StrongDM describes itself as a control plane to manage and monitor access to databases, servers, and Kubernetes. The tool simplifies user management in your existing SSO and keeps the underlying credentials and keys hidden from end users. It provides clear auditing logs for all database queries, complete SSH and RDP sessions, and kubectl activity.
StrongDM is a tool designed to secure applications and services that have difficulty with good security hygiene.
| StrongDM | Pomerium | |
|---|---|---|
| Context-aware gateway | ||
| Tunnel | ||
| Client | Required for all machines, devices and protocols. | Not required for HTTP-based services. |
| Continuous authorization | No. Access is delegated on a per connection basis. | Yes, every single request is authentication and authorized. |
| Device identity | Yes, via fingerprinting. | Yes, with WebAuthn. |
| Open Source | ||
| Data tenancy & privacy | Expansion of information boundary. | You have full control over your data and information. |
| Integrates with multiple Identity Providers | ||
| Latency | Good. | Best. Deployed at edge, no latency or bandwidth costs. |
| Policy Descriptions | Can only support simple rules. | Can support complex rules. |
| Layer | 4 | 7 |
| Audit logs | Session replays and query history for TCP services. | Each request creates an identity and context enriched audit entry. |
| TCP Session Recording |
You can use StrongDM with Pomerium to ensure your servers and services are protected.
