Deploy OPA at scale with turnkey policy authoring, distribution and monitoring for Kubernetes security and compliance
Styra Declarative Authorization Service—built on Open Policy Agent—provides context-based admission control policy to mitigate risk, reduce human error and accelerate development.
Kubernetes has evolved from experimentation to production—now teams must secure this new environment, but dynamism and scale add exponential complexity
Styra DAS was purpose-built to address today’s “Everything-as-code” requirements for security and compliance:
Get to day 2 quickly with OPA policy authoring and impact analysis for admission control
The future of security is policy-as-code, but not every security team is made up of coders. That’s why Styra DAS provides both a point-and-click user interface as well as a rich code editor.
With a built-in library of best practices and security policies sourced from real-world OPA use cases, it's easy to get K8s guardrails up and running quickly.
DevOps and Platform teams can pre-run policies to analyze their impact before deployment, see where violations occur and analyze existing workloads for compliance across clusters.
Mitigate risk and ensure consistency across clusters, based on namespace, labels and more
Styra Policy Stacks allow easy deployment of OPA policy across systems. DevOps teams can create a “stack” of rules and deploy that stack across multiple clusters grouped by common traits like production/staging, namespace, PCI or custom attributes.
Styra Policy Stacks enable teams to monitor groups of related systems as one, to ensure consistency and to easily identify any anomalies early.
Ensure your clusters are secure and compliant, with transparency across teams
Styra DAS provides actionable, graphical views of all admission control policy decisions/mutations, as well as any compliance violations. Dashboards give immediate insights to Security and DevOps teams, and data can be sent to external monitoring systems like Prometheus or SIEM tools.
All historical decisions can be independently searched and replayed through updated policy/rulesets, to prove to both internal and external auditors that controls are in place to meet Kubernetes security and compliance regulations.
Jumpstart deployments and ensure compliance with pre-built packs of relevant policy
Accelerate Kubernetes adoption, decrease time spent writing and configuring policies from scratch and reduce delays and risk resulting from human error.
Integrate Styra DAS guardrails into existing GitOps and CI processes and tooling
Styra DAS shifts security and compliance left to notify developers of violations earlier, so they can be fixed sooner—before being committed into production. Security and DevSecOps teams define policies once, and then check compliance at every stage: Development, Build/Test and Production.
Github and CI integrations ensure that Styra DAS stops errors and eliminates rogue deployments early, to help developers spend less time on manual remediation, and instead focus on more differentiated work.
Ready to Learn More? The Styra Whitepaper "Kubernetes Security and Compliance via Admission Control" walks through
how Kubernetes lets you extend its API server for custom rules and policies, how Styra integrates with Kubernetes Admission Control for policy enforcement and even some sample policies that will help to secure and accelerate your Kubernetes development.