Introducing Styra Run: A New, Holistic Approach To Authorization For SaaS Developers

Modern SaaS applications power the world’s most iconic businesses, and with hundreds of billions of dollars of annual revenue at stake, speed to market without compromising secure operation and access control is essential. Authorization for multi-tenant SaaS applications enables end-users to control ‘who’ and ‘what’ can interact with the application. These policies govern the developers and administrators managing the application/platform and the application’s external user base which includes account administrators and individual users.

Authorization for modern applications has never been more critical. Unfortunately, it also has never been more burdensome or technically challenging for developers and the IT operations teams that support the applications they build.

Pick any well-known SaaS platform and it is extremely likely that the development team who built it also had to code up custom authorization logic from scratch, configure databases containing users, roles, groups, permissions data and the like and build custom APIs or other control points for allowing or denying access. Doing all of this is just one part of the heavy lifting; all of these custom-built authorization components also have to be maintained and updated as requirements evolve. Furthermore, authorization is broadly considered to be a tier-0 service where performance and availability are make-or-break factors.

Given today’s speed-to-market pressures on SaaS-driven business (or any modern enterprise, for that matter) for new services and features, authorization CANNOT require custom work. This is essentially why Styra created Open Policy Agent (OPA). OPA changed the game for authorization, giving application developers and DevOps teams a standardized way to write and control authorization logic using a fast, flexible decision-making engine that can be applied throughout the cloud-native stack.

While OPA eliminates the burden of building authorization from scratch for each application by decoupling the authorization logic from business logic, the issue of contending with contextual data required for authorization decisions still remains. Specifically, developers are still saddled with solving difficult problems around data storage, consistency and scalability. 

The challenge associated with authorization data management came to light through conversations with dozens of OPA users who had designed bespoke systems to shard and replicate authorization data sets to their OPAs. We believed that we could build and operate a service that would allow SaaS developers to offload not only authorization logic but authorization data from their apps and still meet the strict performance and availability requirements of an authorization service. Today, we’re excited to announce Styra Run!

Styra Run is an application authorization service purpose-built for developers that combines streamlined OPA policy with a geographically distributed, horizontally scalable, highly-available data store. Styra Run is completely based on OPA – the de facto open-source policy engine – and is the only system of its kind to decouple both the policy logic and data from the application code for a reliable, turnkey approach.

Through its simple SDK, developers can easily integrate Styra Run with their applications for both authorization and data filtering. They can also easily embed the Styra Run GUI to enable end-user permission management.

The benefits in store for Styra Run users and their organizations are easy to see. With developers relieved of repeatedly building authorization from the ground up and having to sweat the related data management challenges, they can focus instead on building competitive differentiation and pushing new services and features out as fast as possible.

The SaaS delivery model has changed the way we interact with software. We expect frictionless onboarding without a human in the loop, but we also want to be able to bring friends & family and coworkers along for the ride — which means that collaboration and access control functionality are table stakes in any modern piece of software. This trend is only going to increase, as the move towards remote-first work accelerates. To deliver on this, developers should recognize authorization for what it is: undifferentiated heavy lifting.

Want to take Styra Run for an early spin? Register for access to our beta program!