Media, Social and Blogs

The Open Policy Agent is used for policy decision-making across the stack. In the case of Kubernetes, it is often used as an admission controller to protect the API Server with dynamic rules that don’t require recompilation to introduce. Today on the InfoQ Podcast, Wes Reisz speaks with Tim Hinrichs and Torin Sandall (two of the Open Policy Agent Project creators). The three talk about the project, including things like architecture, origin, community, the policy language (Rego), and, of course, performance. The podcast is an introduction to how OPA can is used across the stack for policy decisioning

Bill Mann joins TechStrong TV to talk about Styra, Open Policy Agent and cloud-native authorization.

Styra announced new compliance packs for its Declarative Authorization Service (DAS), which include MITRE ATT&CK Matrix for enterprise covering cloud-based techniques, and CIS Kubernetes Benchmarks, to ease collaboration between security and DevOps teams.

These two new turnkey compliance packs consist of best practices from the OPA community, and are the latest additions to the Styra compliance pack library, which includes PCI DSS 3.2, Admission Control Best Practices and Kubernetes Pod Security Policies.

Automating policy enforcement is a key component of ensuring development teams are releasing secure applications in today’s fast-paced, cloud-native world. Many DevSecOps teams are achieving this by utilizing policy as code. 

In this webinar, experts from Styra and Curity explore the ways of using OAuth, OpenID Connect and Open Policy Agent for fine-grained authorization in microservices and APIS.

Styra has announced new compliance packs for its Declarative Authorization Service (DAS), which include MITRE ATT&CK® Matrix for Enterprise covering cloud-based techniques, and CIS Kubernetes Benchmarks, to ease collaboration between security and DevOps teams. These two new turnkey compliance packs consist of best practices from the OPA community, and are the latest additions to the Styra compliance pack library, which includes PCI DSS 3.2, Admission Control Best Practices and Kubernetes Pod Security Policies.

Today's issue includes events affecting China, Germany, Honduras, Iran, Israel, the Democratic Peoples Republic of Korea, Russia, Sweden, the United Kingdom, the United Nations, and the United States.

By decoupling policy from applications, policy as code allows you to change the coding for policy without changing the coding for apps. Translation: reliability, uptime, and efficiency.

The focus for this post is how we arrived at an open-source solution, in the form of the Open Policy Agent (OPA) that met all of our goals for working with policy as code. Whether for infrastructure or authorisation, Kubernetes or build pipelines, OPA offers a unified way of working with policy that will only grow in importance with your organisation and tech stack.

Security architects are a critical presence in your IT department. If you haven’t already done so, it’s time to give them a seat at the table and a strong voice.

Why? The cybersecurity landscape has changed dramatically over the last several years, and what worked before doesn’t work anymore. Worse, it might seem like it still works. Until it really, really doesn’t.

Tim Hinrichs, co-creator of Open Policy Agent (OPA), and CTO and co-founder of Styra, discusses OPA and Styra momentum, including OPA's graduation in the CNCF. 

In just a few years, Open Policy Agent (OPA) has established itself as the de-facto standard for policy based guard rails around kubernetes clusters - now it's moving into our microservices! In this talk we'll explore the benefits of decoupling policy from application logic, and how OPA can help bring order to an increasingly distributed, heterogeneous and complex tech stack.

Kuma is a great way to think about putting a service mesh in place. What you can also do for this authorization system is use Open Policy Agent (OPA). The idea here is you’ve deployed the Kuma data plane and the OPA all on the same server. You can hook up Kuma to the OPA, and then whenever an external request comes in, Kuma will send the agent an authorization query that says, “Hey, is this API call authorized or not?” OPA returns that authorization decision and Kuma is responsible for enforcing that decision.

As part of the Tech Trailblazers Showcase at the London Enterprise Tech Meetup in January, Bill Mann, CEO of Styra, gives an introduction to the firm which won the Containers category in the 2020 Awards. He gives a quick explanation of how Styra is aiming to revolutionize authorization, making it code instead of being defined in PDFs, fast making it the defacto standard for authorization in cloud native environments.

What is cloud native security? What are the biggest security headaches when moving from legacy stacks to cloud native? Secure by default VS productive by default? Watch Anders Eknert and Steve Giguere answer questions about all things Cloud Native Security and share some of the worst security breaches they have experienced. This session is a recording of the Cloud Native Northern Sweden meetup that took place on March 3. Moderator: Cristian Klein, Senior Cloud Architect at Elastisys.

For when you need to deploy OPA outside of your application, here are some of the most popular OPA deployment performance models for microservices, along with some *rubs hands* experimental models that can get your creative-architectural juices flowing. No right or wrong answers; with the flexibility of OPA, this is only a matter of finding the right policy model for your environment and your latency needs. Time for the rubber to meet the road.

This post is going to outline some basics, interesting tidbits, and caveats on unit testing rego policies.

Styra enables enterprises to define, enforce and monitor policy across their cloud-native environments. With a combination of open-source (Open Policy Agent) and commercial solutions (Declarative Authorization Service), Styra provides security, operations and compliance guardrails to protect applications, as well as the infrastructure on which they run. Styra policy-as-code solutions let developers, DevOps and security teams mitigate risks, reduce human error and accelerate application development. OPA was initially proven out at scale by the likes of Netflix, Capital One, Atlassian, Pinterest and others. Two years later, it has reached the point of over 1 million downloads per week.

