Learn why engineers at financial, healthcare, and government organizations are able to sail through Architecture/Security review.
But what about compliance?
Here's where precision matters. Security and compliance are different things. While Prefect's architecture delivers the isolation that regulated organizations need, specific compliance frameworks like FedRAMP involve requirements beyond technical security. And this distinction is crucial to understand.
The good news? We have an option for every requirement. Commercial organizations needing bank-grade security can use our hybrid model today. Federal agencies with FedRAMP requirements can deploy a customer-managed version of Prefect Cloud and maintain complete control.
We've designed our (patented) hybrid architecture so you never have to compromise. But to understand why this works, you need to understand something fundamental about how Prefect Cloud is built.
Here's what most people miss about Prefect Cloud: it's not a monolithic platform. It's actually built as two separated components that operate independently. That's the not-so-secret sauce for security.
Component 1: Prefect Cloud (The Control Plane)
Component 2: Your Execution Environment
The critical insight: These components remain completely separated, communicating only what you allow. Your sensitive data and proprietary code never leave your environment or accounts. Period.
This separation isn't clever engineering for its own sake. It's what lets us meet vastly different security and compliance requirements with one platform. Whether you're a bank in New York, a hospital in Texas, or a federal agency in Virginia, we can configure these components to match your exact requirements.
So how does this architecture translate into a real implementation of the product? Let me walk you through the three options, starting with what works for most commercial organizations with heightened security requirements or who require more control over the environments that are running their flows.
1┌───────────────────────────────────────────────────────────┐
2│ HYBRID MODE ARCHITECTURE │
3├───────────────────────────────────────────────────────────┤
4│ ┌─────────────────────────────────────────────────────┐ │
5│ │ Prefect Cloud (Control Plane) │ │
6│ │ • UI • Scheduling • State • Logs • Alerts │ │
7│ └─────────────────────────────────────────────────────┘ │
8│ + │
9│ ┌─────────────────────────────────────────────────────┐ │
10│ │ Your Infrastructure (Everything Else) │ │
11│ │ • Code • Data • Compute • Networks • Policies │ │
12│ └─────────────────────────────────────────────────────┘ │
13└───────────────────────────────────────────────────────────┘
14This is secure enough for:
Why it works: Your code, data, and secrets never have to leave your environment. What does cross the boundary? Only the orchestration metadata is required:
Most organizations find they can minimize this to just basic execution state: essentially "job started," "job running," "job completed." But even this limited metadata makes some security teams nervous.
"What if even controlled metadata crossing the internet is unacceptable?" they ask.
Fair question. Let me show you Enhanced Hybrid.
For organizations where even metadata can't touch the public internet, we support AWS PrivateLink. This isn't a band-aid solution. It's purpose-built for enterprises that measure security in layers of isolation.
1┌────────────────────────────────────────────────────────┐
2│ HYBRID MODE + PRIVATELINK │
3├────────────────────────────────────────────────────────┤
4│ │
5│ Your VPC Prefect Cloud │
6│ ┌──────────────┐ Private ┌──────────────┐ │
7│ │ Execution │ Endpoint │ Control │ │
8│ │ Environment │◄─────────────►│ Plane │ │
9│ └──────────────┘ No Internet └──────────────┘ │
10│ Routing │
11│ │
12│ • Traffic never touches public internet │
13│ • End-to-end encryption within cloud backbone │
14│ • Network isolation at infrastructure level │
15└────────────────────────────────────────────────────────┘
16With PrivateLink:
With PrivateLink, even metadata (those simple "job started/completed" messages) travels through private network connections, never touching the public internet. You get SaaS convenience without SaaS exposure.
This configuration is currently powering data operations at major banks with strict network segmentation requirements, healthcare systems processing millions of patient records under HIPAA, and European organizations navigating GDPR's data localization maze. These aren't theoretical use cases. They're running in production today.
But there are scenarios where even this isn't enough.
But what if you need the entire Prefect Cloud experience within your own boundaries? That's where Customer-Managed Prefect comes in.
This isn't some stripped-down version. Customer-Managed Prefect brings the entire Prefect Cloud API into your environment. You get the same UI, the same features, the same capabilities. The only difference? It runs on your infrastructure, under your control, meeting your compliance requirements.
1┌───────────────────────────────────────────────────────────┐
2│ Customer-Managed ARCHITECTURE │
3├───────────────────────────────────────────────────────────┤
4│ ┌─────────────────────────────────────────────────────┐ │
5│ │ Prefect Cloud (Self-Hosted Control Plane) │ │
6│ │ Running in your infrastructure │ │
7│ └─────────────────────────────────────────────────────┘ │
8│ + │
9│ ┌─────────────────────────────────────────────────────┐ │
10│ │ Your Infrastructure (Execution) │ │
11│ │ Also in your infrastructure │ │
12│ └─────────────────────────────────────────────────────┘ │
13│ │
14│ Everything runs in your environment. │
15│ Nothing external. Complete isolation. │
16└───────────────────────────────────────────────────────────┘
17How it works: You deploy Prefect Cloud via Helm into your Kubernetes cluster. It requires the infrastructure you're already running: PostgreSQL for state, Redis for caching, and your existing auth provider (Okta, ADFS, Entra). All data is encrypted in transit via TLS and at rest using your cloud provider's encryption.
