BastionZero is leveraging cryptography to reimagine the tools used to manage remote access to servers, containers, clusters, applications and databases across cloud and on-prem environments. The company was founded by a cybersecurity professor and cybersecurity PhD who spent years working together at Boston University. We are backed by top VCs along with experienced individual operators of cybersecurity SaaS businesses.
We started out as a blockchain cybersecurity company and then followed our hearts back into infrastructure cybersecurity. The architecture of BastionZero is inspired by innovations in threshold-based cryptography and born of cryptographers and infrastructure experts looking to simplify the lives of cloud security teams, while modernizing the security models used in the cloud security space.
CEO & Co-Founder
Sharon Goldberg is also a CS professor, author of 30+ peer-reviewed infosec papers & contributor to BGP, DNS, NTP & Bitcoin standards.
CTO & Co-Founder
Ethan Heilman has been a software dev at various startups & inventor of cryptographic protocols & attacks. He holds a PhD in infosec.
Chief Product Officer
Mike Milano is a former SVP Engineering & Product at Cisco and iBoss. He has decades of experience building cloud security products.
Kevin Romani is the former VP of Global Sales at NS1. He has nearly 20 years of experience in building and scaling enterprise software sales teams that deliver rapid growth.
In January, we received a stark reminder that the security of our CI/CD pipelines is a really big deal. Your CI/CD pipeline needs the power to deploy code into your infrastructure, but deployment requires a high level of privilege, which often includes the ability to SSH into servers, to talk to APIs, to push code into containers, and to spin infrastructure up and down. If your CI/CD pipeline gets compromised, those privileges fall into the hands of an adversary… which means that an adversary can push malicious code into your infrastructure… which is ~about the worst~ thing that can happen. In this blog, I’ll explain how to use BastionZero (BZ) Service Accounts paired with our Github Actions integration to secure your CI/CD pipeline’s access to your infrastructure.
Service accounts are an integral part of many modern workflows, especially those related to continuous integration, continuous delivery, and continuous deployment (CI/CD) tools. But managing their interconnectedness presents a unique challenge to IT and security teams. Elevated privileges enable these teams to execute applications with ease—but it is precisely this high level access that can create security risks if not managed correctly. In this blog post, we'll explore the benefits and risks associated with service accounts and how they impact your organization’s security posture.
Securing and managing a build pipeline is really complicated. And esoteric. In fact, I’m willing to bet that if you put 10 platform engineers from different organizations in a single room, you’d likely find that they work with at least 13 totally different flavors of CICD pipelines.