Driving impact through open source developer tooling | Emre Baran, Cerbos | Collision 2023

"Hello everyone. Throughout my career at Google, CGI and three of my own startups, I worked with developer teams that spent countless months building software infrastructure that had nothing to do with the core business problem that we were solving. If you look at this board, you'll see a lot of technology that didn't exist 20 years ago.

We had to go and build our own key value stores. We had to go build password and database lookups, password rotations, infrastructure, firewalls and everything else. But today, we're lucky enough that developers can actually use these solutions and move on with their lives. However, when it comes to roles and permissions, this is a piece that we still build into every one of these business applications that we build.

Roles and permissions are needed when you have multiple users in different roles, working together to complete a workflow. If you wanna think about an example, think about your expense application. Somebody submits, somebody approves, somebody pays an expense. And yet, we still do not have a solution that actually easily enables us to implement these workflows.

I'll share with you three mistakes that I've made with my teams when we were trying to build these things. Number one was thinking, oh, we can do this. This is a very simple if then else statement, we can just implement it. It is correct. It starts very simple. However, as business requirements get more complex, this turns into a tech debt.

Second, thinking that, oh, we will only need a few roles. Heck, if you leave the world to developers, you'll only need a super user and a read only user. Nothing else. However, real life is much more complex than that. Think about a company that has 20,000 employees. Among those, 3,000 are managers, and those managers belong to 20 departments in 15 different countries. You cannot give the same level of permission to every single one of those managers. And this is not being enterprise ready. 

Mistake number three is, oh, I'll take a library off the shelf and implement it. And it's never just that library. Every developer team that I worked with had to go and build software infrastructure around this library.

And again, building software infrastructure causes tech debts. Our team, we reinvented this wheel, this security, so many times. And every single time we had to go start from scratch. Although we had some transferable know-how from previous times, there's still a lot of knowledge that gets lost along the way. And in the world we live in, where there is GDPR and CCPA, not getting your security and permissions is a big risk.

At Cerbos, we enable developers to implement roles and permissions securely and in a robust manner. And best of all, we actually made this open source, so developers can actually implement it in minutes and move on with their lives.

And that caused us to be able to give at least a team of four, three months back on their roadmap. And more importantly, we were able to enable them to focus on their business priorities, business requirements, that they had to actually go and build rather than infrastructure. Thank you very much."