Private Cloud is our most advanced offering — built for organizations that require maximum security, dedicated infrastructure, and complete isolation from other customer data. This article explains what the Private Cloud solution includes, how it works, and why it may be the right choice for your organization.
What is Private Cloud?
Private Cloud provides everything included in our Business plan, along with a fully isolated cloud environment managed exclusively for your organization. It’s designed for teams that need higher levels of security, compliance, and control over where and how their data is stored.
With Private Cloud, you get:
- A dedicated, isolated AWS environment that isn’t shared with other customers
- Your choice of data hosting location
- Unlimited Workspaces
- Advanced user management with SCIM provisioning
- Enhanced security through BYOK (Bring Your Own Key) encryption.
Key features
Dedicated private cloud environment
Your organization receives its own fully isolated AWS environment, separate from all other Sketch customers. This gives you full control over your data’s security, isolation, and compliance posture — while still benefiting from the reliability and scalability of Sketch’s cloud architecture.
Choice of hosting location
You can choose where your data is hosted amongst select AWS regions in the United States and Europe, helping you meet specific regional regulations or internal data residency requirements.
Unlimited Workspaces
Create as many Workspaces as you need, so teams and departments can structure their work freely. You’re billed once per unique Editor, meaning an Editor can belong to multiple Workspaces at no extra cost.
SCIM provisioning
Private Cloud supports SCIM user provisioning, allowing you to automate account creation, updates, and deactivation through your identity provider (such as Okta or Microsoft Entra ID). This keeps your Sketch access aligned with your internal user directory automatically. Learn more
BYOK Encryption
BYOK lets you secure your Workspace data using your own encryption key managed in Amazon Web Services (AWS). Your organization maintains full control over how data is encrypted and who can access the keys, while Sketch manages the cloud infrastructure powering your Workspace. While BYOK is included in the plan, enabling it is completely optional.
When you enable BYOK, your Workspace is encrypted using:
- An AWS KMS (Key Management Service) key
- An AWS IAM Role that grants us permission to use that key.
Both the key and the IAM role are created in your own AWS account. Once they’re set up, you simply enter the corresponding ARNs (Amazon Resource Names) into Sketch to activate encryption for your Workspace.
Keep the following in mind if you enable BYOK:
- You’ll need to migrate your documents to a new encrypted Workspace. Our team can handle the migration for you.
- You can use multiple encryption keys per Workspace. We support more than one AWS KMS key if your organization needs it.
- Encryption can’t be turned off once it’s enabled. The only way to disable it is to delete every document stored in that Workspace.
- Files can only move between encrypted Workspaces. To transfer files between encrypted and non-encrypted Workspaces, you’ll need to download the documents and upload them to the Workspace you want to move them into.
You can only enable BYOK encryption in empty Workspaces. You can’t turn it on for a Workspace that already contains documents.
Why choose Private Cloud?
Private Cloud is built for organizations with strict security needs or compliance requirements. It’s ideal if your team needs:
- Dedicated infrastructure with complete data isolation
- Control over data residency
- Automated and secure user lifecycle management
- Enterprise-level encryption with customer-managed keys
- Flexibility to support multiple teams and Workspaces under a single bill.
If your company operates in highly regulated sectors, such as finance, government, healthcare, or large enterprise environments, Private Cloud provides the highest level of assurance and control Sketch offers.
How do I get started with Private Cloud?
- Visit our pricing page
- Choose the Private Cloud option
- Complete the request form with your organization’s details.
Someone from our team will then get in touch to discuss your requirements, help set up your Workspace, and guide you through onboarding. Your dedicated CSM will support you throughout the entire process.
