Building securely from the ground up
Your infrastructure is your shield
Your ML system is only as secure as the infrastructure it's built on.
Whether you're deploying locally, in the cloud, or through a hybrid setup, your infrastructure choice shapes everything from data control to defense capability. Each setup comes with distinct advantages—and trade-offs.

Local, cloud, and hybrid ML infrastructure
1. Local (On-premises)
You own and control everything—from servers to firewalls. Preferred in highly regulated sectors for maximum data sovereignty.
- Pros: Full visibility, tight control over configurations.
- Cons: Demands high in-house expertise; high maintenance burden.
- Example: A national research agency using on-premises setups to protect defense-related models from third-party risk.
2. Cloud-based
Offers built-in security tools, compliance certifications, and massive scalability.
- The Catch: TheShared Responsibility Model. The provider secures the cloud; you must secure what you put in the cloud (configs, encryption, API keys).
- Example: A startup using Vertex AI that skipped access controls on a public endpoint—a routine audit caught the misconfiguration just in time.
3. Hybrid
Combines on-prem control with cloud scalability. Sensitive data stays local; compute tasks hit the cloud.
- The Risk: Policy Drift. Security controls must be applied consistently across both. Gaps in logging can hide breaches.
- Example: A healthcare network storing patient data locally but training anonymised models in the cloud.
Distributed and Federated ML
Distributed training
Speeds up training using multiple nodes. Every node added increases the attack surface.
- Vulnerabilities: Training data interception, tampering with intermediate results, and exfiltration of model weights.
Federated learning
Collaborative training across devices without centralising raw data.
- By Design: Great for privacy (healthcare, banking).
- Attack Surfaces: Model poisoning (corrupted updates) andInference risks (reconstructing data from gradients).
Key Point
Distributed and federated approaches shift the security perimeter from a central system to a wider ecosystem. Traditional firewalls are no longer enough.
Practical trade-offs: Governance, compliance, and cost
| Type | Trade-offs |
|---|---|
| On-premises | Full control but high upfront investment and manual maintenance burden. |
| Cloud | Maximum flexibility but requires expert configuration to avoid open ports/broad permissions. |
| Hybrid | Balances compliance and agility but introduces high complexity and potential logging gaps. |
Case: The Hybrid Logging Gap
A bank used customer data on-prem but ran models in the cloud. When a breach was flagged in the cloud, they had no matching on-prem logs to investigate. Takeaway: You need unified policies across all environments.