nexqloud
Adventist Sovereign Cloud Initiative

NexQloud Sovereign

A Covenant Cloud Partnership for Adventist digital infrastructure — owned, governed, and stewarded by the Church.

For: Ernest Staats · From: Mark Hannah · May 2026
Prepared forSeventh-day Adventist Church
The proposition

Own the infrastructure that carries the mission.

Not hosting. A way for the Seventh-day Adventist Church to own, govern, secure, and steward the digital infrastructure that carries its mission, protects its data, serves its institutions, and preserves its independence.

The Church should own the digital ground its work now stands on — the same way it has always owned the ground beneath its churches, schools, and hospitals.

First — the part you came for.

You're here to vet how we secure it. Let's settle that first — then the bigger picture.

Proven, not promised

Independently audited.

Attestation

SOC 2 Type 2

Unqualified opinion · Security criteria · audited by Prescient Security.

Track record

Zero incidents

No security incidents during or after the observation period.

Full report & penetration-test letter available under NDA.
Architecture

You own it. We never see your data.

CUSTOMER CONTROL BOUNDARY — you own it 1Control PlaneNexQloud One · no data 2IdentityNebula · per node 3Sovereign MeshNano · servers · bare-metal · cloud 4Edgelast-mile reach 5Congregations ·Ministries · Memberspublic services no single point to seize DATA PROTECTIONUnderpins every layer above In transitAt restIn use (Sealed)mutual-auth encryptionTPM + tamperconfidential compute
Stages 2–4 are the infrastructure you own; NexQloud One runs the control plane only — never your data.
Identity · access · encryption

Locked down at every layer.

Zero Trust

Built on Nebula — every node gets a cryptographic identity; nothing is trusted by location.

Access

MFA enforced, least-privilege RBAC, privileged-access management, deprovision in ≤3 days.

Encryption

In transit and at rest (AWS KMS); TPM full-disk plus Lenovo/HP chassis-tamper on devices.

The crux of sovereignty

Who can decrypt your data? You.

Today

AWS Secrets Manager (KMS)

Keys managed by NexQloud under IAM + RBAC — fit for our SOC 2-attested platform.

Roadmap
Sovereign target

You hold the keys (HYOK)

Via our confidential-computing patents — no operator, including us, and no single cloud can decrypt it.

Watched · tested · controlled

Continuously verified.

Monitoring

AWS GuardDuty threat detection, centralized logging, and a documented incident-response plan.

Testing

Quarterly vulnerability scans plus an annual third-party penetration test (VAPT).

Change / CI-CD

Dev / test / prod separation with documented approvals — change you can audit.

Honest scope: SOC 2 attests our managed platform today; the distributed edge (Nebula/TPM) is on the roadmap for audit scope.
Why this matters

For 150 years the work was carried by property. Today it's carried by the cloud.

Churches, schools, hospitals, publishing houses — the Adventist Church secured them because they carry the mission. We never rented the ground the work stood on; we owned it, governed it, and held it in trust.

In the digital age, cloud infrastructure has become mission property. Member records, donor gifts, student and patient data, media, ministry — the front door to the mission is now digital. The question is the one the Church has always answered: do we own the ground the work stands on?

If a church building, a school, and a hospital are worth owning for the cause of God, so is the infrastructure that now carries the same work.
Rooted in our own counsel

Owned for the cause of God — but never kingly power.

Ellen White urged the Church to secure its property for the cause of God, and organized in part to hold that property in trust for the work. Ownership was never the world's instinct to hoard — it was stewardship of what God had entrusted.

She also warned, just as firmly, against centralization — against "kingly power" gathered into one place. That gives us our design principle: the Church owns and governs the asset, while the architecture stays distributed, accountable, and regionally adaptable. Owned — but not over-centralized.

Not another centralized cloud to depend on. A mission-owned, distributed fabric the Church governs.
The scale makes it strategic

An institutional decision — not an IT purchase.

24.3M
members worldwide
106K+
churches and companies
200+
countries & areas
Plus 10,000+ schools and 2.4M+ students, and nearly 200 hospitals and sanitariums — every one generating data that today depends on someone else's cloud.
The Covenant Cloud Framework

Six pillars.

Church-owned

Servers, data, identity, and recovery — owned by the Church. The new property.

Sovereign governance

Where data lives, who can open it, who holds the keys — decided by the Church.

Distributed, not central

Global standards, regional control, local resilience. Owned — never kingly power.

Trust-tier workloads

Sensitive data on high-assurance; everything else on low-cost capacity.

Mission continuity

Carries on through outage, censorship, lock-in, and attack. The lamp that doesn't go out.

Mission-aligned revenue

From expense to asset — infrastructure that helps fund the work.

From expense to mission asset

Infrastructure that funds the work.

Once the Church owns secure, distributed infrastructure, it can responsibly extend it to mission-aligned organizations — faith-based schools, ministries, Christian media, and humanitarian and health initiatives that can't afford hyperscale cloud, without forcing them into the same dependency.

Like publishing houses and hospitals before it, the cloud becomes an institutional asset that both serves the mission and sustains it — revenue reinvested into education, healthcare, media, humanitarian work, and evangelism.

If churches, schools, and hospitals can be mission assets, so can the cloud — turning a recurring expense into an engine for the work.
The questions for leadership

Five questions for the board.

01

Should the Church keep renting its most critical digital infrastructure — indefinitely?

02

Should member, donor, student, and patient data stay structurally dependent on outside hyperscalers?

03

Should we own the next generation of mission infrastructure — as we have owned churches, schools, and hospitals?

04

Can we reduce cloud cost while improving resilience, sovereignty, and global continuity?

05

Could this become the model for faith-based digital infrastructure worldwide?

The invitation

A Covenant Cloud Design Partner.

Not a vendor contract — a joint institutional design partnership. We don't host the Church; we help the Church own its own cloud.

Phase 1
1

Sovereignty assessment

Map current spend, data sensitivity, residency, and the first workloads to move.

Phase 2
2

Pilot workloads

Start safe — public sites, media, backups — across a few countries. Live in 60–90 days.

Phase 3
3

Governance & expansion

Define who owns what and who holds the keys; then extend across the institutions.

A stewardship decision for you, Justin & General Conference leadership — whenever you're ready.
Prepared for the General Conference of Seventh-day AdventistsSeventh-day Adventist Church
01 / 15