In this episode we invited Anders from the Open Policy Agent project and Alex one of the masterminds behind a new opensource project called KICS.

Styra has announced 2020 results, including over 300 percent growth year-over-year, 90 percent headcount increase and record-breaking open source project success.

The rapid adoption of Styra Declarative Authorization Service (DAS), the company’s turnkey enterprise security solution built on the recently graduated open-source project OPA, can be attributed to accelerating global demand for an authorization solution that meets the flexibility and scale requirements of Kubernetes and cloud-native environments—due in no small part to a newly remote workforce and need for highly available cloud-based applications and services.

Styra has announced two new additions to its senior leadership team. Steve Erickson and Paul Murphy will serve as vice presidents of engineering and sales, respectively, to support the company’s growth.

The company today also shared its 2020 results, including over 300 percent growth year-over-year, 90 percent headcount growth and record-breaking open source success with OPA.

The new hires bring policy and open source experience to help Styra expand its growing customer base, support the OPA community and provide more teams access to Styra Declarative Authorization Service (DAS), giving them guardrails for Kubernetes and microservices.

Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, today announced 2020 results, including over 300 percent growth year-over-year, 90 percent headcount increase and record-breaking open source project success. The rapid adoption of Styra Declarative Authorization Service (DAS), the company’s turnkey enterprise security solution built on the recently graduated open-source project OPA, can be attributed to accelerating global demand for an authorization solution that meets the flexibility and scale requirements of Kubernetes and cloud-native environments—due in no small part to a newly remote workforce and need for highly available cloud-based applications and services. This tremendous business momentum comes in parallel with the amazing traction of OPA, which was awarded graduated status from the Cloud Native Computing Foundation (CNCF) after meeting the foundation’s criteria for community growth and project adoption with downloads increasing from 6 million to over 35 million in 2020 alone.

The success of OPA and Styra DAS indicates an inflection point amongst enterprises—the time of digital transformation has officially arrived, and with it the need to secure and manage Kubernetes, containerized microservices and the cloud-native application development environment in general.  Styra continues to add headcount in all areas to support anticipated growth, especially in the areas of sales, engineering, customer success and developer advocacy. In 2021, the company has already made several strategic hires to its senior leadership team including naming Paul Murphy as vice president of sales and Steve Erickson as vice president of engineering.

Steve Erickson will serve as Vice President of Engineering to support Styra's innovation and growth. He brings deep policy security expertise to the engineering team as VP and will accelerate feature and product updates for Styra DAS, so more OPA users can manage policy at scale across their cloud-native environments. Styra DAS and OPA fill an important policy and security gap within the cloud-native stack, and Erickson will scale and grow the engineering team to meet market demand.

Paul Murphy will serve as Vice President of Sales to support Styra's innovation and growth. With a strong cloud-native background, Murphy will continue to help Styra customers make their digital transformations and embrace the cloud. He will show customers how to use OPA and Styra DAS to minimize risk, mitigate errors and advance security and compliance.

Privately-held Styra, the founders of Open Policy Agent (OPA) and provides of cloud-native authorization, reported over 300 percent growth year-over-year in 2020. The company's employee headcount grew by 90% during the year.

The company said the rapid adoption of its Declarative Authorization Service (DAS), the company’s turnkey enterprise security solution built on the recently graduated open-source project OPA, can be attributed to accelerating global demand for an authorization solution that meets the flexibility and scale requirements of Kubernetes and cloud-native environments—due in no small part to a newly remote workforce and need for highly available cloud-based applications and services. 

As anyone who has built or introduced a new project or product knows, success doesn’t happen overnight. It takes time and patience. When we first started the Open Policy Agent (OPA) project in 2016, we didn’t just spend all of our time on code — a lot of it was spent building awareness around the project and the community. As OPA started gaining traction, we were encouraged every time we’d hear a developer talk about OPA at a conference or mention it in a blog post.

Today, we’re humbled by OPA’s growth and even more amazed by its trajectory. We still remember our first hundred downloads and our first few slack users, and today OPA is a household name among platform engineers and application developers.

Torin Sandall, VP of Open Source at Styra, joins Tech Strong TV to talk about Open Policy Agent's Graduation in the Cloud Native Computing Foundation. 

Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, announced SugarCRM Inc., the innovator of time-aware CX, has deployed Styra Declarative Authorization Service (DAS) to dramatically cut infrastructure costs and free up DevOps and platform team resources and time, while improving security and reducing downtime. SugarCRM has moved from a manual review of workloads and YAML configurations to automated guardrails, enabling the team to spend more time on business-critical projects, accelerate time-to-market, improve reliability and ease compliance concerns.

Open Policy Agent is now officially a member of the Cloud Native Computing Foundation’s graduating class of 2021.

The open-source general purpose policy engine had experienced 91% adoption, according to an OPA user survey, and has been placed in production for major enterprises, such as Netflix Inc., Pinterest Inc., T-Mobile USA Inc. and The Goldman Sachs Group Inc.

The OPA project, created by Styra Inc., achieved graduation from CNCF after completing a security audit, addressing vulnerabilities and defining its own governance. OPA’s mission is to extend user access beyond identity management and authentication into authorized actions.

