Ockam was built by developers for developers. We're one of the most popular and fastest growing open source security project and community.

Our approach works through networks, protocols, and clouds. On-prem, across clouds, TCP, bluetooth... it even works through asynchronous messaging systems such as Apache Kafka!

Authorization to even establish a route to other services is tied to the unique identity of the client requesting access, which is both more flexible in terms of supporting modern and often dynamic deployment approaches and also more clearly aligns with your intentions around access controls. If the client is able to establish trust that they are who they say they are then they are able to route their packets to the database. Contrast that to historical approaches with permanent access decisions based on assumptions about the remote network (e.g. is this request coming from an IP addess we have pre-authorized?). This is in addition to the authentication and authorization controls your services may already be providing, which will continue to work as they always have.

No more worrying about centralized certificate management, rotating certificates before they expire, and the delicate act of rolling those updates out across your organization.