What Is BastionZero?

BastionZero is a cybersecurity company that originated in the cryptocurrency space. It was founded by Sharon Goldberg and Ethan Heilman, who initially launched the company as Commonwealth Crypto in 2018[reference:0]. The company's early mission was to develop technology that would allow traders to maintain custody of their coins while trading on a cryptocurrency exchange[reference:1].

In 2020, the company rebranded as BastionZero and pivoted away from the cryptocurrency industry, applying its cryptographic security expertise to the broader problem of securing access to computer servers and other infrastructure[reference:2][reference:3]. The company raised approximately $7.5 million in funding, including a $6 million seed round led by Dell Technologies Capital[reference:4][reference:5].

In May 2024, BastionZero was acquired by Cloudflare, a major network and security provider[reference:6][reference:7]. Its technology is now being integrated into Cloudflare's Zero Trust Network Access (ZTNA) platform as Cloudflare Access for Infrastructure[reference:8].

Key takeaway

BastionZero is not a cryptocurrency or a blockchain project with a native token. It is a cybersecurity technology company that originally focused on crypto custody solutions before pivoting to zero-trust infrastructure access. Any "BastionZero token" listings on third-party sites are not affiliated with the official company.

Core Technology: MRZAP and Zero Trust

BastionZero's foundational technology is built around a cryptographic protocol called MRZAP (Multi-Root Zero Trust Access Protocol)[reference:9]. This protocol provides a secure "bastion as a cloud service," eliminating single points of compromise in infrastructure access[reference:10].

Zero Trust Security Model

The core principle of BastionZero's approach is zero trust. In a zero-trust model, clients do not have any standing credentials[reference:11]. Instead:

This approach is designed to prevent attacks like the 2001 Fluffy Bunny hacking group, which exfiltrated long-lived SSH credentials and used them to compromise targets[reference:15]. By using short-lived tokens, the attack surface is significantly reduced.

Multiple Independent Roots of Trust

BastionZero's unique security model uses multiple independent roots of trust to control access to infrastructure targets[reference:16]. This means that even if one root of trust is compromised, the others remain secure, eliminating single points of failure[reference:17][reference:18].

Why this matters

Traditional VPNs and bastion hosts create a single point of compromise. If an attacker breaches that point, they can access everything. BastionZero's architecture distributes trust across multiple independent roots, making it much harder for an attacker to gain comprehensive access.

BastionZero's Crypto Custody Origins

Before becoming an infrastructure security company, BastionZero (then Commonwealth Crypto) focused on a critical problem in the cryptocurrency industry: exchange custody risk.

When traders use a centralized exchange, they typically deposit their coins into the exchange's wallet, giving the exchange custody of their assets. If the exchange is hacked or becomes insolvent, traders can lose their funds. BastionZero's original technology aimed to solve this by allowing traders to maintain custody of their coins while still trading on an exchange[reference:19][reference:20].

How It Worked

This technology was particularly valuable for institutional traders and high-net-worth individuals who wanted to trade on exchanges without exposing their entire holdings to exchange risk.

Important note

BastionZero's crypto custody technology is no longer actively developed as a standalone product. The company pivoted away from the cryptocurrency industry in 2020[reference:24], and the original product is maintained only for legacy customers[reference:25]. New users interested in crypto custody solutions should research current offerings from other providers.

The Pivot to Infrastructure and Cloudflare Acquisition

In 2020, BastionZero's founders made a strategic decision to pivot away from the cryptocurrency industry[reference:26]. According to Sharon Goldberg, the cryptocurrency industry was "very small" at the time, and the team wanted the opportunity to build something that any engineer could use[reference:27].

Applying Cryptographic Expertise to Infrastructure

The pivot involved applying the same cryptographic security principles to a much larger problem: securing access to computer servers and infrastructure[reference:28]. The company built a zero-trust software platform designed to protect access to a company's infrastructure, eliminating the need for traditional VPNs, bastion hosts, and SSH and Kubernetes key management[reference:29].

