Resources
Zero Trust
Retake control of your data with Pomerium's self-hosted reverse proxy.
You may have heard of “zero trust” — a lot of vendors have co-opted this marketing term with claims that buying their offering achieves zero trust. It’s supposedly used in Zero Trust Network Access (ZTNA) and as an integral part of Secure Access Service Edge (SASE).
But zero trust has real meaning:
Trust does not flow based on where the requesting user is located
Every action is continuously verified against identity, posture, and context
To make it simple, one thing will always be true in a zero trust architecture: You want to identify and stop bad actions before they are allowed to happen. Anything less is insecure.
A verified user doesn't result in inherently safe actions. Pomerium continuously verifies each action against identity, posture, and context based on security policies before an action is allowed to happen. This directly limits lateral movement and protects against compromised credentials and malicious insiders.
This is a direct upgrade from session-based solutions where the security stops once a user has been verified and connection starts.
Zero trust applies to big brand names as they can ruin you through mis-configurations or have a culture that doesn't prioritize cybersecurity. We'll let the cybersecurity experts at ExtraHop say it:
"[Pomerium is self-hosted] so the Pomerium team cannot mess with your instance. SaaS-based Zero trust services must by design decrypt your traffic to provide functionality, meaning you are trusting them as a MITM. We want our traffic, our secrets, our authentication cookies to be protected even from our vendors. Our security is in our hands, using a reliable product."
Companies are realizing there is no point in replacing their old VPN client and tunneling solutions with SASE or ZTNA offerings that are just bundling up the same tunneling architecture.
The Perimeter Problem exists because many solutions stopped checking once the correct user credentials were presented to establish a secure session into the network perimeter. As a result, any solution requiring logging into a client tunneling into your infrastructure is inherently insecure.
Pomerium presents a different architecture as a layer 7 reverse proxy to solve the problems introduced by tunneling solutions.
Unlike VPNs and managed solutions, Pomerium can be deployed and scaled however your organization requires it. Conversely, other alternatives require your organization to deploy and scale according to their infrastructure because you are plugging into their network backbone. No third-party organization's architecture should be dictating your organization's growth and scaling needs.
Going beyond identity-aware is context-aware access where the context surrounding access is taken into consideration even if the correct user credentials are presented. Pomerium provides significant value here for organizations because the reverse proxy is self-hosted so the sensitive contextual data never leaves the organization's servers. This should never be used with a third-party hosted solution.
Developers can add Pomerium's access control and deploy to production with full confidence that the company's security policies are being enforced.
Company
Quicklinks
Stay Connected
Stay up to date with Pomerium news and announcements
