Security & Trust
Built for the most sensitive
infrastructure on earth.
Synestria sits at the intersection of cooling, power, compute, and network — the most consequential systems in a hyperscale facility. Every design decision reflects that trust position. Operational telemetry only. Read-only on control systems. No inbound ports. On-prem available.
Data ingested
Telemetry only
Operational metrics and events. No workload data, no customer data, no PII.
OT network access
Data diode
Hardware-enforced unidirectional flow. Return path to your OT network does not exist at the physical level — not policy, not configuration.
Inbound ports required
Zero
All connections are outbound from your network. No firewall rule changes needed.
Data residence
Your environment
Synestria installs edge servers inside your facility. Your data goes into those servers and stays there. It never reaches Synestria's remote infrastructure.
The direct answer to your CISO
Your data never leaves your facility.
Most monitoring tools pull your operational telemetry into their cloud. Synestria does not. We install edge servers inside your facility. Your data goes into those servers — and those servers are in your building. Telemetry is ingested from your existing OT infrastructure via hardware data diodes: physical devices that permit data to flow in one direction only. There is no return path. No software vulnerability, no misconfiguration, no credential exposure can cause data to flow back into your OT network — because that path does not exist at the hardware level. Processed outputs are stored on the edge servers in your building. Your data does not leave your facility unless you choose to push it to your own cloud environment. Synestria's UI and API read from your on-site edge servers. We have read access to our own hardware in your facility. You control the physical environment it sits in.
Data sovereignty
Your operational data stays in your building.
Synestria installs edge servers in your facility. Your telemetry goes into those servers. Those servers are in your building. The intelligence layer — the correlation engine, the consequence library, the EA model — runs on that hardware. Processed outputs are stored locally. Your operational data never reaches Synestria's remote infrastructure. The data boundary is physical, not just policy.
🏛
Full on-prem deployment
Synestria runs entirely within your network boundary. No operational telemetry leaves the facility. No external API calls for inference. The intelligence layer operates on hardware you control, on a network you own. Your OT data — facility capacity, thermal margins, power headroom — stays inside.
⚙
Cross-site data governance
For operators running multiple facilities, cross-site pattern learning is available under a data governance model you control. You define what is eligible to leave each site's boundary — typically anonymized, aggregated consequence metadata, never raw telemetry. The raw operational data for each site stays local. You control the policy, not us.
🔒
Why this matters to hyperscale operators
Your OT data is operationally sensitive. It reveals facility capacity, redundancy configuration, thermal margins, and power headroom. It can be used to infer your hardware procurement, your tenant mix, and your expansion plans. Keeping it on-prem is not just a security posture — it is a competitive posture. Synestria's architecture makes both possible simultaneously.
During the pilot: Synestria installs edge servers inside your facility. Those servers read from your existing telemetry sources — no new sensors on your OT equipment, no changes to your control systems. All data is stored on the edge hardware in your building. No operational telemetry is transmitted externally. The 30-day baseline is generated and stored on-site and delivered to you as a report. You decide what, if anything, moves beyond your perimeter after the pilot concludes.
Data classification
What Synestria sees — and what it doesn't.
Synestria processes operational telemetry. It has no visibility into workloads, user activity, or the data your tenants are computing on. That boundary is architectural, not just policy.
Cooling system telemetry — temperature, airflow, CDU stats
Power metrics — PDU load, UPS state, PUE, stranded capacity
GPU thermal and power readings (aggregate, not per-job)
Network fabric utilization — bandwidth, latency, port state
BMS and CRAC event streams — alarms, state changes
Scheduler queue depth and resource allocation signals
EA baseline and consequence chain metadata
✗
Synestria never touches
Workload content — what tenants are computing, training, or storing
Network packet payloads or application-layer traffic
Tenant identity, user accounts, or access credentials
Financial or billing data
GPU memory contents or model weights
Control plane commands — Synestria reads only, never actuates
Personnel data or physical access records
Network architecture
No inbound exposure. Ever.
The Synestria edge agent runs inside your perimeter and initiates all connections outbound over TLS 1.3. No inbound ports, no VPN tunnels into your OT network, no changes to your existing firewall posture.
Your perimeterOT / Facility network
BACnet / Modbus
→ data diode →
Synestria Edge Server
HW ENFORCED ↓ ONLY
SNMP / syslog
→ data diode →
Synestria Edge Server
HW ENFORCED ↓ ONLY
NVIDIA DCGM / IPMI
→ data diode →
Synestria Edge Server
HW ENFORCED ↓ ONLY
Outbound onlyTLS 1.3 egress
Synestria Edge Agent
→ outbound TLS 1.3 →
Your cloud (Snowflake / AWS / Azure)
No inbound ports. No VPN. Your data store, not Synestria's.
Your existing stackUnchanged
BMS / SCADA
DCIM
Observability
Ticketing
Custom integration
Synestria edge servers are installed inside your facility and store all processed data locally. They require outbound access on port 443 only for Synestria UI/API read access and optional cloud push. For sites where no data should egress under any circumstances, the edge servers operate fully air-gapped — Synestria accesses the UI only via your internal network.
Encryption & access controls
Standard controls, enforced consistently.
Encryption in transit and at rest across every layer. Role-based access down to the zone level. All actions logged and attributable.
🔒
Encryption in transit
TLS 1.3 enforced on all connections — edge agent to API, webhook delivery, console access. TLS 1.2 rejected. Certificate pinning available for edge agent deployments.
🗄️
Encryption at rest
AES-256-GCM for all stored telemetry and consequence chain data. Encryption keys are managed per deployment. On-premises deployments retain full key custody.
🔑
Access controls
Role-based access control with scoped permissions. Tenant data is isolated from operator data at the architectural level — not through policy. No cross-tenant data access is possible.
