Secure by Design: WarpStream’s Zero-Access Model for Data Sovereignty

Grafana’s redesigned Mimir architecture uses WarpStream, a Kafka-compatible platform built on object storage, to decouple reads and writes while eliminating cross-AZ complexity. With “no disks to manage” and “no cross-AZ networking costs,” WarpStream powers scalable, cost-efficient streaming and embodies the same Zero-Access BYOC principles driving data sovereignty in modern observability stacks.

WarpStream is a Kafka protocol-compatible streaming platform, but its internal architecture is very different from Kafka. It was originally designed to trade off latency in favor of cost and ease of management but another key benefit of WarpStream's architecture is its principle of Zero-Access BYOC. In this Zero-Access BYOC model, a significant portion of the complexity of running WarpStream is delegated to the fully-managed control plane, however, unlike traditional BYOC models, WarpStream maintains a hard split between the data plane and the control plane. This means that although WarpStream operates like a managed service, the architecture guarantees that no external party can access the data plane or the compute at any time. In this talk, we will review how WarpStream's internal design enables this Zero-Access model, while maintaining a developer experience that is similar to using a fully-managed service.

We’ll also showcase Grafana Assistant in action — a hands-on look at how AI can help you explore metrics, build dashboards, and troubleshoot systems in plain English, directly inside Grafana.