On April 9, 2026, Virtru announced integration between its Data Security Platform and Cloudflare R2 object storage. The move enables organizations to enforce cryptographic, attribute-based access policies on individual objects—transforming a single storage bucket into a governed repository where different files carry different access rules. This represents a significant advancement in cloud storage security, addressing long-standing challenges in data governance.
The Problem with Bucket-Level Governance
Traditional S3-compatible object storage governs access at the bucket level. Anyone with bucket access can see everything inside. Organizations have historically worked around this by proliferating buckets—creating separate containers for different sensitivity levels, departments, and regulatory regimes. This approach has created significant operational overhead.
The result: architectural complexity driving up costs, slowing operations, and creating data silos with governance gaps. Each new bucket requires its own access controls, monitoring configurations, and compliance documentation. Multiplication of storage endpoints creates management headaches that compound as organizations scale their data operations across multiple cloud providers and regions.
Object-Level Protection with TDF
Virtru’s solution applies Trusted Data Format (TDF) encryption and attribute-based access control (ABAC) at the individual object level. A single R2 bucket can now hold objects with entirely different governance profiles—a finance analyst and engineering lead can access the same bucket, but each can only open files for which they’re authorized.
Contracts, engineering specifications, research data, and compliance records coexist in a single repository, each governed by its own policy and enforced cryptographically by the data itself. This granular control eliminates the need for bucket proliferation while maintaining strict separation between data with different sensitivity levels.
Why R2 Makes This Practical
Cloudflare R2’s zero egress fees make object-level governance especially practical. When data retrieval incurs no transfer costs, real-time policy evaluation adds no compounding overhead. Organizations get the storage economics they chose R2 for—plus the ability to commingle data with different sensitivity levels.
Each object is individually protected, revocable at any time, and auditable across every access event. The combination of Virtru’s policy engine with R2’s cost structure creates a compelling value proposition for organizations managing sensitive data at scale.
Complementary Security Architecture
The integration operates at complementary layers, providing defense in depth for cloud storage security:
- Infrastructure layer (Cloudflare): Encryption at rest and in transit, DDoS protection, global distribution across 330+ data centers, S3-compatible API
- Data layer (Virtru): Object-level TDF encryption, ABAC, real-time policy enforcement, access revocation, comprehensive audit logging
TDF encryption ensures objects remain cryptographically protected even at rest—Cloudflare infrastructure cannot decrypt the contents. Only users or systems whose attributes satisfy the ABAC policy can access plaintext. Data sovereignty stays with the data owner, not the storage provider.
Use Cases and Applications
This integration enables several key use cases for modern data governance. Organizations can safely store sensitive customer data alongside public datasets in a single repository. Research teams can collaborate across organizational boundaries with fine-grained access controls. Compliance teams can enforce retention and deletion policies at the object level, simplifying audits and reducing risk.
Availability and Next Steps
The integration is available now through Virtru’s early adopter program. Organizations can store, search, analyze, and connect AI tools to sensitive data in Cloudflare R2 while retaining persistent, granular control over every object. As data residency and sovereignty requirements become increasingly important, this approach offers a path forward for global organizations managing distributed teams and data.
Sources
- Virtru Brings Object-Level Data Governance to Cloudflare R2 Cloud Storage (GlobeNewswire, April 9, 2026)
- Virtru Data Security Platform documentation
- Cloudflare R2 documentation and pricing information