The story of BastionZero

BastionZero is leveraging cryptography to reimagine the tools used to manage remote access to kubernetes, server, application, and database infrastructure across cloud and on-prem environments. The company was founded by a cybersecurity professor and cybersecurity PhD who spent years working together at Boston University.

‍The architecture of BastionZero is inspired by innovations in threshold-based cryptography and developed by a team of cryptographers and infrastructure experts looking to simplify the lives of cloud security teams, while modernizing the security models used in the cloud security space. We are backed by top VCs along with experienced individual operators of cybersecurity and SaaS businesses.

Get Started

Product Overview

Our Leadership

Sharon Goldberg, PhD

CEO & Co-Founder

Sharon Goldberg is also a CS professor, author of 30+ peer-reviewed infosec papers & contributor to BGP, DNS, NTP & Bitcoin standards.

Ethan Heilman, PhD

CTO & Co-Founder

Ethan Heilman has been a software dev at various startups & inventor of cryptographic protocols & attacks. He holds a PhD in infosec.

Mike Milano

Chief Product Officer

Mike Milano is a former SVP Engineering & Product at Cisco and iBoss. He has decades of experience building cloud security products.

Kevin Romani

CRO

Kevin Romani is the former VP of Global Sales at NS1. He has nearly 20 years of experience in building and scaling enterprise software sales teams that deliver rapid growth.

Backed By

Read more from the BastionZero team

Why you should use BastionZero to secure access to your k8s clusters

Kubernetes is more popular than ever, and many organizations have tens of clusters with tens (or even hundreds) of engineers accessing each cluster using tools like kubectl, lens and k9s. But securing access to your kubernetes cluster is hard. How do you make sure that outsiders can’t get into your cluster? How do you ensure that the right insiders have the right permissions to access the right parts of your cluster? How do you ensure that when people do access your cluster (using kubectl, k9s, lens or any other such tool), you have good visibility and audit logging of what they did with this access? If you have these problems, BastionZero can help.

Achieving Zero-Trust Security in Kubernetes Clusters with BastionZero: Simplifying Access Management and Enhancing Protection

Utilizing BastionZero for secure access to Kubernetes clusters is a game-changer as it empowers your teams (and service accounts) to access the API in a zero-trust manner while keeping your Kubernetes API off the public internet. BastionZero eliminates the technical debt associated with long-lived credentials, privilege creep and lack of observability (where you can’t tell who has access to what parts of the cluster, or what they did with that access). Deploying BastionZero with Kubernetes provides robust protection against unauthorized access and data breaches while streamlining access management. Whether you're looking to bolster your security posture, simplify remote access, or achieve regulatory compliance, BastionZero provides a comprehensive solution through its user-friendly and easy-to-deploy platform. That’s not all - the BastionZero platform is the only access solution on the market that doesn’t require privileged access to your cluster. This means you can rest easy, knowing that a compromise of the BastionZero service won’t lead to a compromise of your Kubernetes cluster.

BastionZero’s OpenPubkey: Why I think it is the most important security research I’ve done

We have been working to write up the cryptographic protocols which BastionZero uses to offer remote access. As part of this effort, we recently released a draft of our protocol, OpenPubkey: Augmenting OpenID Connect with User held Signing Keys. BastionZero uses OpenPubkey to cryptographically bind your public key to your identity at an OpenID Provider like Google.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Resources

Read Our Docs

Check Out The Protocol