Global Fintech Company

“Pomerium just feels like magic.”

CTO, Security Architect

Centralizing Access Control for Hundreds of Legacy Applications

The client’s environment is almost entirely on-premise, running on bare metal across decades-old data centers; while also containing the legacy baggage of dozens of acquisitions made over a 40-year time period. Many internal apps were designed long before modern identity standards, creating a patchwork of brownfield deployments that mixed legacy protocols with newer web-based services. These hybrid application patterns made it difficult to apply consistent authentication and authorization controls. 

To improve security posture org-wide, security leaders needed a way to centralize policy enforcement across thousands of internal resources without forcing every team to refactor applications or rely on fragile VPN and firewall rules.

“I don’t want to give a non-employee VPN connectivity into my network. With Pomerium, I can give them a route to just the one site they need to do their job — nothing more.”

CTO, Security Architect

Clientless, Web-based Access for Thousands of Users

This global fintech company began by standardized internal web access behind Pomerium’s identity-aware proxy. Teams then enforced policy-as-code via sophisticated certificate controls, clientless SSO and mTLS, centralizing authorization at Layer 7 and reducing reliance on Layer 4 VPN.

“Every single person had their mouth open the first time they saw it. We went from zero to 3,500 users in under a year — and no one wants to go back.”

CTO, Security Architect

As usage of Pomerium grew, the client secured  300 internal web apps, many of which previously lacked even basic authentication, and expanded their user count from the initial POC group to 10,000 users. Pomerium was able to provide this client with a scalable, low-level policy-as-code framework as well as a robust and performant reverse proxy that enabled fine-grained control while meeting the requirement of maintaining a self-hosted model.

“The move to Pomerium wasn’t optional. People saw it and said: I’m not going back to VPN.”

CTO, Security Architect

Key Outcomes and Technical Specifications

With Pomerium, the team:

• Secured 300+ internal applications via web-based access, behind a clientless, Layer 7 proxy with mTLS enforcement

• Eliminated day-to-day VPN access requirements for staff, reducing support burden and improving security posture

• Scaled to 10,000 users operating on 6 continents, validating operational maturity at scale

“The selling point is: you open your computer and just start working, like your home computer. No VPN nonsense, no typing in codes, no tunnels disappearing.”

CTO, Security Architect