The Cloudflare Acquisition

In May 2024, BastionZero was acquired by Cloudflare[reference:30][reference:31]. The acquisition brought BastionZero's technology and team into Cloudflare, where it is being natively rebuilt as Cloudflare Access for Infrastructure[reference:32].

Current status

As of 2026, BastionZero as a standalone product is not available for new customers. Organizations interested in the technology should explore Cloudflare Access for Infrastructure, which incorporates BastionZero's zero-trust principles.

Comparison: BastionZero vs. Traditional Infrastructure Access

The table below contrasts BastionZero's zero-trust approach with traditional infrastructure access methods like VPNs and bastion hosts.

Feature BastionZero / Cloudflare Access for Infrastructure Traditional VPN / Bastion Host
Security model Zero trust with short-lived tokens Perimeter-based with long-lived credentials
Single point of compromise Eliminated via multiple independent roots of trust Yes (the VPN or bastion host itself)
Credential lifetime Short-lived tokens (expire quickly) Long-lived SSH keys or passwords
MFA requirement Required for each access attempt Often only at initial login
Cloud-native Yes, designed for cloud and hybrid environments Often legacy, on-premise focused
Infrastructure targets Servers (SSH, RDP), Kubernetes, databases[reference:36] Limited to network-level access

Note: This comparison is based on BastionZero's documented architecture. Actual implementations may vary. Always verify current capabilities with the official provider.

Practical Checklist for Evaluating Zero-Trust Infrastructure Solutions

If you are evaluating zero-trust infrastructure access solutions (including Cloudflare Access for Infrastructure, which incorporates BastionZero's technology), use this checklist to assess your options.

  • Verify the security model. Does the solution use short-lived tokens and require MFA for each access attempt?[reference:37]
  • Check for single points of compromise. Does the architecture rely on a single root of trust, or does it use multiple independent roots?[reference:38]
  • Assess cloud compatibility. Is the solution designed for cloud-native and hybrid environments, or is it legacy on-premise software?[reference:39]
  • Evaluate supported infrastructure targets. Does it support the specific targets you need: servers (SSH, RDP), Kubernetes clusters, databases?[reference:40]
  • Review integration capabilities. Can it integrate with your existing identity provider (SSO) and logging systems?[reference:41]
  • Check the vendor's track record. Has the vendor been acquired or discontinued? (BastionZero's standalone product is no longer available for new customers.[reference:42])
  • Understand the deployment model. Is it a cloud service, or does it require self-hosting?[reference:43]
  • Review the pricing and licensing model. Are costs transparent and predictable for your organization's size?

Common Mistakes to Avoid with BastionZero-Related Technologies

Whether you are researching BastionZero's original crypto custody technology or its current zero-trust infrastructure solutions, here are common pitfalls to avoid.

Mistakes that can lead to confusion or risk
  • Confusing BastionZero with a cryptocurrency token. BastionZero is a technology company, not a blockchain project. Any "BastionZero token" listings on third-party sites are not official and should be treated with caution.
  • Assuming the original crypto custody product is still available. BastionZero pivoted away from cryptocurrency in 2020[reference:44]. The original product is maintained only for legacy customers[reference:45].
  • Overlooking the acquisition. BastionZero was acquired by Cloudflare in 2024[reference:46]. Organizations interested in the technology should look at Cloudflare Access for Infrastructure, not a standalone BastionZero product.
  • Ignoring the zero-trust principles. Simply using a VPN or bastion host is not equivalent to a zero-trust architecture. The security benefits come from the specific implementation (short-lived tokens, MFA, multiple roots of trust).
  • Failing to verify integration requirements. BastionZero's architecture relies on integration with your identity provider and targets[reference:47]. Ensure compatibility before committing.
Real-world scenario

Alex is a systems administrator looking to secure access to his company's Kubernetes clusters. He reads about BastionZero's zero-trust technology and searches for "BastionZero product." He finds a third-party site listing a "BastionZero token" with a market cap and price, and almost invests in it, thinking it's the company's native cryptocurrency.

