Dedicated
Its own servers, storage and network. The island does not share with any other client.
The Sovereign Island.
A single product: dedicated critical infrastructure per client. It comes in three sizes, it is configured to the work of each team, and it can be maintained over time under the same discipline with which it is built.
WHAT IT IS
Critical infrastructure, dedicated to a single client.
The Sovereign Island is a client's complete critical infrastructure: the servers, the storage, the network and the identity on which their team runs the applications and holds the sensitive data. Each island is dedicated to a single client and built by a reproducible method.
It solves a concrete problem. The infrastructure most organizations work on is third-party, opaque and subject to foreign law; almost no one has confirmed it recovers after a failure, and leaving it is hard. The Sovereign Island puts that infrastructure under the client's control and under European jurisdiction, with its recovery already proven and with an exit guaranteed in writing. Four properties define it.
Rebuildable
The whole island is described in code and can be brought up again from that description, with no manual configuration.
Auditable
Every change to the island is a logged review, with date and author. Who did what and when stays on record, available for review.
Portable
The client can take the island away at any time, without Kverno and with no lock-in to a cloud provider: it can move to another provider or to the client's own hardware. The guarantee is set in writing from the start.
THE THREE ISLANDS
Three sizes, one method.
The island comes in three sizes, according to the load it will host and the criticality of the work. Capacity and resilience change; the build method and the recovery test are the same in all three. An island can grow from one size to the next without being rebuilt.
Compact
A sovereign platform in its most direct form.
- Form
- A single dedicated server.
- For whom
- Small teams, internal portals, light tooling and first sovereign platforms.
Includes
- Dedicated infrastructure for a single client
- Unified identity with second-factor authentication
- Encrypted and verified backups
- Continuous external vigilance, with SLA and immediate alerting
- A real recovery test before delivery
- A production environment
- A written exit guarantee
Does not include
See Island S → - High availability: scheduled maintenance involves an agreed downtime window
- Capacity for intelligence platforms with many dependencies
Working
Real capacity for intelligence and security work.
- Form
- A single high-capacity dedicated server.
- For whom
- Teams running demanding threat-analysis platforms, such as OpenCTI or MISP, in production.
Includes
- Everything in Island S
- Capacity for full intelligence platforms
- A staging environment separate from production
Does not include
See Island M → - High availability: scheduled maintenance involves an agreed downtime window
Resilient
Continuity when an outage is not acceptable.
- Form
- Several dedicated servers in high availability.
- For whom
- Critical production operations that cannot afford an interruption.
Includes
- Everything in Island M
- High availability: the system tolerates the failure of one server without interrupting service
- Maintenance with no downtime window
- Internal real-time dashboards with metrics and alerts
Does not include
See Island L → - For environments that require exclusively dedicated hardware, the bespoke variant exists
Each island is quoted on its scope: the size, the applications it will run and the level of operation the client wants to delegate. The quote is settled after the Assessment.
BESPOKE VARIANT
For regulated environments.
Some regulated environments require exclusively dedicated hardware and an end-to-end verified boot. For those cases a bespoke variant exists: the island is built on physical servers, owned by Kverno or by the client, with disk encryption and boot-integrity verification. The build method and the recovery test stay identical. The difference is the substrate the island sits on. This variant is defined case by case, after studying the client's requirements.
PROFILES
One product, configured for each case.
Size sets capacity. What sets the work are the applications that live inside the island. Each island is designed with the client, according to what they need to run, what identity they use and how their team works. The platform is the same on every island; the components that run on top are defined by each client.
Threat intelligence
An island prepared for threat-analysis and correlation platforms, such as OpenCTI or MISP, with its own identity and second factor.
Security operations
An island for monitoring and response: observability, centralized logging and the security team's own tools.
Access and collaboration
An island for sensitive work that needs its own identity, internal collaboration and strict control over who gets in and to what.
MatrixForgejoOpenCTIMISPVaultwardenAuthentikTheHiveWazuhNextcloudMattermostKasmWiki.js
ENVIRONMENTS
Production and staging.
An island can be delivered with two separate environments. One for production, stable, where the real work runs. One for staging, where the client team validates changes before taking them to production. A failure in the staging environment does not reach production. Island S is delivered with a production environment; Islands M and L include both.
ZERO TRUST ACCESS
Two planes, kept apart.
Access to the island is Zero Trust: nothing is reachable without prior verification and no port is open to the internet. Whoever operates the island and whoever uses its applications are not the same people, and neither is their access. The team that operates the island reaches its controls through a private channel, with credentials signed at each session and revoked when it ends. The people who use the applications come in through a single identity gate, with a second factor. The two planes are separate by design, each with its own controls.
DOCUMENTATION
The dossier that opens the door.
Selling to a public body, a bank or a regulated company means going through their procurement and compliance process. Kverno hands over that dossier already done: a technical file of the island, generated from the real system, versioned and always current.
Architecture
The diagram and description of the system delivered, with no opaque areas.
Service inventory
What runs on the island and at which version, with its provenance.
Data matrix
Which data is processed, where it resides and under what retention policy.
Access matrix
Who accesses what, with which authentication and under what control.
Backup and update policies
Frequency, retention, encryption and maintenance windows, in writing.
Responsibility model
What falls to Kverno and what to the client, with no ambiguity.
Vigilance model
What is watched from outside, at what cadence and how it is reported, with its SLA in writing. What a regulated buyer needs to defend the operation in front of their auditor.
Traceability and audit
Every change to the island is recorded with date and author. A full log of who did what and when, available for review.
The same principle sustains the exit guarantee: no dossier is written by hand. Every one is generated from the island and kept current with it.
ONGOING OPERATION
The Managed service.
A delivered island can be run by the client, with its manuals and its exit guarantee. For those who prefer to delegate that operation, the Managed service keeps the island in good shape over time, under the same discipline with which it was built.
Updates
The system and its applications are kept current, in planned windows and never on freshly released versions.
External vigilance
The island is watched from outside, continuously: certificates, backups, endpoints and latency. If anything fails, the operations team gets an immediate alert, even when the island itself is down.
Verified backups
Backups are checked on a regular basis. Their recovery is not taken for granted.
Periodic recovery
The recovery test is repeated regularly, not only before the island is delivered.
Identity and access
Joiners, leavers and access changes managed, with a record of who gets in and when.
Incident response
A defined procedure and agreed response times for when something goes wrong.
The Managed service is optional and agreed separately. Those who prefer to run their island themselves receive everything they need to do so.
Tell us your case.
If you want to know which island size and profile fit your case, write to us and we will review it with you.