Authorization for Microservices: Styra DAS

Shape

Protect APIs with Open Policy Agent

Incorporate flexible, dynamic context into authorization policy to limit lateral movement, control access and reduce risk

Styra Declarative Authorization Service—built on Open Policy Agent—provides context-aware authorization policy to tightly control communication to, from and between microservices

ServiceMesh Authorization
Authorization for Microservices

Why Styra DAS for Microservices?

Decoupling services and containerizing app code accelerates delivery and eases updates—but all those APIs must be secured against data loss

Styra DAS evaluates real-time context against custom authorization policy to tightly control microservice interaction, minimizing risk and maximizing performance.

  • Eliminate the need to build logic into services directly, or maintain multiple policy silos
  • Evaluate dynamic business context for real-time access decisions, without performance impact
  • Protect against lateral movement attacks and hot-patch policies to isolate unusual activity
  • Improve performance with central or distributed policy evaluation as needed
  • Trust the industry's only security solution built by the founders of Open Policy Agent

 

Service mesh authorization

Authz Policy Consistency

Remove authorization logic from apps, with standardized policy across microservices

Remove custom authorization logic from application code so developers can focus on more critical, differentiated features. Eliminate the need for individual service teams to implement their own bespoke rules language or policy configurations.  

With Styra DAS, services don’t need to maintain awareness of which other services might make requests against them, or contain logic for evaluating access rules. Styra provides a single management plane to decouple authorization policy from app code, minimize developer overhead and improve code maintainability. 

Microservices API Authorization

Authz Policy Distribution

Ensure authorization policy is enforced across services, without custom policy logic

Authorization/access policy is often only checked at an ingress API gateway, or siloed within services, where it’s written in different languages and built from custom-coded entitlement logic.

Styra DAS brings policy enforcement in from the gateway, without the hassles of bespoke solutions. Styra manages policy across services and proxies with a single control plane. Policies are enforced locally, and updated centrally, for comprehensive compliance and security.

Ensure authorization policy is present and effective across services. Eliminate discrete instances of custom coupled policy logic to build applications that are truly secure.  Accelerate both time-to-market and application performance.

Microservice Authz

Policy Validation and Monitoring

Ensure policy has the intended effect and monitor all decisions with real-time and historical logs

Remove anxiety from policy updates by validating all new rules and changes before implementation. Styra DAS validation means that developers can ensure authorization works as planned, to minimize risk and save manual remediation hassle.

Once policy is deployed, results are monitored in real time to provide insight into app decisions. Detailed historical logs provide not just the policy output, but the input as well, to help prove security effectiveness and communicate with security, audit and governance teams.

Get the confidence to deploy policy across services at scale. Eliminate the need for custom invention and proprietary code management, and free developers to focus on truly differentiated problems.

Service mesh API Authorization
Microservices Communication Policy
Declarative Authorization Service
for Microservices Authorization

 

Authorization. Access. Entitlements. No matter the name, the problem of controlling what-can-do-what within your applications remains the same. Styra DAS and Open Policy Agent provide the solution to enforce authorization across services consistently and at scale.

 

Let us show you proven techniques and policy, learned from production implementations across huge global corporations and cutting-edge tech powerhouses. We'll cover: 

 

  • - How to incorporate dynamic context into authorization policy
  • - How to protect your services just like you protect your externally-facing APIs
  • - How customers protect against lateral movement attacks, and hot-patch policies to isolate unusual activity 
Talk to the Team