Media, Social and Blogs

Mike Vizard speaks with Tim Hinrichs, CTO of Styra, about additions to its Declarative Authorization Service for microservices security and compliance.

With authorization for microservices, Styra DAS helps operationalize the service mesh by controlling what APIs can be executed on what services, both on ingress and egress. As companies increase deployments and software scales to customer demands, these controls are critical in ensuring cloud-native applications adhere to data privacy and compliance regulations, as well as risk mitigation.

Styra today announced it has extended the Styra Declarative Authorization Service (DAS) for automating compliance management to now include support for both microservices and the service mesh platforms that are relied on to manage them.

Company CTO Tim Hinrichs says Styra Declarative Authorization Service can now be employed to ensure compliance by attaching open source Open Policy Agent (OPA) software on which Styra DAS relies as a sidecar using containers.

 Styra Declarative Authorization Service (DAS) now supports microservices and extends context-based authorization to the service mesh. This new use case is the second addition to the company's turnkey enterprise security solution, which is built on OPA. 

Built on Open Policy Agent, Styra is the first and only company to solve authorization for both Kubernetes and Microservices. 

Styra DAS provides security, compliance and operational guardrails for both Kubernetes and microservices to help customers mitigate risk, reduce errors and accelerate software development. With OPA at its core, Styra DAS provides a single control plane for authorization both within applications and for the infrastructure they run upon. 

Styra DAS was introduced in 2019 to help enterprises set up policy-as-code guardrails for Kubernetes, ensuring that workloads are compliant with both internal and external regulations. Now, with support for microservices, Styra DAS provides unified policy across two crucial layers of the new software stack: Kubernetes and microservices.

Tim Hinrichs and Torin Sandall are the creators of Open Policy Agent (OPA), a project which allows policy to be integrated with popular cloud native software (including Kubernetes and Envoy) or anything you write yourself. Adam and Craig discuss OPA with Tim and Torin after the news of the week.

Open Policy Agent has turned heads among IT shops for Kubernetes compliance as code, and its commercial backer looks to capitalize on that momentum with new enterprise features.

The company, Styra, offers IT compliance as code and technical support based on the Open Policy Agent (OPA), which caught the attention of Kubernetes security practitioners last year. The OPA is a declarative means to apply security and compliance policies to the container orchestration platform.

Talks focused on Open Policy Agent (OPA) are featured prominently in the agenda for KubeCon + CloudNativeCon Europe — 15 OPA-focused sessions were accepted from users at Google, City of Ottawa Ada Health and more — signaling the importance of authorization in the cloud.

While the event and those talks are now on hold until August, that doesn’t mean we should postpone learning more about authorization within applications, across Kubernetes clusters and on top of a service mesh. 

Styra today announced it has added support for Kubernetes Mutating Webhooks and a new compliance pack for pod security policies (PSP) to its software-as-a-service (SaaS) platform for managing container compliance.

Bill Mann , CEO of Styra, says Styra DAS is designed to enable DevOps teams to more easily author, distribute, monitor and analyze instances of compliance as code built using OPA. Rather than having to perform those tasks manually, Styra DAS provides access to a control plane to manage that process end to end, he says.

As enterprises move containerized/cloud-native applications into production, they must ensure that workloads are secure and compliant with relevant regulations before they reach runtime. This can require manual reviews and operational overhead, both of which can lead to operational errors, risk and interruptions that slow developer productivity.

Styra mitigates these risks with guardrails that integrate with Kubernetes to allow only what’s right, minimizing human error and preventing non-compliant workloads from ever reaching production.

Styra announced new enhancements to their Declarative Authorization Service (DAS), including support for Kubernetes mutating webhooks and new compliance pack for pod security policies.

Styra DAS, the company’s first commercial product, is a management plane that enables Developers and DevOps teams to operationalize OPA authorization policies. These new enhancements extend the Styra DAS security and compliance solution for Kubernetes, enabling DevOps to author, distribute, monitor, audit and perform impact analysis for OPA policy-as-code guardrails, with a consistent framework.

Adding support for Kubernetes mutating webhooks enables Styra policies to go beyond "allow or deny," to automatically append, update or add relevant parameters to ensure workloads are compliant before they reach production.

The new Pod security policies (PSP) pack extends the existing best practices and PCI DSS 3.2 policy packs, all of which eliminate the need to research, identify and implement baseline guardrails/policies for Kubernetes. 

Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, today announced new enhancements to their Declarative Authorization Service (DAS), including support for Kubernetes mutating webhooks and new compliance pack for pod security policies.