Styra DAS enables SugarCRM to improve operational efficiency, reliability and compliance preparedness while cutting costs and freeing resources to focus on business-critical projects

With Styra DAS, SugarCRM has simplified policy enforcement with a built-in library of best practices, allowing the platform team to spend less time researching which policies are important and how to write effective rules. Instead they can spend more time on differentiated work, improving platform availability and reliability, and speeding time to market. Adding to the operational efficiency, all policy decisions can be monitored in real time and tracked historically. That means SugarCRM can look back at every “allow and
deny” decision to prove to the team and their peers in security and compliance that their policy-based controls are effective over time.

theCUBE host Stu Miniman (@stu) is joined by Tim Hinrichs from Styra for a CUBE Conversation hosted from our Boston studio

The Cloud Native Computing Foundation announced the Open Policy Agent project’s graduation to join the likes of mature cloud native projects, including Kubernetes, Helm and Prometheus.

OPA was initially created by Styra before joining CNCF in 2018 as a sandbox project. The company now offers a commercial implementation branded as Declarative Authorization Service (DAS), a control plane for authoring and implementing OPA policies. 

The Cloud Native Computing Foundation (CNCF) announced the graduation of Open Policy Agent (OPA). OPA is an open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack. The project was accepted into the CNCF sandbox in April 2018 and one year later was promoted to incubation.

More than 90 individuals from approximately 30 organizations contribute to OPA, and maintainers come from four organizations, including Google, Microsoft, VMware, and Styra.

The Cloud Native Computing Foundation (CNCF) announced this week that the Open Policy Agent (OPA) project, which many IT teams are employing to manage compliance as code, has officially graduated.

Torin Sandall, co-founder of the OPA project and vice president of open source at Styra, whose compliance management platform is based on OPA, said formal recognition of OPA alongside other CNCF projects, such as Kubernetes, should help further adoption of the open source project that first took shape in 2016.

Open Policy Agent has been adopted widely in production by organizations like Goldman Sachs, Netflix, Pinterest, T-Mobile, and many others. According to a recent OPA user survey of more than 150 organizations, 91% indicated they use OPA in some stage of OPA adoption from QA to production. More than half indicated they use OPA for at least two use cases. The most common use cases for OPA are configuration authorization (such as Kubernetes admission control) and API authorization. The project has successfully integrated with several CNCF projects, including Kubernetes, Envoy, CoreDNS, Helm, SPIFFE/SPIRE, and more. It also integrates with Gatekeeper to provide a Kubernetes-native experience for admission policy enforcement and auditing.

The cloud native policy enforcement engine is used in production by organizations like Goldman Sachs, Netflix, Pinterest, and T-Mobile 

OPA is an open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack. The project was accepted into the CNCF sandbox in April 2018 and one year later was promoted to incubation. More than 90 individuals from approximately 30 organizations contribute to OPA, and maintainers come from four organizations, including Google, Microsoft, VMware, and Styra.

The Cloud Native Computing Foundation (CNCF) announced the graduation of Open Policy Agent (OPA). The project has been adopted widely in production by organizations like Goldman Sachs, Netflix, Pinterest, T-Mobile, and many others.

The most common use cases for OPA are configuration authorization (such as Kubernetes admission control) and API authorization. The project has successfully integrated with several CNCF projects, including Kubernetes, Envoy, CoreDNS, Helm, SPIFFE/SPIRE, and more. It also integrates with Gatekeeper to provide a Kubernetes-native experience for admission policy enforcement and auditing.

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, today announced the graduation of Open Policy Agent (OPA). OPA has demonstrated widespread adoption, an open governance process, feature maturity, and a strong commitment to community, sustainability, and inclusivity to graduate.

his is the moment you have all been waiting for. It is time to announce the honorees for the 2020 DevOps Dozen² Awards, and we couldn’t be more excited to share the names of the most outstanding leaders and tools in the DevOps community. Although, I must say, all the finalists have done an amazing job at making the DevOps community better through their mentorship, service and innovative ideas, and every single one is deserving of special recognition.

Devops teams are flocking to GitOps strategies to accelerate development time frames and eliminate cloud misconfigurations. They should adopt a similar ‘as-code’ approach to policy.

Meet the cyber security startups that are working on revolutionary products and services that protect individuals, businesses and governments from the bad guys online.

As part of our annual predictions series for 2021, VMblog asked a number of different industry experts to share their thoughts about the new year.

In episode 3, we hear from these experts: Kendall Miller, President, Fairwinds; Ken Grohe, President and CRO, Weka; David Somo, SVP Corporate Strategy, On Semiconductor; Bill Mann, CEO, Styra; Tarun Desikan, Co-Founder and COO, Banyan Security.

Watch as these experts talk about their 2021 predictions and share their thoughts around the future of technology within the IT industry.

As part of our annual #predictions series for 2021, VMblog (https://vmblog.com) asked a number of different industry experts to share their thoughts about the new year. In episode 3, we hear from Bill Mann, CEO of Styra, among others.

Styra gives an overview, with use cases, of Open Policy Agent (OPA) and provides insights into the evolution of access control -- Identity and authorization in distributed systems -- at API Belgium's virtual January Meetup. 

Across nearly every industry, technology continues to play an increasingly important role in the workplace. This widespread infusion of technology presents an ideal opportunity for various departments to collaborate with the tech team.

This is especially true for marketing and communications teams, where targeting and outreach are becoming more analytical. Below, the members of Forbes Technology Council share 14 potential projects in which your company’s marketing and tech teams can work together for better outcomes.

