Metrikus uses Aserto to authorize every API request to its next-generation IoT platform
6x faster to market than building in-house
50% of the price of maintaining a home-grown solution
Better security posture: kill switch for users, audit trails
“Authorization has been a constant worry over the last two years - everyone was scared of it. With Aserto, I’m so much more comfortable with authorization because I can see what’s going on. Before, it was a dark art - we had a muddled permission structure. With Aserto, we have clear policies that are easy to implement and obvious to analyze. Aserto has made AuthZ something we’re not scared of anymore.”
About Metrikus
Metrikus is a market-leading software that combines multiple data sources and sensors to provide revolutionary insights, making spaces smarter, safer and more sustainable. Metrikus turned to Aserto to perform authorization for its next-generation platform.
Challenge
As Metrikus was rebuilding its customer-facing application, they decided to replace their home-grown authentication solution with Auth0. But when it came to authorization, they seemed to have two choices: build an authorization layer that is affinitized to Auth0, or build their own homegrown solution using OPA. From experience, the team knew that authorization always takes twice as long to build as the initial estimates, and thought a “build” solution would take six months to fully deliver.
OPA seemed like the right long-term solution, but the Metrikus team felt like the technical complexity of rolling it out on their own was going to be massive - from deployment model, to ensuring that authorization happened close to the application and very quickly. Finally, the team wanted centralized control of the solution, which they could deliver across multiple regions and cloud platforms.
Solution
When the team discovered Aserto, it seemed to allow Metrikus to “have their cake and eat it”. The service was already integrated with Auth0, so they didn’t have to build any of that. They didn’t have to learn about hosting the OPA engine - just about the Aserto APIs. There was a team they could go to that thought about authorization every day, whereas the team at Metrikus could focus on its core business value. And Metrikus could leverage additional capabilities like audit trails instead of having to build those themselves.
As the team incorporated Aserto, it discovered two additional benefits. One was the ability to deploy the Aserto sidecar alongside the application in the same kubernetes pod - this made authorization lightning fast. The second was the ability to instantly remove access from potentially compromised or malicious users from a central control plane: the JWT-based solutions that the team previously investigated left them very worried about this possibility.
Results
With Aserto, Metrikus reduced its development time 84%, from 6 person-months to a single month. Additionally, Metrikus estimates that the annual cost of Aserto will be half of what it would need to spend in engineering time on the ongoing maintenance of a home-grown system.
Perhaps most importantly, the audit trail that Aserto provides for every authorization decision helps increase the confidence of large enterprise customers about the overall security of the solution.
In the words of Sam Hall, Head of Technology at Metrikus:
“We get to have our cake and eat it: we now have more security and control than we would in any other scenario, and it’s half the price. The decision was so obvious that it was a 2-minute conversation with my CEO”.
He goes on to say,
“Support has been fantastic. Whenever we have some kind of issue, we would get very fast turnaround. For example, to deliver on our latency goals for the syncing from the identity provider, Aserto turned around a solution in under 12 hours. Kind of insane!”
Benefits
- 6x faster to market than building in-house
- 50% of the price of maintaining a home-grown solution
- Better security posture: kill switch for users, audit trails