Hard-Earned Lessons in Access Control at Scale: Enforcing Identity and Policy Across Trust Boundaries with Reverse Proxies and mTLS
By: Sanjay Singh, Mitendra Mahto
Potential Business Impact:
Safely connects remote workers to company apps
In today's enterprise environment, traditional access methods such as Virtual Private Networks (VPNs) and application-specific Single Sign-On (SSO) often fall short when it comes to securely scaling access for a distributed and dynamic workforce. This paper presents our experience implementing a modern, Zero Trust-aligned architecture that leverages a reverse proxy integrated with Mutual TLS (mTLS) and centralized SSO, along with the key challenges we encountered and lessons learned during its deployment and scaling. This multidimensional solution involves both per-device and per-user authentication, centralized enforcement of security policies, and comprehensive observability, hence enabling organizations to deliver secure and seamless access to their internal applications.
Similar Papers
POLARIS: Cross-Domain Access Control via Verifiable Identity and Policy-Based Authorization
Cryptography and Security
Lets you safely share info across different groups.
From See to Shield: ML-Assisted Fine-Grained Access Control for Visual Data
Cryptography and Security
Keeps private parts of pictures secret when shared.
Zero Trust Security Model Implementation in Microservices Architectures Using Identity Federation
Cryptography and Security
Makes computer programs safer by checking who's using them.