Kubernetes Security & Compliance: Styra DAS

Shape

Open Policy Agent Across Clusters

Deploy OPA at scale with turnkey policy authoring, distribution and monitoring for Kubernetes security and compliance

Styra Declarative Authorization Service—built on Open Policy Agent—provides context-based admission control policy to mitigate risk, reduce human error and accelerate development.

Styra Kubernetes Open Policy Agent
OPA Kubernetes Webhook

Why Styra DAS for Kubernetes?

Kubernetes has evolved from experimentation to production—now teams must secure this new environment, but dynamism and scale add exponential complexity

Styra DAS was purpose-built to address today’s “Everything-as-code” requirements for security and compliance:

  • Shift security left with a declarative model that works with Kubernetes admission control webhooks to prevent risk before runtime
  • Validate policy before enforcement to eliminate human error and accidental breakages
  • Visualize admission control decisions for easy intra-department communication
  • Use built-in libraries and clear GUI to implement policy-as-code, with or without coding skills
  • Trust the industry's only security solution built by the founders of Open Policy Agent
OPA Kubernetes guardrails

Policy Design and Validation

Get to day 2 quickly with OPA policy authoring and impact analysis for admission control

The future of security is policy-as-code, but not every security team is made up of coders. That’s why Styra DAS provides both a point-and-click user interface as well as a rich code editor.

With a built-in library of best practices and security policies sourced from real-world OPA use cases, it's easy to get K8s guardrails up and running quickly.

DevOps and Platform teams can pre-run policies to analyze their impact before deployment, see where violations occur and analyze existing workloads for compliance across clusters.

OPA Kubernetes Guardrails

Policy Distribution

Mitigate risk and ensure consistency across clusters, based on namespace, labels and more

Styra Policy Stacks allow easy deployment of OPA policy across systems. DevOps teams can create a “stack” of rules and deploy that stack across multiple clusters grouped by common traits like production/staging, namespace, PCI or custom attributes.

Styra Policy Stacks enable teams to monitor groups of related systems as one, to ensure consistency and to easily identify any anomalies early.

OPA Kubernetes Webhook

Policy Monitoring and Auditing

Ensure your clusters are secure and compliant, with transparency across teams

Styra DAS provides actionable, graphical views of all admission control policy decisions/mutations, as well as any compliance violations. Dashboards give immediate insights to Security and DevOps teams, and data can be sent to external monitoring systems like Prometheus or SIEM tools.

All historical decisions can be independently searched and replayed through updated policy/rulesets, to prove to both internal and external auditors that controls are in place to meet Kubernetes security and compliance regulations.

OPA Kubernetes Compliance
Kubernetes Compliance Audit

Compliance-as-code

Jumpstart deployments and ensure compliance with pre-built packs of relevant policy

Styra Policy Packs eliminate the need to research, identify and implement baseline guardrails/policies. Packs include:
  • PCI DSS 3.2
  • Admission Control Best Practices
  • Kubernetes Pod Security Policies

Accelerate Kubernetes adoption, decrease time spent writing and configuring policies from scratch and reduce delays and risk resulting from human error. 

Kubernetes PCI DSS 3.2 Compliance
Kubernetes PCI Compliance

Shift Security Left

Integrate Styra DAS guardrails into existing GitOps and CI processes and tooling

Styra DAS shifts security and compliance left to notify developers of violations earlier, so they can be fixed sooner—before being committed into production. Security and DevSecOps teams define policies once, and then check compliance at every stage: Development, Build/Test and Production.

Github and CI integrations ensure that Styra DAS stops errors and eliminates rogue deployments early, to help developers spend less time on manual remediation, and instead focus on more differentiated work.

Shift Security Left Kubernetes
Kubernetes Compliance Software
Declarative Authorization Service
for Kubernetes Security

Ready to Learn More?  The Styra Whitepaper "Kubernetes Security and Compliance via Admission Control" walks through

how Kubernetes lets you extend its API server for custom rules and policies, how Styra integrates with Kubernetes Admission Control for policy enforcement and even some sample policies that will help to secure and accelerate your Kubernetes development.

Read the Whitepaper