Bill Mann, CEO of Styra shares his predictions for 2021, including that security architects will have a strong voice as their architectures will be applied both across the production environments and the development environments. Their focus will be on standardization and implementing security at an earlier stage.

Without the right policies in place, the extensive power of Kubernetes can result in consequences that are as grand as the designs. Fortunately, Kubernetes provides the ability to set policies that can limit those consequences, by checking for — and preventing — deployment mistakes from ever making it into production. To ensure that your teams’ apps aren’t more consequence than confidence, here are the top five Kubernetes admission control policies that you should have running in your cluster right now.

Shadow IT is officially behind us, thanks to standardization, plus tighter interaction between security teams and LOB. But Shadow IT 2.0 is looming, with the star of the show shifting from SaaS to PaaS (platform as a service). With the emergence of public cloud infrastructure, development teams can, for the first time, deploy, configure and manage their own application infrastructure – all without the need to ask permission from IT.

After a brief introduction to the technologies involved, we'll take a deep dive into an architecture utilizing OAuth2 and OpenID Connect for carrying identity across our distributed systems, and how once identity is established, we may leverage Open Policy Agent (OPA) for fine-grained policy based access control in our APIs. We'll learn how to use Rego, the policy language used by OPA, to write concise and clear policies for access control, as well as methods for distributing them across our platforms and how to monitor policy enforcement in real-time.

Automated, consistent policy reduces the risk of user error, removes undifferentiated heavy lifting between repeated tasks, and makes it seamless to onboard new employees and new applications because they’ll have guardrails already in place. It also means that this time, security can be built in from the start instead of added after implementation.

So, where do you start?

As companies embrace cloud native, software-defined development strategies to deliver immense value at unprecedented speed, they are running headlong into the challenge of solving authorization among and between the core components of the cloud native stack. For many companies, OPA represents a way to unify authorization and policy across every cloud environment — and of bringing authorization, itself, into the cloud native era.

How Open Policy Agent allows developer teams to write and enforce consistent policy and authorization across multicloud and hybrid cloud environments.

Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, announced the company’s top five predictions for 2021.

These trends foretell broad-scale changes in the enterprise in 2021 changes that are not limited to technology, but every facet of enterprise business, from company culture, to sales, to talent organization, to the rest of the organization. With these enterprise shifts, inevitably, will come the need for unified authorization across every layer of the cloud-native stack.

A code review process can go more smoothly—and catch more potential problems—if tech teams follow tested best practices. Below, 10 tech leaders from Forbes Technology Council, including Bill Mann from Styra, share helpful strategies for companies looking to implement or perfect a code review process.

Styra has been named the winner in the 2020 Tech Trailblazers Containers category. 

This category is open to all private companies, privately funded or VC backed (Series C or earlier), under six years old. It seeks to recognize the early stage companies who are delivering next generation application infrastructure that help containers evolve from developer laptops to full scale enterprise production success stories.

Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, announced the company’s top five predictions for 2021.

These trends foretell broad-scale changes in the enterprise in 2021 changes that are not limited to technology, but every facet of enterprise business, from company culture, to sales, to talent organization, to the rest of the organization. With these enterprise shifts, inevitably, will come the need for unified authorization across every layer of the cloud-native stack.

Tim Hinrichs, CTO and co-founder of Styra, was named a runner up in the 2020 Male CxO Trailblazers Award.

Male CxO’s within enterprise tech startups demonstrating key qualities and proven achievements: driving company innovation, proof of leadership, implementing and encouraging agile practices, promoting diversity within the company, and contribution to the wider tech community.

For better or worse, how containers are used on Amazon Web Services will impact the technology’s future. So, for better or worse, it is necessary to track this, which is what AWS developer advocate and Cloud Native Computing Foundation (CNCF) ambassador Michael Hausenblas has done for the second consecutive year. The AWS Container Security Survey 2020 had 156 respondents, of which half used the Elastic Kubernetes Service (EKS) on the Elastic Cloud Compute (EC2) service. In addition, 36% are running a container service on top of AWS Fargate, but with about half of this group exclusively relying on AWS ECS.

In this talk, we will describe how OPA can assist in the secure distribution of policies and data by creating a “Signed Bundle” - a bundle that is digitally signed so that industry-standard cryptographic primitives can verify its authenticity. Our demo will show an end-to-end flow of generating and validating a “signed bundle” and also how this reduces OPA’s attack surface.

SPIRE solves authentication by creating an identity plane across varied infrastructure over which cryptographically verifiable identities such as JWTs are delivered securely to workloads. OPA provides a policy engine that can be used to enforce fine-grained authorization policies across the stack. We will show how SPIRE issued JWT SVID claims created using SPIRE’s OIDC Federation can be used by OPA to enforce service-to-service and end-user access control in microservice environments without compromising on speed and availability.

OPA is a general-purpose policy engine that solves a number of policy-related use cases for Kubernetes, microservices, CI/CD, cloud, and more. During this session the OPA maintainers will introduce the project for newcomers and then provide updates on the latest and greatest features landing in OPA and OPA Gatekeeper. If you are interested in policy and security as it relates to cloud native technology, this session is for you.

