Role-Based Access to Applications

Reduces Scope of Trust for Users

Shrinks Enterprise Attack Surface

Elastic Security that Follows Users, Shrinks Attack Surface

Application access control has been reinvented. Now you can extend enterprise applications to any users on any devices in any location without increasing data breach risk.

The Certes Zero-Trust Security (ZTS) Platform provides powerful Role-Based Access Control for all your users.

It enforces “Need to Know” access to only the applications your users need to do their jobs. Certes’ solutions enable adoption of modern security architectures such as the Software-Defined Perimeter (SDP).

You alone are in control of security. The ZTS Platform enables you to “Bring Your Own Trust” and not be dependent on application-specific VPNs or messy device-based security.

  • Real-time enforcement of application access control for all users based on roles
  • Automatically learns roles from your directory or IAM system
  • One point of control for all users and applications in all enterprise environments
  • Simple scaling to thousands of users
  • Supports iOS, Windows, Android, Mac
  • Segments and isolates user-to-app, North-South traffic with AES-256-GCM encryption
  • Virtual trust overlays called CryptoFlows protect each application with strong encryption
  • Fully decoupled from infrastructure so one team is in control
  • Blocks hacker lateral movement to contain breaches when firewalls are compromised
  • Patented policy engine proven in nearly 20 years of successful IT security implementations

How It Works

CryptoFlow® Creator

Simple, point-and-click creation of trust policies

Central creation and management of high scalability group keying

Role-based application access control determines which users can access which applications based on roles

Determines how enterprise data traffic should be protected on networks or Clouds

CryptoFlow® Enforcer

Software-based policy enforcement module

Plugs into network, data center, cloud, remote office or other location

Inspects traffic, isolates applications, enforces access control

Encrypts traffic with patented high scalability cryptographic key management technology

Additional Resources


  • Single Platform: Consistent, persistent protection for applications across Data Center, Cloud, LAN, WAN, Mobile, Internet
  • 100% Software-Defined: No network or application changes
  • Bring Your Own Trust: Unique keying and policy engine re-aligns trust around keys, user identity & credentials in your control
  • Reduced Scope of Trust: Enforces “Need to Know” architecture with role-based access control, limiting user or location access only to needed applications
  • Cryptographic Segmentation: Cryptographically isolates each application using AES-256-GCM encryption
  • High-Agility Security: Point-and-click security provisioning for accelerated application roll out to more users
  • Zero Trust with Zero Impact: Implement modern Zero Trust security with no changes to applications or network

Bring Your Own Trust – Get Started Today