Governance & Risk Management , Zero Trust

Cloudflare Buys BastionZero to Guard Critical Infrastructure

Acquisition of Zero Trust Tool Secures Remote Access to Critical IT Infrastructure
Cloudflare Buys BastionZero to Guard Critical Infrastructure

Cloudflare purchased a zero trust infrastructure access startup founded by a Boston University professor to secure remote access to critical infrastructure including servers and databases.

See Also: 2024 Gartner® Magic Quadrant™ for Security Service Edge (SSE)

The San Francisco-based connectivity cloud vendor said its acquisition of Boston-based BastionZero will provide increased security, compliance and control for hybrid and remote IT teams by eliminating the need for long-lived credentials. The deal will centralize the management and security of IT infrastructure such as Kubernetes clusters, simplify zero trust practices and reduce reliance on outdated VPN setups.

"Employees have the expectation that they can effectively do their work from anywhere," Cloudflare co-founder and CEO Matthew Prince said. "There's no reason why teams managing an organization's most important systems can't have the same flexibility. Incorporating BastionZero into Cloudflare One gives IT teams access to an organization's most critical inner workings securely, wherever they are."

Terms of the acquisition weren't disclosed, and Cloudflare executives weren't immediately available for additional comment. The firm's stock is down $4.94 - or 6.57% - to $70.26 per share in trading midday Thursday (see: Cloudflare Enters Observability Space With Baselime Purchase).

What Sets BastionZero Apart

BastionZero was founded in May 2020 by Sharon Goldberg, an associate professor in Boston University's computer science department who previously co-founded Commonwealth Crypto. The company has 11 employees and raised $6 million in seed funding in May 2022 from Dell Technologies Capital, Akamai and Digital Garage of Japan.

"Scalable and secure remote access to company servers and other infrastructure is table stakes for every IT and development team," Goldberg said. "But homegrown solutions increasingly create security risks and operational costs. The acquisition enables us to deeply integrate BastionZero's unique cryptographic approach for simple passwordless infrastructure access into the world's largest secure access service edge network."

Traditional VPN setups are becoming outdated due to their overly permissive access, and Cloudflare said buying BastionZero will address this issue by providing more secure and flexible remote access. The deal will increase command and control and ensure just-in-time permissions by granting access only when necessary and monitoring access with identity-aware logging, according to Cloudflare.

"While our goal for years has been to help organizations of any size replace their VPNs as simply and quickly as possible, BastionZero expands the scope of Cloudflare's VPN replacement solution beyond apps and networks to provide the same level of simplicity for extending Zero Trust controls to infrastructure resources," Cloudflare's Kenny Johnson and Michael Keane said in a blog post.

Cloudflare said the BastionZero integration will reduce complexity by removing the need for legacy security patches and simplifying access across complex infrastructures. The acquisition also supports the changing work environment by enabling secure access to critical systems from everywhere, aligning with modern expectations of workplace flexibility.

Specifically, Cloudflare said, BastionZero's unique cryptographic method used OpenPubkey and OpenID Connect to ensure secure and efficient infrastructure access without relying on traditional long-lived credentials. The company also enhances usability and security by providing clientless RDP access, meaning that secure desktop environments can access without needing additional client installations.

"With OpenPubkey, SSO [single sign-on] can be used to grant access to infrastructure," Johnson and Keane said. "BastionZero uses multiple roots of trust to ensure that your SSO does not become a single point of compromise for your critical servers and other infrastructure."

How BastionZero and Cloudflare Will Come Together

The integration of BastionZero will be a priority over the next several quarters, and the focus will be on including new zero trust infrastructure access features in the Cloudflare One free tier for organizations with fewer than 50 users. Cloudflare said buying BastionZero will solidify the company's position in the SASE market by helping it provide secure, efficient and scalable internet services to organizations globally.

"We believe that everyone should have access to world-class security controls," Johnson and Keane said.

Gartner last month named Cloudflare a niche player in the security service edge market alongside Broadcom, iboss and Versa Networks, and analysts praised its sales strategy, sales execution and geographic strategy. Gartner criticized Cloudflare for lacking common SSE features such as advanced DLP and file sandboxing and an R&D strategy focused on closing technical gaps.

The BastionZero deal comes two months after Cloudflare purchased observability startup Baselime to enhance the developer experience on serverless platforms as well as open-source deployment platform PartyKit. A month before that, Cloudflare bought multi-cloud networking startup Nefeli Networks to enable better network and security management within the cloud (see: Cloudflare Boosts Cloud Connectivity With Nefeli Acquisition).

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.