Introducing Styra Bundle Management Features

Adopting a fine-grained, policy-as-code authorization approach based on Open Policy Agent (OPA)– the leading open-source policy engine– is a huge step forward in building microservices applications that run reliably and securely. While software developers will delight in leaving behind the heavy burden of hard-coding policy logic and rebuilding authorization with each new application, other major challenges come into focus along the path to establishing end-to-end policy lifecycle management for microservices and the environments in which they run.

One such challenge to be solved has to do with ensuring software supply chain security with the use of policy bundles across different environments from dev to production. Policy bundles– which include both policy code and data– need to be properly stored, accessed, and deployed across the software development pipeline. Without the right policy lifecycle management system, it is extremely difficult and time-consuming to ensure proper provenance and security of that policy data as it is promoted from one software pipeline environment to the next.

As a result of our Styra’s deep focus on helping customers achieve stronger security and compliance through authorization, we’ve come up with a set of innovative policy bundle management features aimed primarily at boosting software supply chain security. 

With Styra Bundle Promotion™, we make it possible for policy bundles to be promoted from one software pipeline stage to the next without altering policy code. We achieve this by generating two bundles: one system-dependent bundle (where data source files are assigned) and one system-independent bundle (where policy code is assigned). A system-independent bundle can be promoted between systems while a system-dependent bundle cannot. We strengthen software supply chain security by ensuring that the exact same authorization policy code is used throughout each pipeline environment.

Styra Bundle Promotion is a game-changer, but we didn’t stop there. 

We’ve also built a way to optimize IT resource consumption as policy bundles are pulled from registries and distributed to OPAs. With Styra Delta Bundles, only changes in policy and authorization data are sent to the OPA, as opposed to the entire updated bundle. This prevents updated bundles from consuming more network bandwidth, CPU and memory resources, which risks authorization system performance degradation and potentially drives up costs.

Finally, we offer customers Styra Bundle Registry™. This pre-built bundle registry removes the requirement for users to build and implement their own bundle registries from scratch, and allows platform teams to focus on building and running applications.

We’re always excited to share how we’re reinventing authorization for the cloud-native world. Learn more about what Styra Declarative Authorization Service (DAS) can do to make end-to-end cloud-native authorization work for your applications and infrastructure!

Request a demo of these new features and start your authorization journey.