Styra is now a member of the Amazon Web Services (AWS) Partner Network (APN)  and all three editions of Styra Declarative Authorization Service (DAS) — Free, Pro and Enterprise — are available in AWS Marketplace. Styra DAS is the fastest and easiest way to operationalize OPA at scale across Kubernetes, microservices or custom APIs, and now platform engineers and application development teams have an additional way to access Styra DAS directly through AWS Marketplace. 

Styra has been named a finalist in the 2020 DevOps Dozen² Awards "Best Cloud Native Security Solution/Service" category. Open Policy Agent has also been named a finalist, but in the "Most Innovative DevOps Open Source Project." 

For six years in a row, the awards have been honoring the most outstanding leaders in the DevOps community. This year, the awards program was expanded to include two different sections: DevOps Dozen Tools and Services Awards and DevOps Dozen Community Awards.

As enterprises and cloud services providers rapidly adopt Kubernetes to undergird modern applications, a new generation of startups is emerging to enhance the core technology with deeper observability, code delivery and integration, management and security features.

The following are 10 red-hot startups making waves across the Kubernetes ecosystem.

Long, long before we were coding policy enforcement into our clouds, we tried to code it into our programs. Most of the answers we created were hard-coded, difficult to maintain, and nigh unto impossible to update. But, in 2016, Open Policy Agent for cloud native environments was created, and policy enforcement in code became much more practical. Now, its developers, under their company, Styra, have announced a new three-tier product offering for Styra Declarative Authorization Service (DAS).

The new DAS Free and DAS Pro editions, along with the existing DAS Enterprise, give teams of any size and stage a budget-friendly and fast option to operationalize OPA at scale for Kubernetes. Platform engineers and teams can now deploy DAS in just minutes and have access to more than 100 built-in policies, as well as full enterprise-grade monitoring, impact analysis and decision logging. These new offerings enable a self-service experience and eliminate the need for learning and custom coding OPA policies for Kubernetes admission control. 

Kubernetes Admission Control is not only powerful but is fast becoming a mandatory tool for securing Kubernetes. Strategies like RBAC, trusted repositories and runtime — while wonderful and necessary in their own right — are simply not enough.

To understand why developers need Admission Control, let’s first take a look at the limitations of RBAC, trusted repositories and runtime tools.

The new DAS Free and DAS Pro editions, along with the existing DAS Enterprise, give teams of any size and stage a budget-friendly and fast option to operationalize OPA at scale for Kubernetes. Platform engineers and teams can now deploy DAS in just minutes and have access to more than 100 built-in policies, as well as full enterprise-grade monitoring, impact analysis and decision logging. These new offerings enable a self-service experience and eliminate the need for learning and custom coding OPA policies for Kubernetes admission control.

Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, today announced a new three-tier product offering for Styra Declarative Authorization Service (DAS). The new DAS Free and DAS Pro editions, along with the existing DAS Enterprise, give teams of any size and stage a budget-friendly and fast option to operationalize OPA at scale for Kubernetes.

With the new Styra DAS editions (DAS Free and DAS Pro), platform engineers are now able to get started with DAS Free, a completely free, self-service option for up to two clusters or 10 nodes to streamline the adoption process. For teams with larger production scale needs, DAS Pro offers a clear and transparent pricing model, for up to 50 nodes, to protect and manage Kubernetes clusters as they grow from initial testing/deployment to full production environments.

In this episode of The New Stack Makers podcast, five guests each offer a hands-on “lightning demo” of their respective open source cloud native projects, as a teaser for next week’s Cloud Native Computing Foundation’s KubeCon + CloudNativeCon North America.

In his demo, Torin Sandall, VP of Open Source at Styra, showed how Open Policy Agent works for microservices API authorization. The demo application consisted of a service offering employee profiles for a company.

Developing software applications is an important endeavor for many companies. It’s also a very expensive one—and the costs aren’t always apparent upfront. The time and resources required to build a successful app can quickly deplete a development team’s budget and energy. We asked the members of Forbes Technology Council how to counteract some common “resource bleeds” in app development operations. Their best tips are below.

Adam welcomes Torin Sandall to the show. Torin is the Vice President of Open Source at Styra and the co-creator of Open Policy agent.

Adam & Torin discuss the origin of the project, why create new language from scratch called Rego, why that language is awesome, how Adam fell in love with Conftest, and how to use all these tools to create more secure systems.

My focus is on security, so a lot of my discussion with them focused on security. One of the big things that captured my attention was their Open Policy Agent (OPA). This tool was developed as an open source method of providing admission control for microservices and containers. Rather than letting developers create more and more containers to accomplish a goal, or worse yet, have dozens created under their IDs in an attack, Styra OPA allows you to set rules and conditions for admission control.

Learn how companies like Netflix, Pinterest, Yelp, Chef, and Atlassian use OPA for ‘who-and what-can-do-what’ application policy.

Applications architected as microservices are becoming more prevalent every day, but just like their monolithic ancestors, microservice applications must adhere to organization-wide constraints around compliance, security, performance, etc. Authorization, controlling which people and machines can perform which actions, is a foundational security problem that requires new solutions in a microservice world because of changes in requirements around performance, availability, and even where authorization gets enforced architecturally.

This talk discusses describes taking a policy-as-code approach, where authorization policies are decoupled from the underlying microservices yet employ a shared-fate evaluation model so that policies are consistent, enforced consistently, meet high-availability and performance demands, and enable relatively rapid security reviews and hot-patching. Specifically, we describe how to employ the Open Policy Agent for a unified approach to policy-as-code, where policies are enforced through the Kuma service mesh.

