Virtru Adds Object-Level ABAC Governance to Cloudflare R2

Virtru said its Data Security Platform added object-level data governance for sensitive data stored in Cloudflare R2. The company said the update uses granular access control to reduce reliance on bucket-level permissions while keeping control tied to individual objects.

R2 provides bucket-level access for S3-compatible object storage, which means access to a bucket lets users see everything inside it. Virtru said organizations have historically addressed that limitation by creating multiple buckets, which can add complexity and leave governance gaps between buckets.

Virtru said its integration applied Trusted Data Format (TDF) encryption and Attribute-Based Access Control (ABAC) at the individual object level in Cloudflare R2. The company said objects stored in R2 carry cryptographically enforced access policies, so access to plaintext depends on whether requesting users or systems satisfy an object’s ABAC policy, with the policy enforced for real-time operations.

Virtru said the platform supported governed operations that include searching, analyzing, querying, or accessing sensitive data with continuous enforcement based on requesting-user attributes, along with access revocation and audit logging across access events. “Securing data at rest has never been a hard problem,” said John Ackerly, CEO and Co-Founder of Virtru. “The hard problem is governing what happens to sensitive data once it's put to work — searched, analyzed, queried, or accessed by AI tools and automated workflows. Data owners shouldn't have to choose between the operational and economic benefits of modern cloud storage and the ability to govern their most sensitive data. Now, with the Virtru Data Security Platform and Cloudflare R2, they no longer have to.”