What Alex should have done: He should have visited the official BastionZero website (www.bastionzero.com) or documentation (docs.bastionzero.com) to understand that the company does not have a token. He would have discovered that the standalone BastionZero product is no longer available for new customers and that the technology is now part of Cloudflare Access for Infrastructure[reference:48].

Lesson: Always verify information from official sources. Third-party cryptocurrency listings may be completely unrelated to the actual company.

Risk Warning โ€“ Understanding the Limitations

While BastionZero's technology offers significant security advantages, it is important to understand its limitations and the risks associated with any infrastructure access solution.

Important risk factors
  • No longer available as a standalone product. BastionZero's original product is maintained only for legacy customers[reference:49]. New users cannot sign up for BastionZero directly.
  • Technology integration in progress. BastionZero's technology is being natively rebuilt into Cloudflare Access for Infrastructure[reference:50]. Some features may still be in development or differ from the original implementation.
  • Dependency on Cloudflare. Organizations adopting the technology are committing to Cloudflare's ecosystem, which may not be suitable for all use cases or regulatory environments.
  • Implementation complexity. Zero-trust architectures require careful planning, integration with identity providers, and ongoing management. Misconfiguration can create security gaps.
  • Third-party token confusion. Unaffiliated third parties may list "BastionZero" tokens. These are not official and could be scams[reference:51].
  • Regulatory considerations. Depending on your jurisdiction and industry, using a cloud-based zero-trust solution may have data sovereignty or compliance implications.

This guide provides educational information only. It is not financial, legal, or tax advice. Always conduct your own research and consult with qualified professionals before adopting any security solution or making investment decisions.

Frequently Asked Questions

Quick answers to common questions about BastionZero and its related technologies.

What is BastionZero?

BastionZero is a cybersecurity company that originally focused on allowing traders to maintain custody of their coins while trading on an exchange. It later pivoted to zero-trust infrastructure access and was acquired by Cloudflare in 2024[reference:52][reference:53].

Does BastionZero have a cryptocurrency token?

No. BastionZero is a technology company, not a cryptocurrency project, and does not have a native token[reference:54]. Some third-party sites list a "BastionZero" token, but this is not an official project from the company and should be treated with caution.

What is the MRZAP protocol?

MRZAP (Multi-Root Zero Trust Access Protocol) is a cryptographic protocol developed by BastionZero that provides secure "bastion as a cloud service," eliminating single points of compromise in infrastructure access[reference:55].

Why did BastionZero pivot away from cryptocurrency?

The cryptocurrency industry was relatively small, and the founders wanted to build a product that any engineer could use. They applied their cryptographic expertise to the broader problem of securing access to servers and infrastructure[reference:56].

What happened to BastionZero?

In May 2024, BastionZero was acquired by Cloudflare[reference:57]. Its technology is being natively rebuilt as Cloudflare's Access for Infrastructure service, a Zero Trust Network Access (ZTNA) solution[reference:58].

Is BastionZero still available for new customers?

The original BastionZero product is maintained only for existing legacy customers[reference:59]. New customers are directed to Cloudflare's Access for Infrastructure service, which integrates BastionZero's technology[reference:60].

What is zero-trust security?

Zero-trust security is a model where clients do not have standing credentials. Each time a user wants to access a target, they must prove their identity via SSO and MFA, receiving a short-lived token that expires quickly, limiting attack surfaces[reference:61].

Who founded BastionZero?

BastionZero was founded by Sharon Goldberg and Ethan Heilman[reference:62]. Goldberg is an associate professor of computer science at Boston University[reference:63], and Heilman is a cryptologist with a Ph.D. from Boston University[reference:64].