Flagsmith podcast: The Cerbos story, from vision to reality

In a recent episode of the Flagsmith podcast, Cerbos' co-founder and CEO, Emre Baran, had an engaging conversation with Ben Rometsch, co-founder and CEO of Flagsmith, sharing insights about Cerbos and our vision for the future of authorization. We put together a summary of the key takeaways from the discussion, below.

You can listen to the full episode by clicking here.

The origin of Cerbos

Cerbos was founded with the vision to make authorization a standalone, decoupled layer of application architecture. Traditionally, authorization is tangled within application code and business logic. This can lead to a lack of transparency, difficulty in auditing and issues with scalability. By decoupling authorization, Cerbos aims to simplify and streamline this process, providing a clearer and more scalable solution.

Approaching integrations

Choosing which platforms to integrate with can be challenging given the wide array of available services. Our strategy involves focusing on the application layer and the most commonly used frameworks. We've developed a basic SDK that anyone can use, irrespective of their platform or framework. Community feedback and market share analysis of different environments guide our priorities.

The query plan API and authorization-aware data fetching

In addition to the basic API that answers "Can this user do this action on this resource?", Cerbos offers a secondary API known as the query plan API. This enables authorization-aware data fetching by returning an abstract syntax tree that can be used in your data fetching layer's criteria. It's a tool that allows you to efficiently render a homepage or display all the records a user can edit or has permission to access. Initial examples have been built using popular systems like Prisma and SQLAlchemy.

Upcoming launch of Cerbos Cloud

We're excited about the upcoming public beta launch of Cerbos Hub. Cerbos Hub is designed to make developers’ lives easier by managing running instances and deploying policies more efficiently. It comes with a CI/CD pipeline and real-time distribution of policies to running instances. The goal is to empower product managers and CISOs with a feature-rich premium solution.

Starting with Cerbos

We encourage developers to test out Cerbos. You can start small, choose a section of your application, build a policy and replace those if-then-else statements happening in your code base with our requests. One of our largest users, a major UK utility company, started with just three resources and now has replaced their entire authorization layer with Cerbos.

As we continue to build and improve Cerbos, we look forward to helping more developers and companies navigate the challenges of authorization more efficiently and transparently. Stay tuned for more updates, and join us in making authorization easier and more scalable!

Relevant links

Are you looking to improve your application's authorization logic and security? Look no further than Cerbos! Discover how Cerbos works and explore its powerful features, including:

• Cerbos Cloud, a cloud-hosted control plane for Cerbos
• the Cerbos playground, where you can easily build and test policies in an online editor
• the Cerbos ecosystem and its seamless integrations with various SDKs, modern frameworks, and authentication providers
• how to unlock the full potential of Cerbos by learning about the conditions you can use in policies with Google's CEL
• understand how to build Derived Roles for contextual role decisions
• take advantage of Cerbos' unit testing and validating and testing policies in a CI/CD pipeline
• discover the various deployment patterns and learn how to deploy Cerbos as a sidecar.

Get started building your first policies with ease and join the companies that trust Cerbos in production for their authorization needs.