Cerbos Hub is now available on-premise

For organizations running critical security infrastructure in the cloud is not an option.

Data residency requirements, regulatory constraints, network isolation, or fully disconnected environments mean that authorization systems must run entirely inside controlled infrastructure. At the same time, these organizations still need centralized, consistent authorization with clear auditability across distributed systems.

To meet these needs, we are happy to announce the release of on-premise Cerbos Hub.

You can now run Cerbos Hub inside your own environment while continuing to manage authorization centrally across apps, services, workloads, and non-human identities. Cerbos Hub now supports all deployment options:

• On-premise data centers
• Private and bring-your-own cloud environments
• Fully air-gapped networks
• Hybrid architectures
• Cloud-hosted

Why authorization remains a critical gap in regulated environments

In regulated environments, authorization is one of the few controls that should operate continuously at runtime. Every request, every service interaction, every automated action depends on it. That is what Zero Trust authorization requires.

Authorization failures are particularly hard to detect and harder to explain. Access is granted inside trusted systems, often based on dynamic context, usually without a clear audit trail that ties decisions back to policy intent. For security and IAM teams,it is a real accountability gap.

When access rules live in application code, proving least-privilege enforcement becomes nearly impossible. Investigating incidents takes too long. Responding when policies need to change means coordinating across multiple teams and deployments. By the time a problem surfaces, it is already in production.

Cerbos Hub addresses this by making authorization a governed, observable capability at runtime. On-premise support ensures this governance model can be applied in environments with strict requirements.

All Cerbos Hub capabilities, now on-premise

Running Cerbos Hub on-premise brings the full authorization management platform inside your environment. Access decisions are governed, audited, and enforced under your operational control, without relying on external services or cloud-hosted control planes.

We know that when you run infrastructure on-premise, you expect the full product, not a limited version. That is why all Cerbos Hub capabilities are available on-premise:

• Centralized authorization policy management across teams, tenants, and environments
• Programmatic policy updates via APIs, Git workflows, and CI pipelines
• Built-in validation and testing to reduce risk before policy changes reach production
• Controlled rollout of policy updates without redeploying applications
• Full audit trails for every authorization decision, including policy lineage and context

All authorization use cases are supported on-premise. Whether you are securing enterprise applications, multi-tenant SaaS products, services, workloads, or AI agents, you use the same authorization management platform, regardless of how Cerbos Hub is deployed.

On-premise Cerbos Hub extends centralized authorization to every environment where it is needed. Learn more about on-premise Cerbos Hub or talk to our team to see how it fits your needs.