How Debite built scalable and reliable access controls with Cerbos

Published by Anna Paykina on December 22, 2022
image

A SCALABLE AND SECURE AUTHORIZATION LAYER ENABLES QUICKER PRODUCT ROLLOUT

Debite is a dynamic financing and payments platform tailored to early-stage startups and high-growth companies in the UK. Their unique corporate cards offer credit limits up to £250k and come with built-in instalments that allow founders to spread the cost of their business expenses up to 12 months.

As a financial technology company, Debite wanted to build a scalable and reliable solution for access controls, both in their internal dashboard and in the customer platform. Engin Attar, the Head of Product and Growth, and Co-Founder of Debite, selected Cerbos as an authorization layer for Debite.

The result of Debite's collaboration with Cerbos was a secure, simple and robust access control solution that allows Debite to ship their products faster and go to market very quickly.

We spoke to Engin Attar, the Head of Product and Growth, and Co-Founder of Debite, to understand why Debite implemented Cerbos — and the exceptional results that came from the partnership.

CHALLENGES

Q: Can you tell me a little bit about yourself and your role?

Engin: I'm the Head of Product and Growth, and also a co-founder of Debite.

Q: How did you manage user permissions before you implemented Cerbos?

Engin: We were very lucky that we came across Cerbos when we were building Debite.

It's a financial technology company, so we have a lot of important access controls, whether it's in our internal dashboard or in the customer platform. It was very important to build a scalable and reliable solution for that. And after we met with the Cerbos team, we implemented it and wasted no time building an in-house solution.

Q: Why did you choose to go with Cerbos, rather than build an in-house solution?

Engin: At our previous company, myself, and our CTO, had some prior experience with authorization. It was very hard to keep updated policies for access control and keep logs of everything. So we knew how important it was for us to have an easy solution, so we don't have to build it over and over again.

One of the things that developers don't like to do, is to write access controls. It's very hard to update and maintain them. Also keeping logs and roles is hard for product managers. Additionally, testing them is also a nightmare.

And when we checked Cerbos out - we saw that Cerbos APIs were great. It's very fast to write new policies. Response times and reliability are two very important requirements. Cerbos is quite fast and reliable.

Q: Was there any apprehension over using a solution that wasn't built specifically by you, for you?

Engin: Of course there was, because we use Cerbos in very mission critical operations: both for the underwriting process and also in our customer interfaces.

If it wasn't reliable, then we would have very serious problems. It was very important not to have a single failure point for us, so that our operations can go on.

Q: What sold you on picking Cerbos as your chosen solution?

Engin: Response times, the clean API and the ease of writing and editing policies were the key points for us.

It just works, we are using it in the back office and in the front end. We don't have to think about it, and it's a time saver for us. It was very important for us to be able to add new user profiles, one after another when we are building new products. It enabled us to ship our products faster. So I think that's quite an important thing for the CEO as well. It was an easy decision for our executive team: CEO, CTO and me as the Head of Product.

SOLUTION

Q: How long did it take you to get started with Cerbos?

Engin: Our development team, CTO and the backend team were involved in the process of integrating Cerbos. We had no product managers at the time. It took us a couple of weeks to implement it, while also working on some other stuff as well. During our implementation, the Cerbos team was very helpful with regard to some technical questions we had. Additionally, the API documentation is self-explanatory, we used that a lot as well.

Q: Can you walk me through a day in the life of using Cerbos?

Engin: So, on a usual day, we won't have to deal with anything related to Cerbos, and that's the best part. It just works.

However, if we want to develop some new products, give new access controls, or if there's any company specifically requiring a new access type, it's quite easy for us to create and edit such permissions without much help from the development team. That's the most important thing for us, and it makes our daily lives so much easier.

Q: How has Cerbos helped you meet any compliance requirements?

Engin: It helps us in many different ways with compliance requirements. We have different profiles on our site for underwriting. We are working with a bank called Modular, we use their EMI license. Cerbos helped us go through the compliance process so much easier and smoother than compared to an in-house solution. Additionally, since we are using Cerbos for access controls and logs, we were able to get the required disaster recovery certificates much faster.

RESULTS

Q: How has deploying Cerbos transformed Debite's authorization process?

Engin: The access logs are very important for us. Had we built it ourselves in-house, we would have probably missed certain things. For example, it is common to overlook logging of certain actions and buttons on the interface. With Cerbos you don't have to think about that. Having a built-in logging functionality gave us a sense of trust.

Q: What would have happened if Debite had not deployed Cerbos?

Engin: One thing is for sure - we would've launched later than we did. As a result, we would have less customers. And the maintenance part is also very important. Our technical team would be dealing with daily stuff regarding access controls, access logs. Now, we don't have to spend any time on that.

It saves us so much time. It just works, and it enables us to go to market very quickly, compared to an in-house solution. It allows us to offer new products faster as well, because writing new policies or editing them is so easy.

If we wanted to create the same solution for ourselves, I think it would have taken us so much time, and in terms of figures, it would have cost us easily £200,000. And maybe with the maintenance and everything it would go higher than that.

Q: How has your business been impacted since starting to use Cerbos?

Engin: We started working together when we were building Debite. So we went from zero customers to a hundred customers. And the timing was very important for us, it enabled us to do that. Being a financial technology company, with the part of underwriting, it's key for us to use a scalable solution like Cerbos. It enables us to do more every day. It would have taken us so much time to do it ourselves.

Q: If you were to recommend Cerbos to someone, what would you tell them?

Engin: I would say that instead of writing access controls, access logs, for yourself, using Cerbos will make your life so much easier. Because it gives you an easy-to-use platform to do all of this, without any, or minimal, effort from the development team and the product team. It's reliable. It's fast, and it's, most importantly, a time saver. And on the policy side, it allows you to ship new products, write and edit policies, faster.

Check the APIs, build a proof of concept. And I would say, if the requirements are met, Cerbos would make your life so much easier. And when you think about the maintenance, for the long-term, it makes sense to switch to Cerbos.

WHAT'S NEXT?

Debite is continuing to use Cerbos for authorization. Engin looks forward to taking advantage of the new product features Cerbos is constantly developing, and continuing to scale Debite securely.

You can read the full case study with Debite here.

Book a free Policy Workshop to discuss your requirements and get your first policy written by the Cerbos team