Fundamentum by Amotus
The governance
control plane.
Not a data pipeline.
Cloud platforms answer: "Can this message be delivered?"
Fundamentum answers: "Should this action be allowed?"
These are categorically different questions. Hyperscalers solve the first with exceptional efficiency. None provides the second — the governance layer that decides what a fleet is allowed to do. That is why 74% of IoT projects fail.
850K+
Devices in production
The Architecture
Three pillars. One control plane.
A governance architecture institutionalizes the rules that currently live in the memory of the engineers who built the system. At 500 devices, that memory works. At 5,000, it fails.
Identity
Who is acting?
Cryptographic credentials for every actor — devices, users, APIs and automated processes. A verifiable identity with a defined scope of authority. When a credential is compromised, the blast radius is bounded by its role.
Lifecycle
When is action permitted?
A device in a governed fleet is never simply "online" or "offline." It occupies a defined lifecycle state — provisioned, activated, under maintenance, pending update, decommissioned. The actions available are determined by that state.
Policy
What is allowed?
Versioned, auditable, testable rulesets enforced at the infrastructure layer — independent of application code. Policy enforcement in application code is a convention; it breaks when a developer forgets to call the check. Governance-grade policy cannot be bypassed.
The Concrete Example
The governed firmware update
In an ungoverned system, a firmware update is a publish operation. In Fundamentum, it is a four-stage authorization workflow.
01 · PREPARE
Package & Sign
Firmware signed, integrity verified. Target scope and rollout parameters defined. Health thresholds set.
02 · AUTHORIZE
Identity Check
Requesting identity verified. Target devices validated against lifecycle state. Second approver engaged if policy requires.
03 · DELIVER
Staged Rollout
Cohort-based delivery. Health metrics validated at each stage. Cannot proceed beyond threshold without validation.
04 · VERIFY
Audit & Confirm
Automatic rollback on health-check failure. Cryptographic proof of every decision — who authorized, when, under what policy version.
Every action is recorded in the tamper-evident audit trail. The incident timeline is reconstructed from proof — not from log archaeology.
Why Hyperscalers Don't Solve This
The cloud is infrastructure.
Fundamentum is authority.
The hyperscaler stack was engineered to solve connectivity with exceptional efficiency. It was not designed to solve authorization. Fundamentum is the governed system you build on top of that infrastructure.
- Cloud-agnostic: can interface with AWS, Azure or Google Cloud if you require it — without lock-in
- Application-agnostic: enforcement cannot be bypassed by application code
- Connectivity-flexible: Cellular (LTE-M, 5G), LoRaWAN, Wi-SUN, DigiMesh, Wirepas
- OEM-embeddable: governance as a product layer, not a service wrapper
Stack Position
Applications
Your product — web, mobile, API
Fundamentum
Governance Control Plane
Identity · Lifecycle · Policy
Cloud Infrastructure
AWS · Azure · GCP · Sovereign
Firmware · Connectivity · Hardware
Designed by Amotus for governance from day one