These new enhancements extend the Styra DAS security and compliance solution for Kubernetes, enabling DevOps to author, distribute, monitor, audit and perform impact analysis for OPA policy-as-code guardrails, with a consistent framework.

Torin Sandall of Styra and Open Policy Agent discussed OPA and policy engines and how they can benefit software projects security and compliance.

He also discussed how policy engines can be leveraged in combination with authentication protocols, such as OAUTH, to create a Authentication, Authorization, and Account (AAA) stack within applications.

Styra, Inc., the founders of Open Policy Agent and leaders in cloud-native authorization, today announced that it has successfully completed the Service Organization Control (SOC) 2 Type I audit for the Styra Declarative Authorization Service (DAS). 

The SOC 2 audit addresses controls relevant to security, availability and processing integrity of the systems the service organization uses to process users’ data, and the confidentiality and privacy of the information these systems process.

The application development market is moving to containerised “cloud-native” application architectures and away from monolithic apps. 

In the speed of this new world, businesses must continue to be efficient, while also mitigating risk and reducing errors.  The only answer?  Automated authorisation, or policy-as-code.

In order to operationalize cloud-native technologies for widespread enterprise use at scale...three core challenges [Governance, security and compliance] suddenly become top of mind.

Such is the strategy of Styra, the vendor behind the open-source Open Policy Agent project. The idea of OPA is to establish a lightweight, standard approach to representing and enforcing policies across the Kubernetes landscape. Today, Styra is ramping up its efforts to commercialize OPA, offering declarative authorization for securing Kubernetes...

To understand the current and future state of Kubernetes (K8s) in the enterprise, we gathered insights from IT executives at 22 companies. We asked, "What are the most common failures you see with K8s?" Typically these failures are the function of a lack of knowledge and skill, highly complex technology, lack of planning for security, and day-two operations...

To understand the current and future state of Kubernetes (K8s) in the enterprise, we gathered insights from IT executives at 22 companies. We asked, "What are the most important elements of implementing K8s for orchestrating containers?" Here’s what we learned...

A look at three use cases where organizations used Open Policy Agent to reliably automate cloud-based access policy control.

Every product or service has a unique way of handling policy and authorization: who-can-do-what and what-can-do-what. In the cloud-native world, authorization and policy are more complex than ever before. As the cloud-native ecosystem evolves...

Gartner recently included container security as one of its Top 10 Security Projects for 2019. However, container technology remains something of a mystery to many cybersecurity pros.

That unfamiliarity is complicated by a lack of adequate tools on this front: ESG data says that more than 30% of security pros indicate that their organization's current security solutions don't support containers and that most of the specialized tools available...

As founders and maintainers of the Open Policy Agent project (OPA), Teemu Koponen, Torin Sandall and I are pleased to be looking back at the project’s first three years and recognizing a significant milestone. At KubeCon in Barcelona, we were overwhelmed by support—many people and companies that we have had no interaction with were extolling the virtues of OPA Policy and claiming that OPA “was everywhere.” This followed...

A Kubernetes-friendly compliance as code project hosted by the CNCF has caught on among large enterprises in the first half of 2019, largely through word of mouth.

An open source compliance as code project has gained a groundswell of popularity over the last six months among enterprise IT pros, who say it simplifies and standardizes Kubernetes policy management...

Tim Hinrichs, CTO and Co-Founder of Styra and Co-Founder of Open Policy Agent, sees the world of Kubernetes security and compliance evolving rapidly. Here, he shares insights about how software development teams are “shifting security left,” focusing on prevention, rather than detection...

To understand the current and future state of DevSecOps, we gathered insights from 29 IT professionals in 27 companies. We asked them, "What do you consider to be the most important elements of a successful DevSecOps implementation?" Here's what they told us...

At the KubeCon + CloudNativeCon Europe 2019 conference this week, Styra announced it has extended the policy management engine it created for Kubernetes clusters to provide additional integrations and controls intended to advance best DevSecOps practices.

The Styra Declarative Authorization Service (DAS) is based on the open source Open Policy Agent (OPA) software the company developed...

Policy engine Open Policy Agent, or OPA for short, has been accepted into the incubator of the Cloud Native Computing Foundation (CNCF). The project joined the CNCF’s sandbox in March 2018 and is now expected to graduate within the next two years.

To get into the incubating stage of the CNCF, a project needs at least two members of the technical oversight committee as sponsors, and it must document that it is successfully...