BYOC is a delivery model where software is deployed directly into customer’s accounts. This delivery model combines the ease of use and user experience of a hosted application, with the security and ownership of self-hosting/on-prem applications. Vendors who adopt a BYOC deployment model often see an increased cost basis, flexibility to meet enterprise customer needs and can unlock new features and integrations.

Unlock Enterprise/Regulated Customers

Many customers no longer see regulations and compliance standards such as SOC-2, and HIPAA as enough. While these are still table stakes for many customers and help build confidence, these same customers are asking for BYOC deployments so their application environment is isolated in the case that something goes wrong.

BYOC deployments are more secure, and can leverage existing security policies and best practices. BYOC deployments can be deployed into customer accounts allowing them to adopt new software without lengthy procurement processes.

Flexible Delivery Model

BYOC opens up a flexible delivery model, where software can be deployed in customer managed accounts, and in some cases alongside customer managed resources.

Most BYOC applications are deployed into a new customer account (usually an account within a larger org, on a public cloud provider), and the vendor is responsible for deploying the network, compute and application stack. Usually, the customer has less control over how the application is run in this model.

Shared responsibility deployments are deployments where a vendor deploys software into a customer managed compute cluster or virtual network. Shared responsibility models require more maintenance, but give the end customer more control over the application being run.

Cost / Complexity

Running software in customer cloud accounts can help reduce cost and complexity for many classes of applications, especially infrastructure products that leverage large amounts of customer data. Particularly, products that need to work with data can avoid paying for network (ingress/egress) to transfer data from customer accounts to a hosted environment.

Furthermore, vendors that leverage a BYOC deployment model do not have to build large scale hosted environments to support the aggregate of their user base. Instead, they only need to scale to their largest customers, since each customer is deployed in an isolated environment.

Security / Reliability / Sovereignty

By running software in a customer’s cloud account, three large classes of challenges can be mitigated:


While running software in the customer’s cloud account does not necessarily mean the application is more secure, it often means the blast radius of a security incident can be closed off. When software is deployed using a BYOC model, each customer has their instance in an isolated account. Customer’s can have peace of mind that in the case of a vendor breach, or security incident they are not directly affected.


Applications that require high throughput, and uptime are often deployed using a BYOC model for reliability. This means that large customers can run the application in their own account, in a region or availability zone closer to their application or users.

BYOC also mitigates cases where a single vendor outage can affect all customers.

Data Sovereignty

Emerging data sovereignty requirements and regulations are forcing more vendors to change how they store and access customer data. Many data soveriegnty challenges can be mitigated by running software in the customer’s account.

BYOC deployments mean that no customer data is colocated amongst tenants, and customers who need to need local data sovereignty laws can deploy the application in public cloud regions that meet their requirements.

Deeper Integrations

BYOC deployment models enable vendors to deploy their application inside of a customer cloud account, and in a shared responsibility model directly inside an existing network or compute cluster.

By running software closer to customer infrastructure, deeper integrations can be created allowing vendors to provide more value for their customers. For instance, these applications can directly talk to internal databases, apis and other systems that would require data transfer, or cross account networking to enable integrations with.

Faster Enterprise POCs

Vendors selling into the enterprise are often asked to do large, multi-month POCs to prove out their product value. By offering a BYOC deployment option, many vendors can start these POCs faster by side stepping various steps in the procurement lifecycle that might involve auditing a hosted environment, data transfer and more.

Furthermore, since POCs that are deployed directly in the customer account can more deeply integrate with customer infrastructure and systems, these POCs often can have a better outcome.