Redefining zero trust for access to cloud infrastructure

With BastionZero, infrastructure teams can easily configure, manage and secure fine-grained access controls to infrastructure targets in any cloud or on-prem environments.

Learn more about our solution

Got 6 minutes?

Learn how our security model works from our CEO

Frequently asked questions

What if BastionZero is compromised?

If BastionZero’s cloud service is compromised, then the adversary’s options are limited. The adversary can drop messages as they traverse the cloud service, but they cannot execute commands or set up tunnels to the target. This follows because the attacker does not have a valid user account on the Identity Provider (SSO) associated with the target. The targets validate each access against the SSO; so if the SSO has not validated the access, the target will not accept the connection!

What if the user’s SSO is compromised?

Targets are still secure as long as the user’s independent MFA to the BastionZero cloud service is not compromised.

What if BastionZero and the user’s SSO are both compromised?

An adversary can compromise the system only if the BastionZero cloud service was compromised along with a valid user SSO. This scenario is improbable because it means the attacker has compromised multiple independent systems: BastionZero’s cloud service AND the SSO. The increase in attack complexity is the desirable consequence of our MrZAP protocol, which uses multiple roots of trust to eliminate single points of compromise.

Who designed and built your protocol?

We did. Our team includes multiple PhD cryptographers who have collectively authored over 30 peer-reviewed papers in security and cryptography. You can learn more about our protocol by reading our whitepaper or visiting our open-source repositories!

See it for yourself.

Sign up for a demo.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.