From Public Cloud to Air-Gapped: How Governance Levels Give You Total Control Over Where AI Runs
THE ENTERPRISE BRIEF
HIPAA. SOX. ITAR. GDPR. Data residency laws. Every regulated industry has rules about where data can be processed. Most AI tools offer a binary choice: use their cloud, or do not use the tool. Lumina introduces a four-tier clearance system that mirrors how enterprises already classify information, and lets each AI agent respect that classification independently.
The conversation about AI adoption in regulated industries always hits the same wall: "We would love to use this, but we cannot send patient data to your cloud."
Or: "Our legal team says financial projections cannot leave our network."
Or: "This is classified. If it touches the internet, we have a problem."
These are not objections to AI. They are objections to architecture. The organization trusts the technology but cannot trust the deployment model.
Governance Levels solve this by letting you match the deployment model to the sensitivity of the data, agent by agent, use case by use case.
The Four Levels
L1: Public Cloud OK
For publicly available data: market research, published reports, product catalogs. Data can be processed anywhere. No egress restrictions, no mandatory audit logging. This is your fastest, most cost-effective option for non-sensitive workloads.
L2: Internal Restricted Egress
For company-internal data: HR metrics, operational dashboards, internal sales figures. Data can only be sent to authenticated, trusted destinations. Metadata-level audit logging captures what was asked and when, without storing the raw content.
L3: Confidential Local Only
For regulated data: patient records (PHI), financial PII, customer credit information. No cloud egress permitted. AI inference runs on your own servers via Ollama, vLLM, or any OpenAI-compatible endpoint. Full transcript audit logging is mandatory.
L4: Air-Gapped Zero Network
For the most sensitive data: classified operations, defense analytics, pre-merger financial models. The AI runs entirely in the browser sandbox. No network calls whatsoever. Telemetry is offline. Full transcript audit with tamper-proof logging.
Edge Inference: Your AI, Your Servers
Governance Levels L3 and L4 unlock a capability that most analytics platforms simply do not offer: on-premise AI inference.
When you set an agent to L3 Confidential or higher, Lumina routes all AI requests to your own infrastructure instead of the cloud. You choose the endpoint, the model, and the telemetry mode.
Your Endpoint
Point to Ollama, vLLM, or any OpenAI-compatible API running on your servers. One URL, and Lumina reroutes everything.
Your Model
Llama, Mistral, Phi, or any model your team approves. You control the weights, the version, and the update cycle.
Your Telemetry
Choose offline mode for zero external communication, or sync mode for metadata-only reporting. You decide what leaves your network.
REAL-WORLD EXAMPLE: REGIONAL HOSPITAL NETWORK
A hospital network deploys Lumina with two agent configurations: a marketing analytics agent at L1 (using cloud AI for public campaign data) and a clinical research agent at L3 (using a local Llama model running in their data center). Patient data never touches the internet. The marketing team gets the speed of cloud AI. Both teams use the same platform. Compliance signs off on both.
Matching Governance to Industry
The power of per-agent governance is that different teams within the same organization can operate at different clearance levels, without running separate platforms.
| Industry | Use Case | Level | Why |
|---|---|---|---|
| Retail | Product performance analytics | L1 | Public catalog data, no PII |
| Finance | Internal revenue forecasting | L2 | Material non-public information |
| Healthcare | Patient readmission analysis | L3 | PHI under HIPAA, must stay local |
| Defense | Operational readiness assessment | L4 | Classified, zero network permitted |
Each agent is configured independently in Agent Studio. A single Lumina deployment can serve all four scenarios simultaneously. The governance travels with the agent, not the platform.
Set Your Governance Policy
Assign clearance levels that match your regulatory requirements, from public cloud to fully air-gapped, in Agent Studio.