👥
Role-based access
RBAC down to the zone level. Roles: Viewer, Operator, Site Admin, Fleet Admin. SSO via SAML 2.0 and OIDC. MFA enforced on all console access. Provisional patent pending on RBAC architecture.
📋
Audit logging
All API calls, console actions, and configuration changes are logged with user, timestamp, IP, and change delta. Logs are immutable and exportable to Splunk, Datadog, or S3.
🔄
Data retention
Configurable per site — 90 days default, up to 5 years for EA baseline archival. Customers can trigger verified deletion at any time. Deletion confirmed within 30 days across all replicas.
Deployment options
Edge-first. Always.
Every Synestria deployment runs an edge agent inside the customer environment. There is no cloud-only option — the intelligence lives at the edge where the data is generated. The difference between models is where consequence processing aggregates, how long-term data is stored, and how Synestria maintains visibility into its own deployed equipment without touching customer operational data.
Edge + customer cloud
Connected
Edge agent processes telemetry on-prem. Structured EA scores and consequence intelligence egress to your cloud environment — your Snowflake instance, your AWS or Azure VPC. Synestria's UI and API read from your data store. Your raw telemetry never leaves the facility.
Edge agent in your subnet, outbound only
Raw telemetry processed at the edge, never transmitted raw
Structured outputs egress to your cloud over TLS
Long-term storage in your Snowflake or cloud data store
Synestria reads your data store — does not hold it
Edge-primary
On-prem processing
Full consequence engine runs on-prem. Only structured EA scores and chain metadata egress — to Synestria cloud or customer-hosted Snowflake. Synestria NOC sees agent health status only; customer OT data never leaves the facility.
Full consequence engine on customer hardware
Raw telemetry never leaves the facility
Long-term storage in customer-hosted Snowflake or Synestria cloud
Synestria NOC access scoped to agent health only
Recommended for hyperscale and co-location operators
Air-gapped
Fully on-prem
Complete Synestria stack runs inside the customer perimeter. No data egress of any kind. Synestria accesses its own equipment only via signed offline update packages or scheduled on-site visits. For classified, government-adjacent, or zero-trust mandated environments.
All processing and storage fully on-prem
Console deployed inside customer network
Updates via signed offline package
No Synestria cloud dependency at runtime
Available for qualified enterprise agreements
OT / ICS security
Designed for the Purdue Model.
Synestria was built with industrial control system security principles from the ground up. It reads from OT layers — it never writes to them, never bridges Level 0/1 to the enterprise network, and carries no credentials that could actuate physical systems.
Purdue Model — Synestria positioning
IEC 62443 reference architecture for industrial cybersecurity
Level 4–5Enterprise / DMZ
Business systems, cloud, external integrations Synestria cloud sits here
Synestria consequence intelligence is published to enterprise platforms (Palantir, ServiceNow, PagerDuty) at this level. No OT credentials, no OT network access at this layer.
Level 3Site operations
DCIM, SCADA, historian, site dashboards Edge agent deployed here
The Synestria edge agent is deployed at Level 3 — the standard integration tier for DCIM and operational monitoring systems. It uses the same read-only access paths that existing DCIM tools use.
Level 2Supervisory control
BMS, SCADA HMI, CRAC controllers Data diode from Level 2
Telemetry from Level 2 systems (BACnet/IP, Modbus TCP) traverses a hardware data diode before reaching the Synestria edge server. The diode enforces unidirectional flow at the physical layer — no return path exists. No write credentials are provisioned because no write path exists.
Level 1Process control
PLCs, RTUs, physical actuators Synestria never touches
Synestria has no integration path into Level 1 or Level 0. Physical control systems are not accessible, not readable, and not in scope. The consequence engine recommends actions — it never actuates them.
Level 0Physical process
Sensors, motors, physical plant Out of scope entirely
Physical plant equipment. No integration, no visibility, no path.
Compliance & certifications
Where we are and where we're going.
We are committed to meeting the certification requirements of hyperscale operators. Below is our current status and roadmap. Security documentation packages are available under NDA for qualified prospects.
Penetration testing
Third-party pen test completed on API and edge agent. Report available under NDA.
COMPLETED — Q2 2026
Provisionals — IP protection
Three provisional patents filed: EA method, RBAC architecture, closed-loop optimization. Gunderson Dettmer counsel.
FILED — Q2 2026
SOC 2 Type II
Audit initiated. Covers Security, Availability, and Confidentiality trust service criteria.
IN PROGRESS — audit period Q3 2026, report expected Q1 2027
GDPR / Data Processing Agreements
DPA template available for EU-based operators. Data residency selectable to EU-West.
DPA AVAILABLE NOW — full assessment Q4 2026
ISO 27001
Information security management system certification. Scope includes cloud platform and edge agent.
PLANNED — Q3 2027
IEC 62443 self-assessment
Formal self-assessment against IEC 62443-2-4 (service provider security requirements) for OT integration environments.
PLANNED — Q4 2027
FedRAMP Moderate (conditional)
For operators supporting US government or DoD-adjacent workloads. Scoped to air-gapped deployment model.
PLANNED — dependent on government customer qualification
NIST CSF alignment
Full mapping of Synestria controls to NIST Cybersecurity Framework 2.0 Identify / Protect / Detect / Respond / Recover functions.
PLANNED — Q2 2027
Security documentation — Penetration test summary, architecture security review, data flow diagrams, and vendor security questionnaire responses are available under NDA for qualified enterprise prospects. Contact us via the form below or through your account team.
Security questions? We'll answer them directly.
No security questionnaire too long. Our team responds to enterprise security reviews within 48 hours.