What Is BastionZero?
BastionZero is the Zero Trust Access Platform that connects engineers to infrastructure without risking the keys to your kingdom.
The BastionZero product is maintained for existing BastionZero customers only.
Moving forward, we are natively rebuilding BastionZero’s technology as Cloudflare’s Access for Infrastructure service.
BastionZero is a cloud service that allows you to remotely access infrastructure targets in any cloud or data center. Cloud-agnostic remote access is provided according to a zero trust security model to ensure:
No long-lived credentials are held by users or clients.
Every human access to an infrastructure target is behind single sign-on (SSO) authentication and multi-factor authentication (MFA).
The BastionZero cloud service does not have privileged access to targets and does not create a point of compromise for your infrastructure.
Access to targets is controlled via a policy.
Every access and action to a target is logged, which includes access logs, session recordings and individual commands that a user ran on a target.
With BastionZero, you can simplify and secure your infrastructure by eliminating VPNs, bastion hosts, and SSH and Kubernetes key management. There is no need to set up IAM roles across different clouds and accounts, and it simplifies the process to on- and off-board users.
BastionZero can also help bring your infrastructure into SOC2 compliance because it is built on top of the open-source cryptographic MrZAP protocol.
To get started, you can read our deployment guides, learn more about our architecture or security model, or see how to integrate BastionZero into your existing SSH workflows, DB workflows, Kubernetes clusters, or web servers.
Last updated