Never trust. Always verify.
Identity, everywhere.
Every connection into an Ultiblob workload terminates at an identity policy decision — never inferred from network position. The architecture below is what HIPAA, PCI, and SOC 2 auditors actually want to see, by default, on every tier.
Six layers, one policy decision point.
Identity is the perimeter. Every layer checks the same policy, signed by the same identity provider, audited at the workload boundary.
- 01Identity
Entra ID for human identity, workload identities for services. SSO mandatory; no shared credentials, ever. Conditional access by device posture, geography, and risk score.
- 02Access broker
Browser-mediated SSH and VM access through our bastion service — short-lived certificates, no standing keys. Every session signed against a specific user × VM × window.
- 03Network
Per-tenant private network with microsegmentation per workload. No flat networks, no implicit east-west trust. Traffic between services authenticates by identity, not IP.
- 04Workload
Single-tenant compute with measured boot, encrypted disks (AES-256), and customer-held keys available on regulated tiers (BYOK/HSM-backed).
- 05Data
Encryption at rest + in transit (TLS 1.3). Per-tenant key separation. PHI, PCI, and regulated workloads have BYOK as the default, not the upsell.
- 06Observability
Every privileged action is logged at the workload boundary — not relying on perimeter logs. Compliance evidence is on-tap, not a project.
Each layer enforces the same identity-based policy decision. A compromise at one layer does not grant access at the next.
What “zero-trust” actually means here.
Aligned to NIST SP 800-207. Implemented as defaults — not add-ons, not consulting projects.
Verify explicitly, every request
Identity is checked at every hop — never inferred from network location. The workload doesn't trust its neighbor just because they share a VLAN.
Assume breach, contain blast radius
Every workload runs as if the perimeter is already compromised. Microsegmentation per tenant + per service contains a single breach to a single blast.
Least privilege, by default
Standing access doesn't exist. Privileges are issued just-in-time, scoped to a single action, signed, time-bound, and recorded.
Continuous verification
Identity is re-verified through the session, not just at login. Anomalous behavior revokes the session without a human-in-the-loop.
Identity-everywhere, not perimeter-first
Network position grants nothing. Every connection — from a developer laptop, from a VM, from a managed service — terminates at an identity policy decision point.
Audit at the workload, not just the edge
Logging captures the action and the actor at every layer. Compliance evidence is a query, not a quarterly fire drill.
What changes when identity becomes the perimeter.
Side-by-side: the assumptions you grew up with, vs. the assumptions Ultiblob ships with.
| Legacy perimeter | Ultiblob zero-trust |
|---|---|
| Login once to the corporate VPN; you're trusted on the network | Login is one signal. Device posture, geography, and behavior keep verifying through the session. |
| Engineers SSH to bastions, then jump to VMs with shared keys | Browser-mediated SSH via short-lived certs issued by identity, audited at the connection, no keys on disk. |
| Internal services trust each other by IP | Every service-to-service hop authenticates by identity. Microsegmentation contains the blast radius. |
| Compliance evidence is a quarterly screenshot exercise | Audit logs flow continuously from every workload. Evidence is a query. |
| Vendor accesses your data with their key custody | Customer-held keys (BYOK/HSM-backed) on regulated tiers — the vendor cannot read at rest. |
What zero-trust looks like for your industry.
Healthcare
PHI never crosses an implicit trust boundary. Every read is identity-scoped, time-bound, and audited at the EHR query layer — not at the VPN edge.
Finance & tax
Every privileged action against tax-prep software is signed against an Entra identity with conditional access. Auditor evidence is a query, not a quarter.
AI startups
Workload identities sign every inference call. Model weights and embeddings sit in customer-key-encrypted storage; the platform cannot decrypt them.
Frequently asked.
- What does 'zero-trust' actually mean at Ultiblob?
- Three things. (1) No implicit trust by network location — being inside the perimeter doesn't grant access. (2) Identity is verified at every hop, not just at login. (3) Privileges are scoped just-in-time and audited at the workload. The combination eliminates the categories of breach that a perimeter-trust model leaves wide open.
- Do I need to be 'all-in' on zero-trust to host with Ultiblob?
- No. The platform defaults to zero-trust posture; legacy workloads can run alongside while you migrate identity-first patterns at your pace. We've migrated multi-app estates from VPN-dependent to identity-everywhere over 30-90 days.
- Is this just marketing for what every cloud has?
- Hyperscalers offer zero-trust as add-ons you have to assemble — identity, access broker, microsegmentation, KMS, SIEM, each priced separately. Ultiblob ships them as defaults, in one bill, on dedicated tenancy. The architecture is the product, not an upsell.
- How does this map to NIST SP 800-207?
- Ultiblob's reference architecture aligns to NIST SP 800-207 Zero Trust Architecture, with the Policy Decision Point (PDP) implemented across Entra ID + workload-identity tokens, and Policy Enforcement Points (PEPs) at the access broker, network segmentation, and workload-identity verification layers. Mapping document available under NDA from /trust/center.
- What about VPNs?
- VPNs are still useful for legacy systems that haven't moved to identity-everywhere yet. We support them when needed, but every new workload is built without one — and we migrate customers off VPN dependence as part of repatriation engagements.
- Where can I see the architecture?
- Request the Zero-Trust Architecture Whitepaper from /trust/center. It includes the reference architecture, the policy decision flow, the BYOK key custody model, and the audit-evidence catalog.
Move your perimeter from the network to the identity.
Free 30-minute zero-trust posture review with a senior engineer. We map your current architecture, identify the highest-risk gaps, and return a phased migration plan.