CITRICLOUD — Building Digital Experiences
Zero-trust networking on CITRICLOUD
Security14 Jul 20267 min

Zero-trust networking on CITRICLOUD

Stop trusting the LAN. How we authenticate every hop with identity-aware networking and deny-by-default paths.

MK

Mira Kovacs

Security Engineering

ShareXLinkedInEmail

Perimeter-only security fails the moment a single compromised credential lands inside the network. Zero trust flips the default: authenticate and authorize every request, every time.

What we enforce

  • Identity before connectivity for operator and tenant paths
  • Least-privilege routes between namespaces and services
  • Forward-auth on sensitive edges so anonymous probing dies early
  • Audit trails that show who reached what, and when

Pair this with Authelia and Keycloak and you get a coherent story: network posture and identity posture reinforce each other.

Thoughts on this article?

Tell us what to cover next — or ask a question about running on CITRICLOUD.

Related articles

Identity by default
Security8 min

Identity by default

How Authelia and Keycloak protect every surface — and why we refuse to treat auth as an optional plugin.

MK

Mira Kovacs

Keycloak SSO for tenants
Security9 min

Keycloak SSO for tenants

Enterprise buyers expect SSO on day one. How we wire Keycloak so each tenant can bring their IdP without fracturing the platform.

MK

Mira Kovacs

A SOC2-minded edge
Security7 min

A SOC2-minded edge

WAF, HSTS, rate limits, and forward-auth — the middleware stack we put in front of public endpoints.

MK

Mira Kovacs

Newsletter

Platform notes in your inbox

Product updates, architecture write-ups, and security notes — no spam, unsubscribe anytime.

By subscribing you agree to our Privacy policy.