"We are continually thinking about how to better protect our data, using techniques like encryption and role-based access control. Our first move was to implement a multi-layered strategy where data is protected by many strong layers of security technology. Many of the targeted companies are doing the same." Max Ferguson, CEO Lumin PDF, commented in a blogpost on LuminPDF data breach on 1st of April, 2019.
Since then, Lumin has integrated multiple security measures to protect its users’ privacy and the company servers. With a customer base of over 65 million and counting, it’s no surprise that this New Zealand-based software company would leave any stone unturned to scale up its security measures.
Since its establishment in 2014, the cloud-based PDF collaboration and editing platform offers full integration with popular tools like Google Drive and Dropbox. Customers use its extensive toolkit to create, share and edit the documents they use at work and in their personal lives. Pairing up with giants like Blockchain.com, Netflix and Uber, Lumin shot up for growth by 600 percent, making it one of the fastest growing tech companies in 2021. While the number of global user profiles keep growing, Lumin is harboring sensitive data on a daily basis. The software caters to a wide audience - from educators to business administrators and beyond. Lumin needs to add more stringent authentication, authorization and access control security. This is where we come in.
Ory’s flagship zero trust network “Ory Network” is a global, scalable and secure platform for managing identities and its distribution across various internet services. Ory is a fast-growing startup offering a suite of services that make it easier for developers and businesses to create secure and dependable web applications and services. Offering capabilities such as single sign-on, self-service password resets and custom branding, Ory is an end-to-end solution for identity management, authorization, authentication and access control on any web platform.
Using Ory’s system ensures users’ login credentials are secure through two-factor authentication as an additional layer of protection. It also means that Lumin is able to provide enterprise-grade login and security, which is crucial for some of its business and enterprise customers. Currently, Lumin uses Ory Kratos, Ory Hydra, and Ory Keto.
Lumin uses Ory Kratos to manage sign-in and session management for Lumin customers. Ory Kratos provides tools for user management and authentication. It also allows customers to access data on other platforms through its Single Sign-On (SSO) capability, as well as protects the users of a web application from data breaches and phishing attempts through Self-Service Password Reset (SSPR).
Lumin also uses Ory Hydra for authenticating requests to their open API. Ory Hydra manages all of the security tokens and servers to verify users who have logged into an application. Once verified, it creates an authorization token that’s used to access restricted content on its partner applications.
Another project on the horizon for Lumin powered by Ory is the template library. This extensive library of readily available templates will use Ory’s search function to help sort through multiple documents to find the right fit for them. Ory Keto access control will be used to manage user accessibility to specific templates. The project ties in with Lumin’s wider vision; to ensure users can find, sign and share a document within 30 seconds.
Lumin’s philosophy centers around accessibility, with founder Max Ferguson wanting to create a platform accessible to everyone no matter where they are in the world. It offers a free version, giving users access to many of its popular features. Similarly, Ory’s open-source technology is readily accessible, meaning Lumin can offer the same to their customers. The Lumin team is currently working on several new open-source projects to make it easier for developers to work with PDF files in their own applications. These projects will leverage the Lumin API and allow the developers to integrate with Lumin technology. Unlike some of their competitors, Ory’s open-source nature gives Lumin’s developers the flexibility to review code and suggest changes, giving input into the functionality to ensure it best fits their use-case.
The Lumin team has over 50 dedicated developers continuously working on growing the platform with a multitude of software partners, so flexibility and ease of use are paramount. Lumin’s System Architect based in Vietnam, Hoan Tran, says working with Ory “opens up a wide variety of concepts that once explored, really show you how flexible and adaptable the software can be”.
When completing their analysis of the best open-source technology software, the Lumin team found many competitors prohibitive in their pricing based on user count. Lumin caters to over 65 million users worldwide with 5 million active monthly users at a minimum. Competitor Auth0 charges on average $1 per active user per month, meaning Lumin would be unable to offer a free tier and would need to increase prices for all users. Similarly, competitor Okta charges upwards of $2 per user. With affordable pricing plans, Ory allows Lumin to deliver a consistently sustainable product in the long term.
Ory supports Lumin’s future development by enabling seamless software integration and a variety of tools that make it easier for Lumin’s developers to streamline processes and focus on delivering for their customers. The open-source platform improves business processes by simplifying user management and authentication, as well as accessing and verifying users across various platforms.