updates, the Zilliz team's access to the customer's Data Plane is narrowly confined to executing control commands without any direct interaction with data. This access is contingent upon explicit customer approval, ensuring customers maintain command over the process. IAM Policy/Role permissions are customizable, aligning with customer-specific security and compliance needs to safeguard the operational environment's integrity.
Data Plane Access Restrictions: Zilliz employees are not permitted access to customer data within the Data Plane. This policy ensures that customer data remains confidential and exclusively accessible to authorized users, upholding the integrity and privacy of your data storage.
Besides the above security practices, Zilliz Cloud BYOC inherits all the foundational security features and compliance standards of the original Zilliz Cloud, including data encryption, granular RBAC, OAuth 2.0, and compliance with SOC2 Type 2 and ISO 27001.
Next Steps
Interested in giving it a try? Zilliz Cloud BYOC is currently available on AWS, allowing you to leverage Zilliz Cloud's advanced features and support while maintaining your data within your AWS security and control framework. For additional information or to get started with BYOC on AWS, please contact us. We're also planning to expand our BYOC offering to other cloud providers, so keep an eye out for future updates.
Steffi LiSteffi is the Director of Product Marketing at Zilliz, with prior experience leading the GTM strategies for open-source data technologies such as Apache Kafka and Apache Airflow. Passionate about travel, yoga, and non-fiction reading, she brings a balanced and enriched worldview to her professional pursuits.
- Introducing Zilliz Cloud BYOC
- What Is Zilliz Cloud BYOC?
- Security Considerations for BYOC
- Next Steps
Content
Start Free, Scale Easily
Try the fully-managed vector database built for your GenAI applications.
Try Zilliz Cloud for Free