Security overview
The answer for your customer's IT department.
Every deal in this market hinges on one question: "what does this do to our network?" This page is written to be handed straight to the security team that has to approve it.
In one sentence: ProxyPass adds a single outbound, TLS-encrypted connection from one machine — no listening port, no inbound rule, nothing new to scan — and exposes only the access explicitly granted per node and per group.
What your IT department actually sees
After install, the node opens one outgoing TLS connection to ProxyPass and keeps it alive. To a firewall or monitoring tool this looks like any application checking in for updates: outbound 443, encrypted, to a known endpoint. There is no inbound connection to the customer network at any point.
Outbound only, by design
The node never listens. It cannot be reached from the outside because it exposes no port and accepts no inbound connection. All access rides back down the connection the node itself established. That means no port forwarding, no firewall exception, and no new attack surface on the customer network.
End-to-end encrypted
All tunnel traffic is TLS encrypted in transit. Data is protected from the node to the platform and on to you; it never travels the tunnel unprotected.
EU hosted, GDPR compliant
Infrastructure is hosted in Germany and data stays within the EU. ProxyPass is built for GDPR compliance from the ground up — not a US cloud with an EU label bolted on. The operating company is QSP – Qualitäts Software Pollerspöck, based in Austria.
Least privilege: ingress & egress control
Access is not all-or-nothing. You define exactly what each node may reach and what may reach it, with rules set per node and per group. The default is to grant only what a given integration needs — least privilege enforced right at the tunnel, not left to the network.
Dedicated infrastructure at scale
For larger deployments, groups above 500 nodes can run on their own isolated server, with capacity up to 1 Gbit/s, on request. This keeps high-volume customers physically separated from shared infrastructure.
Independently verified
You don't have to take our word for it. ProxyPass maintains a public, independently verified security report — no NDA and no sales call required to read it.
Questions from a security review?
Start a pilot or book a 15-minute call — we're happy to walk your customer's IT team through the architecture directly.