SKYDEFENDED

Zero Trust File Access

S3 Zero Trust Access

Disponible
v2.3.0
Zero TrustS3Identity-based AccessIAMLeast PrivilegePrivate AccessNo Public ExposureCloud SecurityAWSSecure Data Access

Provides direct, identity-enforced access to S3 by eliminating public exposure, proxies, and network-based trust models

Solicitar accesoVer todos los productos

El hueco que cerramos

S3 Zero Trust Access is a multi-tenant platform that redefines how access to object storage is controlled. Traditional S3 access models rely on public exposure, static IAM policies or network-based controls, and once access is granted it is rarely re-evaluated, creating blind spots and increasing risk.

S3 Zero Trust Access removes this implicit trust model by enforcing access through identity, context and policy instead of network location. Every request is evaluated before access is granted and continuously validated over time, eliminating static permissions and reducing attack surface.

Control Planes

The platform is built on two logical planes:

AdminNet manages tenant lifecycle, platform IAM with OWNER, ADMIN, VIEWER and SUPPORT roles, fine-grained permissions, SSO federation using OIDC and SAML 2.0, and centralized audit logging.

TenantNet provides an ABAC-based policy engine that enables precise control over:

  • Buckets and prefixes
  • Allowed operations
  • Time windows
  • IP and CIDR restrictions
  • File extension policies
  • Session TTL
  • Device posture and anomaly thresholds

Security & Compliance

Compliance modes can be enforced per tenant, aligning access policies with frameworks such as ENS and NIS2. All sensitive credentials are stored using AES-256-GCM encryption.

The platform runs on Kubernetes with secure ingress and enables direct access to S3 without proxies or public exposure.

Road Ahead

Future capabilities include a desktop agent for identity-bound access and a gateway mode with real-time push-based revocation.

The result is a shift from static permissions to continuous, identity-driven control, enabling a true Zero Trust model for S3.

Compliance mapping

ENSCCN-STIC-804
op.acc.1op.acc.4op.acc.5op.acc.6op.mon.1op.mon.2mp.com.3mp.si.2mp.si.3org.1org.2
68%
NIS2Art. 21
Art.21.2.aArt.21.2.bArt.21.2.eArt.21.2.hArt.21.2.iArt.21.2.j
78%
ISO 27001Annex A (2022)
A.5.15A.5.16A.5.17A.5.18A.8.1A.8.2A.8.3A.8.5A.8.24
52%
GDPRRegulation (EU) 2016/679
Art.5.1.fArt.25Art.32Art.33Art.35
55%
NIST SP 800-207Zero Trust Architecture
ZTA-IdentityZTA-DeviceZTA-NetworkZTA-ApplicationZTA-DataZTA-Analytics
65%
NIST CSF 2.0NIST Cybersecurity Framework
GV.OCPR.AAPR.DSPR.IRDE.AEDE.CM
50%
DORARegulation (EU) 2022/2554
Art.5Art.9Art.10Art.13Art.28
30%
CIS Controls v8CIS Critical Security Controls
CIS-3CIS-5CIS-6CIS-8CIS-12CIS-16
55%
ENS
68
NIS2
78
ISO 27001
52
GDPR
55
NIST SP 800-207
65
NIST CSF 2.0
50
DORA
30
CIS Controls v8
55

Hoja de ruta

01

M1 — Core Infrastructure & Auth

DONE
02

M2 — AdminNet — Platform Control Plane

DONE
03

M3 — TenantNet — Tenant Portal & S3-ZT Profile Engine

DONE
04

M4 — Desktop Agent (Tauri) + S3-ZT Direct Mode

PLANNED
05

M5 — S3-ZT Gateway Mode + Push Revocation

PLANNED

¿Listo para protegerte con S3 Zero Trust Access?

Provides direct, identity-enforced access to S3 by eliminating public exposure, proxies, and network-based trust models

ContactarVer todos los productos