Security Stack Logo
Pomerium Zero Trust Proxy logo

Network & Infrastructure Security

Pomerium Zero Trust Proxy

Identity-aware proxy for zero trust access to applications without VPN or client software.

Zero Trust Network Access (ZTNA)

Pomerium Zero Trust Proxy Overview

What it does

Pomerium is an open-source identity-aware proxy platform from Pomerium Inc., founded in 2019 by Bobby DeSimone (former founder of BeyondTrust) and headquartered in Solana Beach, California. The company has raised $18M in total funding, including a $13.75M Series A led by Benchmark in June 2024, with participation from Bain Capital, Haystack, SNR, and angel investors. The platform has achieved significant traction with over 1 billion Docker downloads and serves organizations from individual developers to Fortune 500 companies.

How it works

Pomerium provides clientless, identity-aware access to internal applications, services, and workloads by continuously verifying user identity, device state, and request context before granting access. The platform intercepts and routes traffic through an identity-aware layer, treating each connection as an ongoing series of requests where identity is verified for every action rather than session-based authentication. Available as both self-hosted open source (Apache 2.0 license) and Pomerium Zero (managed control plane with self-hosted proxy), the solution integrates identity providers, implements BeyondCorp zero trust principles, and provides context-aware access decisions based on user, device, location, time, and custom policy rules.

Credentials and traction

Pomerium carries a SOC 2 Type II attestation, displayed on its site as a trust anchor for regulated buyers. The project reports broad traction with over one billion Docker downloads and named users spanning security, education, energy, and financial verticals, including Obsidian Security, Optoro, Crusoe Energy, Traders Club, Stellenbosch University, and Pitt County School District. Adoption ranges from individual developers to Global Fortune 2000 enterprises running self-hosted zero trust.

Key Capabilities

mapped to solution categories
Zero Trust Network Access (ZTNA)

Provides access to browser-based internal applications through a reverse proxy without requiring a device agent, enabling secure access from unmanaged or contractor devices.

Grants access to individual named applications rather than network segments, users and devices can only reach explicitly authorized applications regardless of network position.

Re-evaluates user and device trust signals throughout an active session, revoking or stepping down access when anomalous behavior is detected, not just at authentication time.

Checks endpoint health (OS patch level, EDR presence, disk encryption, certificate validity) at each access request, enforcing minimum device security standards before granting application access.

Discovers internal applications accessible via VPN or direct network routes that should be brought under ZTNA policy, surfacing unmanaged application access.

Integrations

compatible tools
Active DirectoryAzure AD (Entra ID)GitHubGoogle WorkspaceKubernetesOktaOneLogin

Implementation & support

Deployment model
CloudHybridOn-Premises
Pricing structure
Community EditionCustom / EnterpriseFreemiumPer SeatSubscription
Support channels
Community ForumCustomer Success Manager (CSM)DocumentationEmail SupportPhone SupportSlack (Customer Channel)

Info last updated on May 28, 2026

Vendors

Is this your product?

Claim your profile to connect with the teams looking for your solutions.

Security Stack Logo

The curated research platform for enterprise cybersecurity solutions.

All product and company names, logos, and brands are property of their respective owners and are used on this website for identification purposes only. Security Stack does not endorse any vendor, product, or service listed, and makes no warranties, express or implied, as to the accuracy or completeness of this content, including any warranties of merchantability or fitness for a particular purpose.

© 2026 Security Stack. All rights reserved.