How Cerbos Helps Devs Scale Authorization Faster & Cheaply: Q/A with Emre Baran

Website Planet had the chance to sit down and chat with Cerbos Co-Founder & CEO, Emre Baran.

Emre Baran is an entrepreneur in the software field with 20+ years of experience in both B2B and B2C. He joined Google after his MBA and helped them build multiple products that generated over $1B in revenue. He is also an angel investor and consultant to early-stage companies and entrepreneurs.

In this interview, Emre will tell us how Cerbos started, and how it helps developers scale authorization, and therefore save time for themselves and improve security for their clients applications.

Let’s introduce Cerbos to our audience. What is it and how does it work?

Cerbos is an open-source authorization layer designed to simplify the implementation of roles and permissions in software applications. It provides developers with a seamless way to incorporate secure and efficient authorization logic into their projects.

When building software applications for users and diverse roles, it becomes crucial to manage permissions effectively. Cerbos enables developers to easily assign and enforce roles and permissions based on the specific requirements of their application. This separation of business logic from authorization logic ensures improved security, testability, and flexibility.

Implementing Cerbos is a breeze and can be accomplished in just a few minutes. It supports various installation methods and seamlessly integrates into different environments. Additionally, Cerbos boasts impressive speed, swiftly providing a clear “allow” or “deny” answer to authorization queries.

With Cerbos, developers can confidently address issues such as whether a user can perform a particular action or access specific resources within the application. This capability ensures granular control over user permissions, enhancing the overall security and functionality of the software.

In summary, Cerbos is a simple, versatile, and powerful solution for implementing roles and permissions in software applications. An invaluable time and money saver for developers, who can easily manage user permissions, improve application security, and focus on other critical aspects of their projects.

<iframe width=”560″ height=”315″ src=”https://www.youtube.com/embed/PoCjWp5Z2Ys” title=”YouTube video player” frameborder=”0″ allow=”accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share” allowfullscreen></iframe>

How did it all start, and what are your achievements to this day?

While working on our previous startups, as well as with Google, CGI and Microsoft, we realized that building a reliable authorization system was essential.

We discovered that most developers prefer implementing the system themselves, and that’s a process that often starts off simple but becomes increasingly complex. We wanted to find better ways to address this challenge.

We decided to build a dedicated team and create a layer within our software to handle authorization requests, and we were not alone. In fact, over the past few years, competition emerged, with companies addressing this issue from different angles.

How does your mission differ from the other companies in your niche?

Our focus is on making the implementation process simple and accessible, so developers don’t have to become experts or learn new programming languages. Some competitors require developers to learn full programming languages or offer only cloud-hosted solutions, often at a premium cost. In contrast, our core engine is open source and free for developers to use.

We want to prevent developers from struggling with building a complex and unnecessarily time-consuming authorization system themselves when it can be accomplished with just a few lines of code.

Who are your typical clients and what problems do they have when they come to you?

During KubeconEU in Amsterdam in April, I visited various startup booths and engaged with their founders and technical teams. I conducted a mini market research on how they built their roles and permissions.

The majority (95%) mentioned that they built them in-house, and when asked about the time it took, the average response was three months with a team of three to four people.

This means dedicating one full-time employee’s worth of effort for the first year. Additionally, these roles and permissions require ongoing maintenance, improvement, and evolution, equivalent to the cost of one full-time employee per year.

This demonstrates significant tangible savings for startups thanks to using something like Cerbos.

Besides that, every B2B application usually has multiple users and multiple roles, so they all have the problem of authorization management.

Uber is instead a good example of a B2C company that needed something like Cerbos. They had problems in the past when their customer service representatives had unrestricted access to records, including travel history, due to the lack of roles and permissions.

Alternatively, consider a scenario where a small company has three user types, and it’s relatively easy to set up roles and permissions. However, if a customer has 20,000 employees, including 3,000 managers spread across 10 departments in multiple countries, granting uniform permissions to all managers becomes impractical. To address this complexity, we utilize policies that allow for different permissions based on roles, regions, and departments. This ensures a fine-grained control over user access and enables our customers to cater to the needs of large enterprises effectively.

And what makes them eventually choose you over your competitors?

Fastest on the market

1. Cerbos is self-hosted, so businesses of any sort can easily integrate it into their environments regardless of location. Think ATM machines, or government agencies.
2. Cerbos is super fast, and speed matters when it comes to authorization decisions.

Can you share one success story from your customers?

Utility Warehouse currently handles over 814,000 customer accounts with the help of over 45,000 independent distributors. They had an internal authorization software that was outdated and not well-maintained. It was causing inconvenience and complaints within the company. They lacked a standardized way of handling authorization, leading to inefficiencies and difficulties in testing their processes.

By adopting Cerbos, they could address their authorization challenges without the need for extensive investment or building a solution from scratch. Moreover, Cerbos was closely aligned with their existing authorization system, making it a natural fit.

Cerbos saved them time and opportunity costs, enabling them to focus on other business use cases and technical debt. Our team’s expertise and transparency gave them confidence and peace of mind.

Overall, Utility Warehouse benefited from Cerbos for effectiveness, simplicity, and reliability.

What do you see in the future of your industry, and how do you plan to cope?

In the evolution of software development, we observe shifts between monolithic and microservices architectures, as well as the emergence of self-service public cloud, private cloud, air gap, serverless, and edge computing, hybrid solutions.

Zero trust is a crucial component for each of these approaches, as users should have the capability to operate within them securely. It is essential for our server infrastructure to accommodate all of these diverse requirements effectively.