Today, authorization refers not only to people, accounts and roles and the permissions they have but — crucially — also to infrastructure authorization. The entire tech stack today is now software-defined. The controls of "who or what can do what" are more important than ever — and they can only be effective if they, too, are software-defined.

In other words, we've moved from just "Who can do what?" to "What can do what?"

OPA (pronounced “oh-pa!” like a thrown plate) is a unified toolset and framework for policy enforcement across your whole cloud native stack. Torin Sandall, VP of open source and co-creator of OPA at Styra, will demonstrate how OPA aims to decouple policy decision-making from policy enforcement, so that you can release, analyze and review policies, compliance and security, while not seeing a drop in performance or availability.

Eric Anderson catches up with Torin Sandall, co-creator of Open Policy Agent (OPA), the open-source, general-purpose policy engine. By focusing on demonstrating OPA’s value through case studies, targeted interviews, and word-of-mouth, Torin and the folks at Styra were able to grow OPA into the emerging standard for unified policy enforcement across the cloud-native stack.

With so many tasks on their to-do list, tech leaders often don’t have much time left to source and recruit top talent for open positions on the team. That’s why we asked the members of Forbes Technology Council how they manage to balance their talent search with their heavy workloads. Try these 14 innovative strategies to build out your dream tech team.

Open Policy Agent addresses Kubernetes authorization challenges with a full toolkit for integrating declarative policies into any number of application and infrastructure components.

Join Paavan, and the co-creators of OPA (Tim Hinrichs and Torin Sandall) as we dive in to look at managing your security policy using OPA and Styra Declarative Authorization Service. 

Here is a quick introduction to Open Policy Agent (OPA), which is now a Cloud Native Computing Foundation incubating project, and which provides an open source, general-purpose policy engine for cloud infrastructure.

KubeCon + CloudNativeCon EU is continuing through tomorrow. Here are a few more highlights from the event, including Styra providing long term support and new online academy for Open Policy Agent. 

As companies move from experimentation towards production, reducing risk becomes more critical.  One way some teams mitigate risk is by limiting when new features and functionality can be deployed. Styra Essentials limits the risk often associated with new features, while still providing security-related updates on a schedule that can be managed by companies for which outage windows, patches and updates are closely managed.

Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, today announced that Styra Essentials now includes Long Term Support for Open Policy Agent, enabling companies in highly regulated industries to take advantage of cloud-native authorization policy. Highly regulated industries typically limit how often companies can update their software in order to reduce new risks. Styra Essentials solves this problem with a vetted,  semi-annual version of OPA that includes critical fixes and security patches, as well as Styra Essentials 24x7 support.

Cloud-native organizations embracing microservices are running into an unavoidable security question: how to handle microservice authorization controls?  

During my time at both CA and at Centrify, I witnessed the transition from built-in, local, native, per-service authentication to shared, externalized, standards-based authentication. The security industry must make the same paradigm shift for authorization—with proven, industry-accepted standards that enterprises can easily operationalize. That change is already underway.

Created four years ago as an open-source, domain-agnostic policy engine, OPA is becoming the de facto standard for cloud-native policy. As a matter of fact, OPA is already employed in production by companies like Netflix, Pinterest, and Goldman Sachs, for use cases like Kubernetes admission control and microservices API authorization. OPA also powers many of the cloud-native tools you already know and love, including the Atlassian suite and Chef Automate.

Everything that the team at Styra continues to build brings us ever closer to achieving our plan—from developing Rego, to contributing OPA to the CNCF, to building Styra Declarative Authorization Service as our OPA control plane, to enhancing each with new features based on community learnings and best practices. And now, we’ve taken our next big step forward by “democratizing” policy authorization with the Rego Policy Builder. 

Styra announced Rego Policy Builder for the Styra Declarative Authorization Service (DAS).

With Rego Policy Builder, DevOps/platform teams can more easily build authorization policy in Styra DAS, with a point-and-click interface that speeds development of new rules and provides a policy interface that is easy to read.

Continuing the vision of the OPA founders, this latest enhancement to the OPA control plane empowers more teams to take advantage of the speed and security of policy-as-code for unified authorization.

Styra this week launched a declarative tool that enables cybersecurity teams to generate authorization policies that can be implemented programmatically by a DevOps team.

Company CEO Bill Mann said Rego Policy Builder for the Styra Declarative Authorization Service (DAS) is intended to help organizations bridge the divide between cybersecurity teams that define policies and developers that are increasingly being tasked with implementing them.

The Styra DAS Rego Policy Builder provides a streamlined, graphical, purpose-built, point and click policy interface for OPA authorization rules. This visualization of policy-as-code enables DevOps, security and compliance teams to take advantage of the speed and security of OPA, without investing up-front time to learn all the details of its custom policy language, speed development of sophisticated security, compliance and operational rules for modern cloud-native applications, and more easily communicate across teams to prove that security is in place, and built as intended.

With Rego Policy Builder, DevOps/platform teams can more easily build authorization policy in Styra DAS, with a point-and-click interface that speeds development of new rules and provides a policy interface that is easy to read. Continuing the vision of the OPA founders, this latest enhancement to the OPA control plane empowers more teams to take advantage of the speed and security of policy-as-code for unified authorization.

