Virtru Data Security Platform enforces granular, attribute-based access control on sensitive data objects in Cloudflare R2, eliminating the forced choice between data utility and data security
WASHINGTON, D.C. —April 9, 2026— Virtru, the leader in data-centric security, today announced that its Data Security Platform now delivers object-level data governance to Cloudflare R2 cloud storage. The integration enables organizations to enforce cryptographic, attribute-based access policies on individual objects stored in R2, transforming a single storage bucket into a governed repository where different files carry different access rules, enforced by the data itself.
As a result, organizations can store, search, analyze, and connect AI tools to their most sensitive data in Cloudflare R2 while retaining persistent, granular control over every object — ensuring only authorized individuals and systems can access sensitive data, regardless of location or application.
Shifting Access Control from the Bucket Level to the Data Level
Like all S3-compatible object storage, Cloudflare R2 governs access at the bucket level. Everyone with access to a bucket can see everything inside it. Organizations have historically worked around this limitation by proliferating buckets — creating separate buckets for different sensitivity levels, different departments, and different regulatory regimes. The result is architectural complexity that drives up cost, slows operations, and creates data silos with governance gaps.
The Virtru Data Security Platform eliminates that tradeoff. With Trusted Data Format (TDF) encryption and attribute-based access control (ABAC) applied at the individual object level, a single R2 bucket can hold objects with entirely different governance profiles. A finance analyst and an engineering lead can both access the same bucket, but each can only open the files for which they are authorized. Contracts, engineering specifications, research data, and compliance records coexist in a single repository, each governed by its own policy and enforced cryptographically by the data itself.
From Protected Storage to Governed Operations
“Securing data at rest has never been a hard problem, " said John Ackerly, CEO and Co-Founder of Virtru. “The hard problem is governing what happens to sensitive data once it's put to work — searched, analyzed, queried, or accessed by AI tools and automated workflows. Data owners shouldn't have to choose between the operational and economic benefits of modern cloud storage and the ability to govern their most sensitive data. Now, with the Virtru Data Security Platform and Cloudflare R2, they no longer have to.”
Because every object in R2 now carries its own cryptographically enforced access policy, the Virtru Data Security Platform enables organizations to move beyond static storage protection into governed operations where sensitive data can be actively searched, analyzed, and acted upon while policy enforcement remains continuous and granular. Every operation is evaluated in real time against the requesting user's attributes and enforced by the object's own TDF-wrapped policy. Governance doesn't depend on the application, the network, or the storage provider. It travels with the data.
Why Cloudflare R2
R2's zero egress fees make object-level governance especially practical. When data retrieval incurs no transfer costs, real-time policy evaluation adds no compounding overhead. Organizations get the storage economics they chose R2 for — plus the ability to commingle data with different sensitivity levels in the same repository, each object individually protected, revocable at any time, and auditable across every access event. Cloudflare secures the network and infrastructure. The Virtru Data Security Platform secures the data itself.
Virtru + Cloudflare: Complementary Security Architecture
R2 and the Virtru Data Security Platform operate at complementary layers of the security stack:
- Infrastructure layer (Cloudflare): Encryption at rest and in transit, DDoS protection, global distribution across 330+ data centers, S3-compatible API, and native Workers integration for edge compute
- Data layer (Virtru): Object-level TDF encryption, attribute-based access control, real-time policy enforcement, access revocation, and comprehensive audit logging across every access event
TDF encryption ensures that objects stored in R2 remain cryptographically protected even at rest — Cloudflare infrastructure cannot decrypt the contents. Only users, systems, or applications whose attributes satisfy the object's ABAC policy can access the plaintext. Data sovereignty stays with the data owner, not the storage provider.
Now Available to Early Adopters
The integration is available now through an early adopter program. Organizations interested in deploying object-level data governance across their Cloudflare R2 environments can learn more at virtru.com/data-security-platform or contact their Virtru account representative.
About Virtru
Virtru empowers organizations to unlock the power of data while maintaining control wherever it's stored and shared. Trusted by over 6,000 organizations across the public and private sectors — including JPMorganChase, Equifax, Capital One, Salesforce, and the U.S. Department of Defense — Virtru's Data Security Platform has created a new paradigm in data-centric security, where protection travels with the data itself rather than relying on traditional perimeter defenses. Built on the Trusted Data Format (TDF), an open standard, the platform embeds access policies directly into the data and enforces them at every point of interaction. To learn more, visit virtru.com.
