Stay up to date with Pomerium news and announcements.
We are excited to announce the v0.18 release of Pomerium! This release features support for external data sources, an integral component of zero trust architecture. Without further ado, let’s get down to what it is, why it’s important, and how you can use it!
Today, most applications are limited to using a sole source of user identity — e.g. their identity provider – when making access decisions. Single-source context-based access leaves systems blind to the multi-faceted forms of attack vectors being exploited in the threat landscape. Recent breach history has shown access control systems are limited by the data used in policy decisions.
For example, Pomerium can now integrate with:
Human resource information systems (HRIS)
Identity / Single-Sign-On providers (IdP / SSO)
Device management solutions
Mobile device management providers (MDM)
GeoIP, Cloud Services, and Tor Exit Nodes (more on this below!)
Databases, and unstructured data sources like datalakes
And more, including custom internal entitlement systems
Pomerium does this by providing a simple plugin-like interface for pulling in external data. This dynamically-sourced data ensures access control decisions are reinforced by the identity, state, and context of an incoming request. Pomerium’s data model ensures your contextual data stays private and tenancy never leaves your control.
Example external data sources
Today’s release also includes several example external data sources we have developed and open-sourced based on requirements from our existing enterprise users.
HRIS Systems
Human resource information systems (HRIS) such as Zenefits & Bamboo are an extremely valuable source of user identity and context. Pomerium can integrate attributes such as:
Group memberships
Role
Employment status
Out of the office
Physical or network location
Vacation status
and more!
Policies can be as flexible, and rich as your HRIS system supports. For example, you can enforce that users trying to access certain systems are members of the appropriate departments, or block access for users that are marked as on probation.
Example for using HRIS data in access policies
Anonymizing technologies
Similar to a Web Application Firewall (WAF), Pomerium can block incoming network requests from known anonymizing and obfuscation technologies like Tor Exit Nodes or public VPNs.
Known Networks
Known networks are another way of enriching authorization decisions based on request meta-data. For example, you can now write a policy that only lets requests originate from a known cloud services provider (e.g. Only allow service to service communication from GCP to Azure), or from specific known geographic regions (e.g. block requests originating from the North Korea GeoIP space).
Or, build your own!
Don’t see the integration you are looking for? Have an idea for a plugin and want to contribute?
Head over to our Discuss community and tell us about it! We're excited to see what you come up with.
Simplified Kubernetes Ingress Controller
It is now even easier to deploy Pomerium on Kubernetes with a single line install.
Next Steps
As always, we recommend upgrading and testing this release in an isolated environment. If you experience any issues, please report them on the Pomerium GitHub issue tracker. This release also includes other new features, general improvements, and bug fixes. A complete list can be found in the changelog.
Working Towards Zero Trust
Using Pomerium at work? Pomerium Enterprise is purpose-built for companies moving from perimeter to zero trust and identity-based access methods. We are proud to support these companies with features and capabilities built specifically for their needs. To learn how Pomerium can support your organization’s needs, checkout our github, documentation, or reach out to us directly.