Former software engineer and now CEO, Bill Mann, joins Coruzant Technologies for the Digital Executive podcast. He shares how Styra, Open Policy Agent (OPA) and Declarative Authorization Service (DAS) provide security, operations and compliance guardrails for the cloud environment.

Styra Inc. is offering a double-barreled approach to bolstering security and compliance in the cloud-native world.

Through the company’s open-source Open Policy Agent, software developers can apply security and compliance policies to the Kubernetes container orchestration platform. Styra is also providing a software-as-a-service declarative authorization service product — Styra DAS — to help enterprises ensure that workloads are compliant with internal and external regulation.

Bill Man, CEO of Styra, discusses the creation of Open Policy Agent and Styra DAS with theCube. Mann also talks about the cloud-native space and why policy-as-code guardrails are essential. 

In this episode, we sat down with Tim Hinrichs, a co-founder of the Open Policy Agent project and CTO of Styra. We talked about why he created Styra and its relationship with Open Policy Agent (a project that was contributed to CNCF). We also talked about Styra Declarative Authorization Service (DAS) and why Styra is focussing on the Kubernetes use case.

The Business Intelligence Group today announced the winners of the 2020 Fortress Cyber Security Awards. The business award program sought to identify and reward the world's leading companies and products that are working to keep our data and electronic assets safe among a growing threat from hackers.

Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, today announced that Styra Declarative Authorization Service (DAS) has won the Business Intelligence Group 2020 Fortress Cyber Security Award in the Compliance category. The industry awards program recognizes Styra for being among the world’s leading companies and products working to keep data and electronic assets safe as security threats continue to grow. 

Kubernetes is the most popular container orchestration platform in today's cloud-native ecosystem. Consequently, Kubernetes is also an area of increased interest and attention.

In this blog post, first I will discuss the Pod Security Policy admission controller. Then we will see how Open Policy Agent can implement Pod Security Policies.

Mike Vizard speaks with Tim Hinrichs, CTO of Styra, about additions to its Declarative Authorization Service for microservices security and compliance.

With authorization for microservices, Styra DAS helps operationalize the service mesh by controlling what APIs can be executed on what services, both on ingress and egress. As companies increase deployments and software scales to customer demands, these controls are critical in ensuring cloud-native applications adhere to data privacy and compliance regulations, as well as risk mitigation.

Styra today announced it has extended the Styra Declarative Authorization Service (DAS) for automating compliance management to now include support for both microservices and the service mesh platforms that are relied on to manage them.

Company CTO Tim Hinrichs says Styra Declarative Authorization Service can now be employed to ensure compliance by attaching open source Open Policy Agent (OPA) software on which Styra DAS relies as a sidecar using containers.

 Styra Declarative Authorization Service (DAS) now supports microservices and extends context-based authorization to the service mesh. This new use case is the second addition to the company's turnkey enterprise security solution, which is built on OPA. 

Built on Open Policy Agent, Styra is the first and only company to solve authorization for both Kubernetes and Microservices. 

Styra DAS provides security, compliance and operational guardrails for both Kubernetes and microservices to help customers mitigate risk, reduce errors and accelerate software development. With OPA at its core, Styra DAS provides a single control plane for authorization both within applications and for the infrastructure they run upon. 

Styra DAS was introduced in 2019 to help enterprises set up policy-as-code guardrails for Kubernetes, ensuring that workloads are compliant with both internal and external regulations. Now, with support for microservices, Styra DAS provides unified policy across two crucial layers of the new software stack: Kubernetes and microservices.

Tim Hinrichs and Torin Sandall are the creators of Open Policy Agent (OPA), a project which allows policy to be integrated with popular cloud native software (including Kubernetes and Envoy) or anything you write yourself. Adam and Craig discuss OPA with Tim and Torin after the news of the week.

Open Policy Agent has turned heads among IT shops for Kubernetes compliance as code, and its commercial backer looks to capitalize on that momentum with new enterprise features.

The company, Styra, offers IT compliance as code and technical support based on the Open Policy Agent (OPA), which caught the attention of Kubernetes security practitioners last year. The OPA is a declarative means to apply security and compliance policies to the container orchestration platform.

Talks focused on Open Policy Agent (OPA) are featured prominently in the agenda for KubeCon + CloudNativeCon Europe — 15 OPA-focused sessions were accepted from users at Google, City of Ottawa Ada Health and more — signaling the importance of authorization in the cloud.

While the event and those talks are now on hold until August, that doesn’t mean we should postpone learning more about authorization within applications, across Kubernetes clusters and on top of a service mesh. 

Styra today announced it has added support for Kubernetes Mutating Webhooks and a new compliance pack for pod security policies (PSP) to its software-as-a-service (SaaS) platform for managing container compliance.

Bill Mann , CEO of Styra, says Styra DAS is designed to enable DevOps teams to more easily author, distribute, monitor and analyze instances of compliance as code built using OPA. Rather than having to perform those tasks manually, Styra DAS provides access to a control plane to manage that process end to end, he says.

As enterprises move containerized/cloud-native applications into production, they must ensure that workloads are secure and compliant with relevant regulations before they reach runtime. This can require manual reviews and operational overhead, both of which can lead to operational errors, risk and interruptions that slow developer productivity.

Styra mitigates these risks with guardrails that integrate with Kubernetes to allow only what’s right, minimizing human error and preventing non-compliant workloads from ever reaching production.

