Pomerium is an identity-aware access proxy. Pomerium can be used to:

  • enable secure remote access to internal websites, without a VPN.
  • provide unified authentication (SSO) using the identity provider of your choice.
  • enforce dynamic access policy based on context, identity, and device state.
  • aggregate access logs and telemetry data.


Perimeter security's shortcomings

For years, secure remote access meant firewalls, network segmentation, and VPNs. However, several high-profile security breaches have shown the limitations of perimeter security, namely:

  • Perimeter security does a poor job of addressing the insider-threat and 28% percent of breaches are by internal actors.
  • The impenetrable fortress theory of perimeter security is anything but in practice; most corporate networks have multiple entry points, lots of firewall rules, and constant pressure to expand network segmentation boundaries.
  • Even defining "what" a perimeter is is difficult as corporate networks have come to consist of an increasingly heterogeneous mix of on-premise, public, and private clouds.
  • VPNs frustrate end-users, give a false sense of security, and often fail to provide defense-in-depth.

Or for the visually inclined.

NSA exploiting google's SSL termination

SSL added and removed here :^) - NSA


Pomerium attempts to mitigate these shortcomings by adopting principles like:

  • Trust flows from identity, device-state, and context; not network location.
  • Treat both internal and external networks as completely untrusted.
  • Act like you are already breached, because you probably are.
  • Every device, user, and application's communication should be authenticated, authorized, and encrypted.
  • Access policy should be dynamic, and built from multiple sources.

This security model has typically been referred to as zero-trust or BeyondCorp-inspired.


Pomerium was inspired by the security model originally articulated by John Kindervag in 2010, and by Google in 2011 as a result of the Operation Aurora breach.