Do you wish you could SSH to your servers using just your GitHub credentials? Are you still not sure how to easily integrate your Single Sign-on (SSO) provider with AWS RDS? Is your team still using shared passwords for all your databases, or are you tired of changing VPNs all day long? I've been there and can relate. There has to be an easier way!
We, the Border0 team, have made our mission to make infrastructure access easier and are excited to announce that we've raised funding from the awesome folks at Andreessen Horowitz (a16z), Venrock and Secure Octane! We're building an easier and more secure way to access your servers and databases no matter where they are deployed or where your users are.
We're all excited about the move to the cloud. No more change approval boards, no more tickets; it's all in the control of the engineers! As engineers, we can now spin up all the resources we ever wanted, build faster, and open up security groups in just a few minutes.
But it's not all good news, and a few new challenges have arisen. With the migration to the cloud the traditional security perimeter has mostly disappeared. No more VPNs and Firewalls; we can just access everything from anywhere (and so can the rest of the Internet). As a result, we now see increasingly more hosts and services directly exposed to the Internet. Today, more than 30 million SSH and Database servers are directly exposed on the public Internet. Newsflash: your corporate database really shouldn't be wide open from everywhere to anyone.
One of the other challenges is visibility for the security teams. They are responsible for securing and ensuring the enterprise stays within compliance. Questions like what resources are online, in what cloud provider, who accessed what, when, and from where are challenging yet increasingly more important to answer.
We (the Border0 founding team) have firsthand experiences with the problems described earlier. We're engineers that helped build and manage the infrastructure that powers well-known places on the Internet today. Our team members had pivotal roles in the infrastructure, DevOps, SRE, and security teams for companies such as OpenDNS, Cisco, Digital Ocean, Palo Alto Networks, and some of the world's largest e-commerce platforms.
We've all seen the dichotomy between engineering agility and the ever-increasing need for security and compliance. We are both convinced and excited about building a service that keeps the flexibility and agility that we all love while bringing back visibility and control to secure your infrastructure! We believe there's a better way and have made it our mission to solve that.
We understand the engineering persona and are committed to ensuring engineers can continue using the workflow and tools they're used to. Whether you're a CLI junky or prefer a desktop app for ease of use and service discovery, we've got you covered.
For the administrators or security folks out there, we are convinced we can get you going quickly and gain back visibility and control. Using the Border0 connector, we can discover your AWS EC2 resources, docker containers or Kubernetes resources. In just a few seconds, we'll automatically discover and create access services for you. This is great for managing access to ephemeral resources; we'll discover the resource as soon as it's spun up, with almost no config required.
Finally, you'll see exactly who accessed what resource, from where, and when. Best of all, you can replay recordings of SSH, Database, and HTTP sessions going through our platform.
A new model for the modern age
With Border0, engineers can quickly discover the resources they have access to. Authentication is done using existing Single Sign-on (SSO) providers. Your team can now log in to your SSH servers, Databases (No more shared passwords! ), HTTP services (and more to come) using just their SSO credentials.
Using this model, you can deploy your resources in a private VPC and get the security peace of mind that comes with that. While still being able to SSH to your servers or query your RDS instances as if they're connected directly to the Internet and using your existing SSO credentials.
All of this is Plug and Play, fully managed and offered as a service. Meaning it's super easy to get started and easy to manage.
How we got here.
I started working on a solution for this problem in 2020, after seeing firsthand for years that the old security model doesn't work well with the modern way of working, with various cloud providers, distributed teams, and the way engineers prefer to work. I saw enormous amounts of friction, poor security, teams slowing down, many firewall change requests, and all around frustration. That resulted in the creation of MySocket.io, and we've taken all the inspiration and lessons learned from MySocket to Border0 and couldn't be more excited about the team we've put together to tackle this problem.
I'd love to tell you about the partners who are funding Border0. We're excited to work with David Ulevitch at Andreessen Horowitz (a16z). David is the former co-founder and CEO of OpenDNS which was acquired by Cisco. While at Cisco, David was a senior vice president and general manager of Cisco Security line of business.
We’re also excited to partner with our friends at Venrock, where we worked closely with Todd Graham and now Ethan Batraski. Our third investor is Mahendra Ramsinghani from Secure Octane. I remember reading Mahendra’s Startup books and so I’m excited to now work with him directly. Last but certainly not least, Dan Hubbard. Most recently, Dan was CEO of Lacework, having spent a couple of years before that as their Chief Product Officer. Before Lacework, Dan was CTO at OpenDNS. Quite a team!
We're only just beginning.
When I started working on solving this problem two years ago, I knew there had to be a better way. The last two years have helped clarify this vision and with the funding from our investors and the fantastic founding team (Bas, Greg, Lucas, Pedro, and Rollie!) I'm convinced we're going to do great things.
Over the next few days and weeks, we'll share more details and practical examples to help you get started. I'd love to chat if this problem resonates with you, so please reach out. Finally, if you're curious and just want to give it a spin, please check out our getting started guide here and try our free Community tier.
Easy and Secure Database Access
In this blog, we'll look at how easy it is to make a private database available without the need for a VPN and using just Single Sign On credentials. That means no more shared credentials to access your database and flexible policies to define who has access. And, as a bonus, you'll also have session recording!
Accessing Private web Applications Without VPNs
In this blog post we'll look at how easy it is to make internal web applications available to authenticated and authorized users without needing a VPN. It's easy and will take you just 1 minute!