Styra announced new enhancements to their Declarative Authorization Service (DAS), including support for Kubernetes mutating webhooks and new compliance pack for pod security policies.

Styra DAS, the company’s first commercial product, is a management plane that enables Developers and DevOps teams to operationalize OPA authorization policies. These new enhancements extend the Styra DAS security and compliance solution for Kubernetes, enabling DevOps to author, distribute, monitor, audit and perform impact analysis for OPA policy-as-code guardrails, with a consistent framework.

Adding support for Kubernetes mutating webhooks enables Styra policies to go beyond "allow or deny," to automatically append, update or add relevant parameters to ensure workloads are compliant before they reach production.

The new Pod security policies (PSP) pack extends the existing best practices and PCI DSS 3.2 policy packs, all of which eliminate the need to research, identify and implement baseline guardrails/policies for Kubernetes. 

Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, today announced new enhancements to their Declarative Authorization Service (DAS), including support for Kubernetes mutating webhooks and new compliance pack for pod security policies.

These new enhancements extend the Styra DAS security and compliance solution for Kubernetes, enabling DevOps to author, distribute, monitor, audit and perform impact analysis for OPA policy-as-code guardrails, with a consistent framework.

Torin Sandall of Styra and Open Policy Agent discussed OPA and policy engines and how they can benefit software projects security and compliance.

He also discussed how policy engines can be leveraged in combination with authentication protocols, such as OAUTH, to create a Authentication, Authorization, and Account (AAA) stack within applications.

Styra, Inc., the founders of Open Policy Agent and leaders in cloud-native authorization, today announced that it has successfully completed the Service Organization Control (SOC) 2 Type I audit for the Styra Declarative Authorization Service (DAS). 

The SOC 2 audit addresses controls relevant to security, availability and processing integrity of the systems the service organization uses to process users’ data, and the confidentiality and privacy of the information these systems process.

The application development market is moving to containerised “cloud-native” application architectures and away from monolithic apps. 

In the speed of this new world, businesses must continue to be efficient, while also mitigating risk and reducing errors.  The only answer?  Automated authorisation, or policy-as-code.

In order to operationalize cloud-native technologies for widespread enterprise use at scale...three core challenges [Governance, security and compliance] suddenly become top of mind.

Such is the strategy of Styra, the vendor behind the open-source Open Policy Agent project. The idea of OPA is to establish a lightweight, standard approach to representing and enforcing policies across the Kubernetes landscape. Today, Styra is ramping up its efforts to commercialize OPA, offering declarative authorization for securing Kubernetes...

To understand the current and future state of Kubernetes (K8s) in the enterprise, we gathered insights from IT executives at 22 companies. We asked, "What are the most common failures you see with K8s?" Typically these failures are the function of a lack of knowledge and skill, highly complex technology, lack of planning for security, and day-two operations...

To understand the current and future state of Kubernetes (K8s) in the enterprise, we gathered insights from IT executives at 22 companies. We asked, "What are the most important elements of implementing K8s for orchestrating containers?" Here’s what we learned...

A look at three use cases where organizations used Open Policy Agent to reliably automate cloud-based access policy control.

Every product or service has a unique way of handling policy and authorization: who-can-do-what and what-can-do-what. In the cloud-native world, authorization and policy are more complex than ever before. As the cloud-native ecosystem evolves...

Gartner recently included container security as one of its Top 10 Security Projects for 2019. However, container technology remains something of a mystery to many cybersecurity pros.

That unfamiliarity is complicated by a lack of adequate tools on this front: ESG data says that more than 30% of security pros indicate that their organization's current security solutions don't support containers and that most of the specialized tools available...

As founders and maintainers of the Open Policy Agent project (OPA), Teemu Koponen, Torin Sandall and I are pleased to be looking back at the project’s first three years and recognizing a significant milestone. At KubeCon in Barcelona, we were overwhelmed by support—many people and companies that we have had no interaction with were extolling the virtues of OPA Policy and claiming that OPA “was everywhere.” This followed...

A Kubernetes-friendly compliance as code project hosted by the CNCF has caught on among large enterprises in the first half of 2019, largely through word of mouth.

An open source compliance as code project has gained a groundswell of popularity over the last six months among enterprise IT pros, who say it simplifies and standardizes Kubernetes policy management...

Tim Hinrichs, CTO and Co-Founder of Styra and Co-Founder of Open Policy Agent, sees the world of Kubernetes security and compliance evolving rapidly. Here, he shares insights about how software development teams are “shifting security left,” focusing on prevention, rather than detection...

To understand the current and future state of DevSecOps, we gathered insights from 29 IT professionals in 27 companies. We asked them, "What do you consider to be the most important elements of a successful DevSecOps implementation?" Here's what they told us...

At the KubeCon + CloudNativeCon Europe 2019 conference this week, Styra announced it has extended the policy management engine it created for Kubernetes clusters to provide additional integrations and controls intended to advance best DevSecOps practices.

The Styra Declarative Authorization Service (DAS) is based on the open source Open Policy Agent (OPA) software the company developed...

Policy engine Open Policy Agent, or OPA for short, has been accepted into the incubator of the Cloud Native Computing Foundation (CNCF). The project joined the CNCF’s sandbox in March 2018 and is now expected to graduate within the next two years.

To get into the incubating stage of the CNCF, a project needs at least two members of the technical oversight committee as sponsors, and it must document that it is successfully...