Capsule Security offers flexible deployment models to meet your organization's security, compliance, and data residency requirements. All deployment options maintain our SOC 2 Type 2 and ISO 27001 certifications, ensuring enterprise-grade security regardless of your chosen architecture.
Our multi-tenant SaaS deployment provides the fastest path to securing your AI agents with zero infrastructure management.
Key Features:
- Multi-tenant architecture with strong logical tenant isolation
- Fully managed by Capsule Security
- Data encrypted at rest and in transit
- Automatic updates and maintenance
- Standard internet connectivity
Best For: Organizations that want rapid deployment and minimal operational overhead.
Dedicated infrastructure with Bring Your Own Key (BYOK) encryption provides enhanced security and data sovereignty while Capsule Security manages the platform.
Key Features:
- Dedicated infrastructure for your organization
- Bring Your Own Encryption Key (BYOK) support
- Enhanced data sovereignty and control
- Customer controls encryption keys
- Standard internet or VPN connectivity options
Best For: Organizations with strict data control requirements or specific encryption key management policies.
Maximum data isolation with the database residing in your own VPC while Capsule Security manages the control plane.
Key Features:
- Database resides in customer's VPC
- Control plane managed by Capsule Security
- Maximum data isolation and control
- VPC peering or Private Link connectivity
- Customer maintains full control over data storage
Best For: Organizations requiring complete data isolation or those with strict regulatory requirements.
View detailed AWS deployment guide →
| Deployment Model | Data Location | Control Plane | Network Setup | Primary Advantage |
|---|---|---|---|---|
| Enterprise SaaS | Capsule Security cloud (multi-tenant) | Capsule Security managed | Standard internet | Fastest deployment, zero infrastructure management |
| Dedicated SaaS with BYOK | Capsule Security cloud (dedicated) | Capsule Security managed | Standard internet or VPN | Enhanced security with customer-controlled encryption |
| Customer Hosted VPC | Customer VPC | Capsule Security managed | VPC peering or Private Link | Full data isolation and control |
All deployment models are designed to meet stringent compliance requirements:
- SOC 2 Type 2 Certified - Annual audits verify our security controls
- ISO 27001 Certified - Information security management system compliance
- Data Encryption - All data encrypted at rest and in transit
- Access Controls - Role-based access control with audit logging
- Regular Security Assessments - Continuous vulnerability scanning and penetration testing
- Want the fastest time to value
- Prefer a fully managed solution
- Have standard compliance requirements
- Want automatic updates and maintenance
- Require dedicated infrastructure
- Need to manage your own encryption keys
- Have enhanced data sovereignty requirements
- Want Capsule Security to manage operations
- Must keep data within your own infrastructure
- Have strict regulatory requirements for data residency
- Need maximum control over data storage
- Require network-level isolation
Learn more about Customer Hosted VPC deployment →
- Get started with Agent Management
- Contact our team at support@capsule.security to discuss your deployment requirements