.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg)
A physically isolated database is a data environment that is dedicated entirely to one organisation and architecturally separate from the data of any other. The family office's data does not share infrastructure, processing layers, or storage with any other organisation using the same platform. It exists in its own environment, under its own controls, accessible only to those the office has explicitly authorised.
For most software categories, this distinction is a technical nuance. For a single family office managing the complete financial picture of one family, it is one of the most consequential decisions a technology vendor makes.
The alternative and why it matters
Most software platforms, including many used in financial services, operate on shared infrastructure. Multiple organisations use the same underlying systems, with their data separated by logical boundaries rather than physical ones. This is an entirely normal architectural approach for the majority of enterprise software, and for most use cases it presents no meaningful risk.
The separation in these environments is enforced by software controls: rules within the system that determine which organisation can see which data. Those controls are generally robust. But they are not the same as physical isolation, and the distinction matters for an organisation whose exposure in the event of a breach, a misconfiguration, or an unforeseen vulnerability is categorically different from that of a typical enterprise user.
A single family office holds information that is, by its nature, irreplaceable and uniquely sensitive. The complete asset picture of a family, including the details of their legal structures, their intentions, their tax arrangements, and their relationships, is not the kind of information that can be remediated after a breach. The standard of protection applied to it should reflect that.
What physical isolation actually means in practice
In a physically isolated architecture, the family office's data resides in a dedicated environment that is not shared with any other organisation. Each client has their own database, their own processing environment, and their own access controls. There is no mechanism by which data from one organisation can be accessed, queried, or affected by activity in another.
This has several practical implications. A vulnerability in one client's environment cannot propagate to another. A misconfiguration that exposes data affects only the organisation in question. And the office can have a precise, auditable understanding of where their data lives, who can reach it, and what controls govern its access, because those controls are not shared with anyone else.
It also means the office retains meaningful sovereignty over its own data. The database belongs to them, not to the platform. If the relationship with the vendor ends, the data and its environment are clearly defined and transferable. That is a very different position from one in which data is held within a shared system that the vendor controls entirely.
What family offices should ask their technology vendors
Physical isolation is not always easy to verify from a product demonstration or a sales conversation. Vendors will often describe their security architecture in terms of logical separation without making the distinction explicit. The questions worth asking directly are:
Is our data held in a dedicated environment or shared infrastructure? Is the separation between our data and other organisations' data physical or logical? Can you provide documentation of the architecture and evidence of independent security certification that covers this specifically? And if we were to end our relationship with you, what would the process be for extracting our data from its current environment?
A vendor that has built genuine physical isolation will answer these questions with clarity and evidence. One that has not will tend to redirect toward general security assurances.
Why this matters more as AI becomes central to the platform
As AI capability becomes an increasingly important part of family office software, the question of data isolation becomes more rather than less significant. An AI agent that can query the office's portfolio data, answer questions about positions and performance, and surface insights from across the portfolio is a powerful tool. It is also a tool that depends entirely on the integrity of the data environment it operates within.
If that environment is shared, the boundaries of what the AI can access, and what it cannot, become harder to define with precision. In a physically isolated environment, the AI operates strictly within the office's own data, subject to the office's own permissions framework. The capability and the governance are aligned because the architecture makes them so.
The standard worth insisting on
Physical data isolation is not a premium feature reserved for the largest or most security-conscious family offices. It is the appropriate baseline for any organisation that takes seriously the sensitivity of the information it holds on behalf of the family.
The family office has always applied rigorous standards to the partners it trusts with that information. Its technology infrastructure deserves exactly the same scrutiny.
.png?width=400&height=225&name=Attachment%20(2).png)
