BastionZero is leveraging cryptography to reimagine the tools used to manage remote access to kubernetes, server, application, and database infrastructure across cloud and on-prem environments. The company was founded by a cybersecurity professor and cybersecurity PhD who spent years working together at Boston University.
The architecture of BastionZero is inspired by innovations in threshold-based cryptography and developed by a team of cryptographers and infrastructure experts looking to simplify the lives of cloud security teams, while modernizing the security models used in the cloud security space. We are backed by top VCs along with experienced individual operators of cybersecurity and SaaS businesses.
CEO & Co-Founder
Sharon Goldberg is also a CS professor, author of 30+ peer-reviewed infosec papers & contributor to BGP, DNS, NTP & Bitcoin standards.
CTO & Co-Founder
Ethan Heilman has been a software dev at various startups & inventor of cryptographic protocols & attacks. He holds a PhD in infosec.
Chief Product Officer
Mike Milano is a former SVP Engineering & Product at Cisco and iBoss. He has decades of experience building cloud security products.
Kevin Romani is the former VP of Global Sales at NS1. He has nearly 20 years of experience in building and scaling enterprise software sales teams that deliver rapid growth.
Kubernetes is more popular than ever, and many organizations have tens of clusters with tens (or even hundreds) of engineers accessing each cluster using tools like kubectl, lens and k9s. But securing access to your kubernetes cluster is hard. How do you make sure that outsiders can’t get into your cluster? How do you ensure that the right insiders have the right permissions to access the right parts of your cluster? How do you ensure that when people do access your cluster (using kubectl, k9s, lens or any other such tool), you have good visibility and audit logging of what they did with this access? If you have these problems, BastionZero can help.
Utilizing BastionZero for secure access to Kubernetes clusters is a game-changer as it empowers your teams (and service accounts) to access the API in a zero-trust manner while keeping your Kubernetes API off the public internet. BastionZero eliminates the technical debt associated with long-lived credentials, privilege creep and lack of observability (where you can’t tell who has access to what parts of the cluster, or what they did with that access). Deploying BastionZero with Kubernetes provides robust protection against unauthorized access and data breaches while streamlining access management. Whether you're looking to bolster your security posture, simplify remote access, or achieve regulatory compliance, BastionZero provides a comprehensive solution through its user-friendly and easy-to-deploy platform. That’s not all - the BastionZero platform is the only access solution on the market that doesn’t require privileged access to your cluster. This means you can rest easy, knowing that a compromise of the BastionZero service won’t lead to a compromise of your Kubernetes cluster.
We have been working to write up the cryptographic protocols which BastionZero uses to offer remote access. As part of this effort, we recently released a draft of our protocol, OpenPubkey: Augmenting OpenID Connect with User held Signing Keys. BastionZero uses OpenPubkey to cryptographically bind your public key to your identity at an OpenID Provider like Google.