Zero-trust architecture with OIDC authentication, role-based access control, and hardware-level isolation. Compliance-ready with automatic audit logging, encryption, and enterprise-grade security controls.
Security Overview Compliance GuideZBlox Platform implements a comprehensive zero-trust security model where no user, device, or service is trusted by default, regardless of network location. Every access request is verified, authenticated, and authorized based on multiple factors.
Security controls are embedded at every layer of the platform architecture, from hardware-level isolation through application-level authorization, ensuring that security enhances rather than hinders platform capabilities.
Multiple independent security layers provide protection against threats at every level of the infrastructure stack. From network isolation through container hardening, each layer provides independent security controls.
This approach ensures that no single point of failure can compromise the overall security posture, while automated threat detection and response capabilities provide real-time protection against emerging threats.
Service functions run in isolated Kata QEMU micro-VMs, providing superior security boundaries compared to traditional container approaches. This hardware-level isolation ensures complete separation between workloads.
Each function execution environment is completely isolated with dedicated memory, CPU, and network resources, preventing any possibility of cross-contamination or data leakage between different applications or tenants.
Standard OpenID Connect authentication with support for multiple identity providers including Active Directory, Google, Microsoft, and custom OIDC providers.
Hierarchical RBAC model with fine-grained permissions at system, service, data, and topic levels. Real-time permission evaluation and dynamic access control.
Comprehensive encryption at rest and in transit using enterprise-grade encryption algorithms with automated key management and rotation policies.
Comprehensive audit trail of all system activities including user actions, data access, configuration changes, and security events for compliance and forensics.
Zero-trust network architecture with micro-segmentation, intrusion detection, DDoS protection, and comprehensive network monitoring and analysis.
Real-time threat detection and automated response capabilities with machine learning-based anomaly detection and security incident management.
Secure, standards-based authentication with seamless user experience
User authenticates through OIDC provider with optional MFA
Platform validates JWT signature and claims
Extract user identity, roles, and permissions
Associate validated context with user session
Enforce permissions at every resource access
Security controls are automatically integrated into every service function
// Security is transparent to developers
public class OrderService
{
private readonly IDataStore dataStore;
private readonly IAuthorizer authorizer;
// Function automatically receives validated user context
public async Task<Order> GetOrder(string orderId)
{
// Automatic permission checking
if (!await authorizer.HasPermission(
UserContext.UserId, "data:orders:read", "orders", orderId))
{
throw new UnauthorizedException("Access denied to order");
}
// Data access with row-level security
var order = await dataStore.GetById("orders", orderId);
// Automatic audit logging
await auditLogger.LogAccess(
UserContext.UserId, "order_accessed", orderId);
return order;
}
public async Task<Order> UpdateOrder(string orderId, UpdateOrderRequest request)
{
// Role-based authorization
if (!UserContext.HasRole("order-manager") &&
!await authorizer.HasPermission(UserContext.UserId,
"data:orders:write", "orders", orderId))
{
throw new UnauthorizedException("Cannot modify order");
}
// Update with automatic encryption and audit trail
var updated = await dataStore.Update("orders",
Query.Where("id", orderId), request);
return updated;
}
}Built-in support for major compliance frameworks and regulatory requirements
Comprehensive controls for security, availability, processing integrity, confidentiality, and privacy.
Data protection controls including right to erasure, data portability, and consent management.
Healthcare compliance with PHI protection, access controls, and audit logging requirements.
Payment card industry compliance with secure cardholder data handling and processing.
Information security management system controls and continuous security improvement processes.
Financial reporting controls with automated audit trails and access management for public companies.
Unified security model across all platform components eliminates the complexity of managing authentication and authorization across multiple services. Single point of configuration for access control, audit logging, and compliance requirements.
Security controls scale automatically with platform growth while maintaining consistent protection. Development teams get enterprise-grade security without requiring specialized security expertise or complex integration work.
Security integration is transparent to service function developers. Authentication, authorization, and audit logging work automatically without custom security implementation, allowing teams to focus on business logic.
Built-in security controls prevent common vulnerabilities like injection attacks, unauthorized access, and data leakage through platform-level protection rather than requiring per-application security measures.
Protect your applications and data with comprehensive, zero-trust security architecture
Security Assessment Compliance Documentation