Embracing growth without reinventing the wheel: Insights from Cerbos CEO, Emre Baran

Published by Emre Baran on November 15, 2023
image

In a recent talk, Emre Baran, CEO and Co-Founder of Cerbos, provided insights into making smart build-versus-buy decisions for growth-related features in enterprise software. Here’s a concise summary capturing the essence of Emre’s presentation.

The dilemma of building vs. buying

During his time at Google, CGI, and his own startups, Emre and his development teams often faced the challenge of creating infrastructure components that were not directly related to their core business problems. This recurring scenario is familiar in the tech world, where the balance between building in-house solutions and opting for external products is delicate.

Common mistakes in developing roles and permissions

Emre highlighted three critical mistakes that teams often make when developing roles and permissions in B2B software:

  1. Underestimating Complexity: Initially, it seems feasible to develop roles and permissions in-house. However, as requirements evolve, this "simple" task becomes a complex, time-consuming endeavor.
  2. Oversimplifying User Roles: Teams frequently assume a handful of user roles will suffice. However, real-world scenarios are far more complex, requiring nuanced access controls, especially in large, diverse organizations.
  3. Overlooking the Bigger Picture: Implementing a basic library might seem enough, but it neglects the intricacies of coordinating multiple microservices, handling audit logs, and ensuring security compliance.

The birth of Cerbos

These challenges led Emre and his team to create Cerbos. Cerbos is an open-source solution designed to alleviate the burden of building roles and permissions from scratch. It aims to save time and resources, allowing developer teams to focus on their core business rather than infrastructure.

The impact of Cerbos

Emre’s team has found that Cerbos can save a four-person development team up to three months of work. In an era where speed and efficiency are crucial, tools like Cerbos can be game-changers, enabling developers to deliver value faster and more securely.

Conclusion

Emre Baran’s insights are a reminder of the importance of choosing the right approach in software development. By leveraging open-source tools like Cerbos, teams can avoid common pitfalls and focus on what truly matters: delivering value to customers.

Transcript:

Next on stage, we have the co-founder and CEO of Cerbos, Emre Baran, who will take us on a deep dive into the build versus buy decisions for growth related features in enterprise software. Let's welcome on stage, Emre, Web Summit veteran! 

Hello, thank you.Throughout my career at Google, CGI, and three of my startups, the developer teams I worked with spent countless months building and implementing infrastructure that had nothing to do with the real business problems we were solving. 20, 30 years ago, many of these technologies did not even exist.

We had to build our own key value stores. We had to build our own unstructured data storage, username, password lookups, password rotations. We had to physically go and install infrastructure, servers, firewalls, and today, thanks to modern development and tools like this, we never have to think about them anymore.

However, roles and permissions is something that we still build in every B2B software. Roles and permissions, the moment you have multiple users in multiple roles that need to collaborate together in order to complete a workflow in your software, you have roles and permissions. And any application needs that. And we still build this from scratch every single time. 

Today, I will share three common mistakes that led to my team spending countless hours and months building it. Roles and permissions start very simple. One - every developer thinks that we can do this in-house. However, as the requirements get more complex, this very statement turns into a very complex statement in your code base. Stripe has a recent survey that says 42 percent of developer time is actually spent in tech debt and maintenance. 

Mistake number two is thinking that we will need only three roles in my applications. Heck, if you leave the world to developers, there would only be two roles in your application. It would be a super user and a read only user. However, life is more complicated than that. And think about an organization that has 20,000 users, 3,000 of them are managers. And those managers are in 25 countries in 15 different departments. Are you going to give every manager the same right to see the data or make changes to your system?

And a mistake number three, thinking that I can implement a very simple library and be done with this. And what about all the other bells and whistles? What about multiple microservices that are written in different languages? How are we going to translate that one logic into all of the other ones? How do we deal with coordination and deployment and synchronization? How do we deal with audit logs?

And because of that, we invented this wheel many, many times in our previous lives, and each time we had to build it, we had to start from square one. Of course, there was a bit of knowledge transfer from one instance to another, but we lost a lot as well. And in an era of GDPR, CCPA, if you do not cover your security base 100%, it can lead to catastrophic results.

So we built Cerbos and we made it open source and we made it available to every developer out there so they can actually play with it and easily implement in their applications.

And on average, our open source solution saves a developer team of four - 3 months. In software development, we live in an era of delivering value to our customers as quickly as possible. And with Cerbos, we are on a mission to help developers focus on their core business, not infrastructure. Thank you very much for your time.

PRESENTATION
GUIDE

Book a free Policy Workshop to discuss your requirements and get your first policy written by the Cerbos team