Since founding 6clicks, we've maintained an unwavering commitment to a principle that sets us apart in the GRC landscape: one codebase. This isn't just a technical decision but a promise that every customer, regardless of where they're located or how they choose to deploy, benefits from the same innovation, security updates, and feature releases simultaneously.
Where we started: Building on Azure foundation
Our partnership with Microsoft has been foundational to our hosting strategy. From day one, we've leveraged Microsoft's global cloud infrastructure Azure, to deliver deployment options that meet diverse sovereignty, security, and commercial requirements:
- Public cloud: Our multi-tenant environment serving organizations globally with the efficiency and scale of shared infrastructure
- Dedicated hosting: Single-tenant environments within Azure, providing isolated compute and storage while maintaining our managed service model
- Private hosting: Region-specific deployments in 6clicks or customer-managed Azure geographies, addressing data residency requirements for regulated industries and government entities
- Government cloud: Purpose-built for government workloads that require higher assurance than standard public cloud, including dedicated tenancies, strict access controls, and alignment with government security and sovereignty requirements across federal, state, and local agencies
You can explore these options in detail at 6clicks.com/cloud-hosting-options.
Where we are going: self-hosted deployment
We are now working on releasing a non-Azure self-hosted deployment for 6clicks. Over the past year, we've been working closely with defense organizations, regulators, and critical infrastructure operators who've consistently told us: cloud connectivity—even to private Azure regions—isn't always an option. Air-gapped networks, classified systems, defense facilities, and critical infrastructure require complete network isolation while still demanding world-class GRC capabilities.
Self-hosted deployment for 6clicks is our answer, and we are working with key customers and partners to now ensure alignment with these requirements.
What 6clicks self-hosted GRC delivers
Self-hosted 6clicks keeps deployment entirely inside your technical and security boundary while delivering the same core platform capabilities available across all 6clicks environments.
Installation
We've built on Docker, which provides a clean, isolated environment that eliminates operating system and tooling incompatibilities while simplifying database and environment management. Our containerized approach means you can deploy on:
- On-premises infrastructure
- Classified networks (up to and including air-gapped environments)
- Sovereign government cloud tenancies
- Hardware under your complete physical and operational control
Configuration
Full control through environment variables allows you to tailor 6clicks to your operational security requirements:
- Timezone and regional settings for global organizations
- Growing language support including Arabic and Japanese
- User management integrated with an increasing range of identity providers
- Logging and audit configurations compliant with local security frameworks
- External data storage for integration with local enterprise-grade storage systems
- External secrets management using locally hosted Hardware Security Modules (HSMs)
Security
We've designed self-hosting specifically for environments with the highest security standards. Immediately, this means that your deployment will include:
- Security audit frameworks aligned with industry security standards
- SSL/TLS setup for enforced secure connections within your security boundary
- Single Sign-On (SSO) integration with local identity management systems
- Two-factor authentication (2FA) or multi-factor authentication (MFA) enforcement
- Network isolation configurations for air-gapped deployment
Running fully offline
Air-gapped deployment presents unique challenges. We've engineered 6clicks to maintain full GRC capabilities and AI capabilities with zero network connectivity to the outside world.
Where we are heading:
- Complete functionality: Risk management, audit workflows, policy management, and reporting operate fully offline
- Offline AI models: Our AI-powered GRC runs entirely within your environment—no external API calls, no internet dependency
- Content & framework updates: Compliance frameworks and control mappings update through secure, manual transfer processes we've developed
- Software updates: Software updates including bug fixes and new features are made available through a secure, manual transfer process we've developed
- Data sovereignty: Everything stays within your security perimeter always
One codebase, ultimate control
Here's what doesn't change: you're still running the same 6clicks platform. The AI models, Hub & Spoke architecture, compliance frameworks, and core capabilities that power our public SaaS are identical to what you'll deploy in your air-gapped environment.
This is crucial for modern organizations. You're not getting a compromised "offline edition" with reduced functionality. When we enhance our AI capabilities, update compliance frameworks, or improve workflow automation, those improvements are packaged for secure transfer to your environment.
Why this matters for industry segments
Government, defense, regulators, and critical infrastructure providers face a unique challenge: they need cutting-edge GRC capabilities but operate under the most restrictive security constraints. Legacy GRC platforms force an impossible choice: accept cloud dependencies that conflict with security requirements, or deploy outdated on-premises software that can't keep pace with modern compliance demands.
We've created the solution for both.
For government departments & agencies:
- Deploy on nationally-controlled infrastructure with zero foreign dependencies
- Support multi-domain operations across air-gapped and connected networks
- Scale from tactical deployments to national or state/province-wide governance
For defense organizations:
- Deploy on classified networks without compromising capability
- Maintain compliance with defense security frameworks while accessing AI-powered GRC
- Operate across coalition environments with varying classification levels
- Control every aspect of deployment, updates, and data residency
For critical infrastructure:
- Run in completely isolated environments protecting essential services
- Meet sector-specific security requirements (energy, telecommunications, transportation)
- Integrate with existing enterprise-grade security infrastructure
- Maintain operational continuity even in contested environments
Working with partners now
We're actively deploying self-hosted 6clicks with defense, government, and critical infrastructure organizations. We're gathering operational feedback, refining secure deployment procedures, and building comprehensive documentation tailored to defense security requirements. Early deployments are running in classified environments across multiple continents, proving that world-class GRC and maximum security aren't mutually exclusive.
If your organization operates in classified, air-gapped, or sovereign defense environments and needs GRC capabilities that meet your security requirements, let's talk about deployment timelines. The future of defense-ready GRC isn't about choosing between capability and security. It's about having both—on your terms, within your security perimeter, under your complete control. And that future is coming soon.