The beauty of this approach? Your security team can audit every component. Your compliance team can check every box. And your data team still gets a modern, cloud-native orchestration platform.
Required for:
For completeness: we also offer fully managed execution where Prefect handles everything. Perfect for teams without onerous security requirements, but if you're reading about regulated industries, you're likely evaluating Options 1 or 2.
Now let me address some specific scenarios.
If you're in government, you face a unique set of challenges that go beyond technical security. Even with these challenges, these environments can still use an iteration of Prefect Cloud. The answer for government is Customer-Managed Prefect, and whether you're dealing with FedRAMP compliance or classified air-gap requirements, the deployment approach remains consistent.
Federal agencies operate under a straightforward regulatory reality: any cloud service holding federal information (including orchestration metadata) needs FedRAMP authorization. This isn't a technical security question—it's about regulatory compliance. The path forward is to deploy Customer-Managed Prefect entirely within your agency's boundary, whether that's AWS GovCloud, Azure Government, or another authorized environment. Once deployed, you authorize it as part of your system ATO, and you're fully compliant.
For classified environments operating at Secret, Top Secret, or TS-SCI levels, the rules become absolute: complete air gap with no exceptions. Customer-Managed Prefect runs entirely inside your SCIF with no external dependencies, meeting the strictest isolation requirements while delivering the reliable, resilient, and robust orchestration that government environments demand.
With the deployment options clear, let me tackle the objections that come up in virtually every engagement we have with security minded organizations, regardless of industry. These are valid concerns that deserve honest answers.
I hear this one constantly, and I get it. Your data IS sensitive. But here's what's actually happening in hybrid mode: your data never touches Prefect Cloud. Not a single byte.
What does cross the boundary? Only orchestration metadata: run states, timing, task names. And you control every bit of it. You can disable cloud logging, use code names for sensitive operations, keep all artifacts local. With PrivateLink, even this minimal metadata travels through private networks, never touching the public internet.
The architecture solves the problem, not policies or promises.
This objection usually comes from a good place, the desire for control. But consider what self-hosting enterprise orchestration actually means:
You need dedicated DevOps engineers with Kubernetes expertise. You're responsible for UI servers, databases, APIs, and maintaining high availability. You handle all updates, patches, and version management. You manage backups, disaster recovery, and scaling. When something breaks at 3 AM, it's your team's phone that rings.
You're not just standing up a server, you're becoming a platform team. And for what?
The hybrid model gives you control over what actually matters (your code and data) while Prefect handles the complex orchestration infrastructure. It's like the difference between using Gmail with your own domain versus running your own email servers-you get enterprise features without becoming infrastructure experts.
Unless you're processing classified data or legally prohibited from using US-hosted services, this requirement is usually about control, not location. And hybrid mode delivers that control without turning your data team into platform engineers.
This is where I love to surprise people. Your security team is right to be cautious, but here's what changes their mind:
In hybrid mode, workers make pull/outbound connections only, and Prefect Cloud cannot:
What it can do is show you what's running, what failed, and why. That's it: orchestration metadata only.
But here's what really wins them over, the enterprise security features we provide:
And with PrivateLink, your security team can be assured no data is touching public networks. They can see for themselves that the architecture delivers what we promise.
This combination of architectural separation, enterprise security features, and private networking is why some of the world's most security-conscious organizations trust this model.
After all this discussion about security models and compliance frameworks, here's what it comes down to:
We have a solution for your requirements, whatever they are.
If you're a commercial organization (a bank, healthcare provider, or enterprise), hybrid mode with PrivateLink gives you the security you need without the overhead of becoming a platform team. Your data stays put, your security team stays happy, and your data team can actually focus on data work.
If you're a government agency bound by FedRAMP requirements, Customer-Managed Prefect gives you full compliance today. Deploy it in your GovCloud environment, include it in your ATO, and get on with your mission.
The major banks using Prefect aren't compromising on security. The government agencies running our platform aren't waiting for someday. They've all recognized the same truth: modern data orchestration isn't about hosting everything yourself. It's about choosing the right architecture for your specific requirements.
So the next time someone insists you must self-host everything for security, ask them this simple question:
"Why should I maintain an entire orchestration platform when I can control just the parts that touch my data?"
Then send them this post.
To learn more about Prefect:
Happy Engineering!
