Announcing Pomerium v0.18

August 9, 2022

We are excited to announce the v0.18 release of Pomerium! This release features support for external data sources, an integral component of zero trust architecture. Without further ado, let’s get down to what it is, why it’s important, and how you can use it!

Support for external data sources

This release enables Pomerium to incorporate external sources of contextual user, device, and request state when making access control decisions. This realizes a core component of NIST’s Zero Trust Architecture paper’s requirement for a context-aware proxy to incorporate multiple sources of user and device context into policy decisions. 

Today, most applications are limited to using a sole source of user identity — e.g. their identity provider –  when making access decisions.  Single-source context-based access leaves systems blind to the multi-faceted forms of attack vectors being exploited in the threat landscape. Recent breach history has shown access control systems are limited by the data used in policy decisions. 

For example, Pomerium can now integrate with: 

  • Human resource information systems (HRIS)

  • Identity / Single-Sign-On providers (IdP / SSO)

  • Device management solutions

  • Mobile device management providers (MDM)

  • GeoIP, Cloud Services, and Tor Exit Nodes (more on this below!)

  • Databases, and unstructured data sources like datalakes

  • And more, including custom internal entitlement systems

Pomerium does this by providing a simple plugin-like interface for pulling in external data. This dynamically-sourced data ensures access control decisions are reinforced by the identity, state, and context of an incoming request. Pomerium’s data model ensures your contextual data stays private and tenancy never leaves your control.

Example external data sources

Today’s release also includes several example external data sources we have developed and open-sourced based on requirements from our existing enterprise users. 

HRIS Systems

Human resource information systems (HRIS) such as Zenefits & Bamboo are an extremely valuable source of user identity and context. Pomerium can integrate attributes such as:

  • Group memberships

  • Role

  • Employment status

  • Out of the office

  • Physical or network location

  • Vacation status

  • and more!

Policies can be as flexible, and rich as your HRIS system supports. For example, you can enforce that users trying to access certain systems are members of the appropriate departments, or block access for users that are marked as on probation. 

Example for using HRIS data in access policies

Anonymizing technologies

Similar to a Web Application Firewall (WAF), Pomerium can block incoming network requests from known anonymizing and obfuscation technologies like Tor Exit Nodes or public VPNs

Known Networks

Known networks are another way of enriching authorization decisions based on request meta-data. For example, you can now write a policy that only lets requests originate from a known cloud services provider (e.g. Only allow service to service communication from GCP to Azure), or from specific known geographic regions (e.g. block requests originating from the North Korea GeoIP space). 

Or, build your own!

Don’t see the integration you are looking for? Have an idea for a plugin and want to contribute? 

Head over to our Discuss community and tell us about it! We're excited to see what you come up with.

Simplified Kubernetes Ingress Controller

It is now even easier to deploy Pomerium on Kubernetes with a single line install

Next Steps

As always, we recommend upgrading and testing this release in an isolated environment. If you experience any issues, please report them on the Pomerium GitHub issue tracker. This release also includes other new features, general improvements, and bug fixes. A complete list can be found in the changelog.

Working Towards Zero Trust

Using Pomerium at work? Pomerium Enterprise is purpose-built for companies moving from perimeter to zero trust and identity-based access methods. We are proud to support these companies with features and capabilities built specifically for their needs. To learn how Pomerium can support your organization’s needs, checkout our github, documentation, or reach out to us directly

Share:

Stay Connected

Stay up to date with Pomerium news and announcements.

More Blog Posts

See All Blog Posts
Blog
Identity Aware Proxy (IAP): Meaning, Pricing, Solutions
Blog
The Great VPN Myth: What PCI DSS 4.0 Actually Requires for Remote Access
Blog
Zscaler vs. Tailscale vs. Pomerium: Detailed Comparison

Revolutionize
Your Security

Embrace Seamless Resource Access, Robust Zero Trust Integration, and Streamlined Compliance with Our App.

Pomerium logo
© 2024 Pomerium. All rights reserved