How 8gears uses Pomerium to secure cloud-native apps and ditch their VPN
Vadim Bauer has worked in IT for over two decades. He started his first company at 14, and now runs his most recent venture 8gears.
8gears enables SaaS companies to develop and deliver cloud applications. Their recently released product, SaaS Factory, provides companies with the building blocks necessary to accelerate their SaaS and cloud transformations. 8gears also consults SME’s and large enterprises, applying their expertise to help developer teams build and scale secure applications in cloud-native environments.
8gears was drawn to Pomerium about a year ago when they started migrating to Kubernetes and a cloud-native environment. After beginning to integrate cloud-native apps such as Grafana and Elastic Search, it became apparent that reinventing the authentication and authorization wheel for every app would be extremely inefficient. 8gears wanted a consistent user flow for all their internal applications instead of having to individually manage authentication, authorization, and access controls across multiple endpoints. 8gears also wanted to decouple authorization and authentication, ensuring that the authorization logic is always separate from the application itself. Finally, 8gears desired a more secure and reliable option than a traditional VPN for remote access.
Choosing The Right Tool
8gears – and Vadim specifically – has had experience with many authentication and authorization solutions before settling on Pomerium. Vadim has used Gatekeeper as a reverse proxy, CloudFront from Amazon to enforce authorization at the edge, and Ory for its user management and identity-aware proxy capabilities. So why Pomerium? Vadim says of Pomerium’s differentiators:
It’s the capabilities, the authentication and authorization concepts that are built-in, and the auth providers to choose from – this is something that’s unique among the reverse-auth proxies that are there.Vadim Bauer, Co-founder of 8gears
Pomerium is now an integral part of 8gears’ security portfolio. Working in tandem with their identity provider (IdP) of choice, Auth0, Pomerium enables 8gears to enforce centralized access management and least-privilege policy, integrate with additional security layers such as multi-factor authentication (MFA), and avoid security and connectivity issues they were experiencing with their VPN.
Now that Pomerium has been integrated with 8gears’ internal apps, there has been little ongoing maintenance required. With Pomerium delegating access controls in the background, Vadim can focus on leading his team at 8gears, developing his own product, and serving his clients. Vadim now suggests using Pomerium as the de-facto authentication and authorization solution for any new application he develops, both internally and for the companies he works with.
Looking ahead, Vadim has started ideating about how to design future business applications leveraging Pomerium. Some early ideas include using Pomerium to provide more advanced authorization concepts by having Pomerium act as a policy enforcement point for apps that generate their own dynamic access policy based on Open Policy Agent (OPA). Vadim is also looking forward to trying out the new features in Pomerium’s up-coming enterprise version, which will include streamlined configuration, centralized management dashboards, and support for Kubectl – a feature Vadim is particularly interested in. A huge thank you to 8gears and Vadim for their support of Pomerium. If you would like to check out 8gears’ new product, SaaS Factory, click here.