Cerbos Cloud manages and enforces authorization policies

Cerbos has released Cerbos Cloud, a managed service offering for Cerbos. Cerbos is an open source authorization layer to easily implement roles and permissions in software applications.

It separates authorization logic from the core application code, making the authorization layers more scalable, more secure and easier to change as the complexity grows. Cerbos Cloud streamlines the implementation and management of authorization policies.

Torsten Volk, managing research director at Enterprise Management Associates, said: “Writing and managing repetitive code for the ‘plumbing’ of their software is the bane of most developers’ existence. In the case of authorization code, the resulting inconsistencies and errors can also negatively affect the sleep cycles of CIOs, CTOs, CCOs and CSOs when the time of an audit rolls around. Replacing this mess with a centrally managed authorization layer that is pre-integrated with the existing corporate identity provider and directory would therefore be a big deal for both dev and ops personas alike. I applaud Cerbos for taking on this challenge.”

Cerbos founders Emre Baran (CEO) and Charith Ellawala (CTO) met while working at Qubit, where they created its data infrastructure which processed more than 25 billion events daily in real-time.

There as well as at Google, Elastic and CGI, they encountered the same difficulties with developers writing their own authorization code, as there was no scalable, extensible and easy-to-use off-the-shelf solution available.

Each new authorization requirement from the business led to more complex logic, numerous iterations and lengthy rewrites.

Frustrated with the time-consuming, complicated and messy process of implementing, maintaining and scaling access control logic, Baran and Ellawala founded Cerbos in 2021 with the mission to make authorization simpler to implement and manage so developers can focus on building their core products and driving business value. Later that year, Cerbos introduced its open source authorization solution.

“If it wasn’t for Cerbos, one thing is for sure – we would have launched later than we did. As a result, we would have less customers. The maintenance is also a very important aspect. Our technical team would be dealing with daily tasks regarding access controls, access logs. Now, we don’t have to spend any time on that,” said Engin Attar, head of product and growth at Debite.

Cerbos takes a stateless approach which enables limitless scale. As application usage and authorization logic complexity grows, Cerbos can be scaled up to handle the increased volume without any limits or additional infrastructure.

At the same time, Cerbos takes a policy-based approach that keeps all authorization rules centralized and manageable, decoupling it from the codebase. This enables roles and permissions rules to be updated without rewriting code, all while maintaining strong audit logs, a requirement for regulated industries.

“Decoupling authorization makes life easier for both developers as well as product managers and security teams who create the requirements. Once implemented, the developers can focus on the rest of their job without having to deal with every change in access control logic,” said Emre Baran, CEO of Cerbos.

“We are launching Cerbos Cloud today to take away the operational burden of managing, testing and deploying changes. Developers can now spend even more of their valuable time delivering great products instead of maintaining the infrastructure of the authorization layer,” Baran continued.

Cerbos Cloud simplifies the process of managing authorization policies, testing changes and distributing updates in real-time. It is a scalable solution for developers who want to save time, streamline their workflows and confidently roll out authorization updates, letting them focus on delivering great products and improving the end-user experience.

Cerbos Cloud offers a range of powerful features that simplify authorization management for developers:

• The fully managed cloud handles the nitty-gritty of policy management and coordinates with the Cerbos instances running inside the environment, without external dependencies, ensuring that the developer stays in control while maintaining low-latency authorization checks.
• The managed CI pipeline makes policy testing and distribution easy while policies remain in the developer’s GitHub repo which they can control and manage access to.
• The Cerbos Lite bundles, powered by WebAssembly, enable authorization for both on-device and at edge locations using the same set policies as the authorization service deployments.

In March 2023, Cerbos closed a $7.5 million extended seed round led by OMERS Ventures with participation from angel investors Ryan King (co-founder and CTO of Chime), Zeynep Inanoglu Ozdemir (former CMO of Palo Alto Networks), Zach Holman (early GitHub engineer), Zach Lloyd (founder and CEO of Warp) and Lewis Tuff (CTO of Brevan Howard Digital).

The total funding raised to date is $11 million; the initial seed round was $3.5 million in 2021 led by Crane. Cerbos plans to use the new funding to advance its offerings.

“Cerbos has created an elegant, low-code solution to a widespread problem the founding team experienced first-hand in previous roles, which is always a solid starting point when we are looking for investments with break-out potential. And as user authorization becomes increasingly important in the modern tech stack, the Cerbos team has a relentless focus on providing the most scalable solution. We feel privileged to play a role in this journey that’s only just getting started,” said Harry Briggs, Managing Partner at OMERS Ventures.