Pomerium enables Optoro to scale global logistics and assert compliance

Optoro’s pursuit of SOC 2 certification and migration to Kubernetes prompted a search for VPN alternatives to improve employee experience, integrate with Google Workspaces, and bring consistent authentication and authorization across their internal application offerings. By adopting Pomerium, Optoro achieved:

  • Transparency and accountability in their security practices
  • Granular authorization control
  • Least-privileged model

Enhanced employee experience

More seamless authorization experience; greater flexibility without sacrificing security.

Seamless Single Sign-On integration

Works with Google Workspace (Formerly GSuite) and Google Groups.

Tightened Compliance

Context-aware authentication and authorization paves the road toward SOC 2 compliance.

Zach Dunn
CISO
“We can confidently tell clients and auditors: ‘we only give people access to the things they need.’ How we prove that is we can pull up the Pomerium configuration and say… ‘this team has access to these resources.’”

Zach Dunn is the Senior Director of Platform Operations and CISO at Optoro. Previously, Zach has held positions as a web support engineer, site reliability engineer, Linux systems engineer, manager systems operations, and director of DevOps.

Spencer Gilbert is an Infrastructure Engineer on the Devops team at Optoro. His primary responsibilities include handling on-premise hardware, cloud infrastructure, and Kubernetes clusters.

Company Background

Optoro is a returns technology company that connects a seamless online returns experience with efficient supply chain processing and resale. Optoro’s mission is to make retail more sustainable by eliminating all waste from returns.

Optoro’s Challenges

Optoro needed an access solution that could replace the functionality of their VPN, while also improving their employee’s user experience and flexibility. It was also important to Optoro to find a tool with extensive audit logs that would provide the evidence needed to meet compliance standards like SOC 2.

Migrating to Kubernetes: Leaving the VPN behind

Optoro began migrating to Kubernetes a year ago, which prompted them to start looking for alternatives to their VPN. Optoro needed an access solution they could easily integrate into Google’s GSuite—their identity provider (IdP) of choice—to make authentication and authorization consistent across all of their applications. In Zach’s words:

What really drove our adoption of Pomerium was our migration to Kubernetes…what we were trying to do is divorce the idea of needing to have a VPN for privileged access.

Zach Dunn, CISO at Optoro

While searching for the right identity-aware access proxy, Optoro experimented with BuzzFeed’s SSO project, which aims to provide a secure, single sign-on (SSO) experience for internal web apps. However, Optoro ran into several issues with setting up authorization based on Google Groups and also realized BuzzFeed’s product did not provide the fine-grained authorization control they were looking for. After switching to Pomerium, Optoro now has granular authorization controls that integrate with their existing Google Groups.

SOC 2 Compliance & Pomerium

Another core driver for Optoro’s migration to Kubernetes and adoption of Pomerium is SOC 2 compliance. Optoro is currently working towards SOC 2 certification, and according to Zach, Pomerium has played a critical role:

We can confidently tell clients and auditors: “we only give people access to the things they need.” How we prove that is we can pull up the Pomerium configuration and say… “this team has access to these resources.”

Zach Dunn, CISO at Optoro

Pomerium helps Optoro achieve transparency and accountability in their security practices. By enforcing least-privileged access, Optoro can rest assured knowing that employees will only be authorized to see the applications and data necessary for their individual role. In the future, Optoro is excited to see how Pomerium can tighten their compliance further as more robust auditing features are added to the product.

Looking Ahead

Optoro’s long term goal is to have true centralized access across all of their endpoints, whether internal or external. By adopting Pomerium as their context-aware access proxy of choice for authentication and authorization, Optoro is one step closer to that vision. It is rewarding for Pomerium to play even a small part in ensuring Optoro’s success in making retail more sustainable. To learn how your company can get involved with Optoro, check out their website here.

Optoro is a reverse logistics technology company that works with retailers and manufacturers to manage and then resell their returned and excess merchandise.

Infrastructure
Ubuntu on Bare Metal
Platform
RKE (Rancher Kubernetes Engine)
Proxies
NGINX
Provisioning
RackN Digital Rebar
Security Management
Lacework
DNS
CoreDNS
Service Discovery
Kubernetes Service Discovery
Database
PostgreSQL, MySQL
Raw Data / Semi-Structured Data Storage
ZFS, OpenEBS ZFS-LocalPV
CI / CD Pipelines
GitLab CI, Argo CD
Batch Job Scheduler
Airflow
Logging & Monitoring
Elasticsearch, Kibana, Prometheus, Grafana

Sign up to be notified of new features and product updates

Get Started