Cerbos simplifies how developer teams implement and manage access control within the applications they're building - which means they can spend more time building features, than plumbing and building authorisation.
What was the catalyst for launching the product?
When it comes to user permissions, we have all spent so much time in previous companies reinventing the wheel. In software products where there are multiple users with multiple roles, there is a need for user permissions and authorisation. However, barring a few, free, software libraries, developers have been expected to create and implement solutions themselves - we couldn’t believe that no one had looked to tackle that problem. To-date there has been no real, scalable and decoupled solution, and in the age of modern computing, free libraries are neither scalable, nor a full solution for most requirements.
As a result, many software engineers set out to build solutions thinking: “How hard could it be?” and “I can build one in a few days” - which is not the case. For many of us with a long history working at some of the largest tech companies in the world, and consistently revisiting this challenge, we wanted to tackle this common pain point and give back to the millions of software developers who are building pioneering products.
Tell me about the product - what it is, what it aims to achieve, who you work with, how you reach customers, USP and so on?
If you have used B2B software you probably have been a subject of authorisation. Authorisation controls who can do what in a given software product. Authentication, which companies like Okta and Auth0 made famous, controls username and password, the “are you who you say you are”. Once the software knows who the user is, Authorization becomes the most important thing, i.e., what does this user have permissions to actually do?
We work with B2B software products, from startups to publicly listed companies.
Some of the customers we reach out to are fast growing startups who have outgrown in-house solutions for user-permissions modules, and now require more resilience and compatibility with security standards like SOC3 and ISO27001.
We focus on educating developers to ensure they know that authorisation now can be decoupled and simply integrated into their software.
Our USPs are:
- We’re open source! Cerbos can be self hosted and we have broader uses than SaaS-only products
- We allow companies to configure rather than code - our technology is configurable by non-technical team members, which means collaboration is easier and the learning curve is lower
- Cerbos enables “attribute based access control”, ABAC, which also takes into account the context of the permission and enforces more intelligent access control
- Data filtering - Our query plan API centralises user permissions for both backend applications and data, which considerably simplifies application development
How has the business evolved since its launch?
Cerbos started as a project. We were testing the viability of our approach and willingness of developers to take an authorisation product off the shelf rather than build one in house.
Since launching, we’ve had a lot of users using Cerbos in their product, depending on Cerbos’ decision making abilities for every single API call they get.
What is your favourite thing about being a founder?
No two days are the same. There are lots of different challenges to address to get everything off the ground: technology, people, marketing, messaging, investors and financing. It never gets repetitive and every day is full of learning opportunities.
Which founders or businesses do you see as being the most inspirational?
I have tremendous respect for Auth0 founders for decoupling Authentication and making it a standalone business. They’ve seen the complexities of something that starts simple and turns complex, built a business and convinced an entire development community to use a service like theirs.
Which other figures in your life inspire you?
Many sports figures, especially Olympic athletes inspire me a lot. In the face of daily adversity they keep going on their mission for years. Their discipline, determination and optimism are always a key source of inspiration for me.
What are the things you’re really good at as a leader?
I think that is mostly for my team to comment on. However, I believe in the “Leaders eat last” principle that was popularised by Simon Sinek.
Which areas do you need to improve on?
Pretty much every area. I classify myself as a jack of all trades [and master of none, but better than of one]. (which is the actual full quote)
I know I can benefit from improving every single aspect of my skill set.
What’s in store for the future of the business?
We are growing fast and focusing on our users. We will be building more tools to make their lives easier and along the way we will see which way our business moves.
What advice would you give to other founders or future founders?
Work on a product that you are very passionate about that you have experience and insights in. It is very easy to just think about a business opportunity that you may not have adequate knowledge or experience and get trapped in trying to make it profitable.
And finally, a more personal question! We like to ask everyone we interview about their daily routine and the rules they live by. Is it up at 4am for yoga, or something a little more traditional?
Much more traditional - though the day is usually fragmented.
We are all working fully remotely - so there are the inevitable disruptions of family life which means I especially enjoy moments of quiet - in the evening when everyone is asleep and I have time to focus without distractions.
Emre Baran is CEO at Cerbos.