Turnkey OPA Admission Control policy
plus monitoring, logging and auditing
Context-aware control of communication
to, from and between microservices
Accelerate Your Cloud Migration with Context-Rich Entitlements
The only OPA control plane
developed by the OPA founders
Automated policy guardrails across
public cloud configuration
All about authorization: Styra DAS
and Open Policy Agent
Perspectives, updates and Rego tips
from the founders of OPA
Learn Open Policy Agent and Rego
fundamentals from the founders
Meet the Styra and OPA founding team
Join us, and reinvent authorization
for the cloud-native world
Press releases and featured articles from
the authorization market leaders
Trusted Styra partners for your
entire cloud infrastructure
Trusted Styra partners for your
entire cloud infrastructure
Automated policy guardrails across
public cloud configuration
Newsroom
Scaling Open Policy Agent: Styra DAS vs. DIY OPA
May 19, 2022Taking policy management to the edge (and how it’s different from the cloud)
May 17, 20223 Ways Developers Can Boost In-App Security
May 10, 2022Meet our Operations Manager, Cecily Wong!
May 3, 2022What is Policy Based Access Management?
April 25, 2022May 11, 2022
There are unquestionable advantages to cloud native technologies, but significant challenges as well. Case in point: microservices authorization.
May 6, 2022
Styra announced that Dave Wilner, formerly CRO at Auth0 and Vice President, Operations at Redfin, has joined the company’s board of directors.
May 4, 2022
Today’s Day Two Cloud explores the Open Policy Agent (OPA), an open-source project that serves as a policy engine for cloud-native environments. According to the OPA Web site, OPA “provides a high-level declarative language that lets you specify policy as code and simple APIs to offload policy decision-making from your software. You can use OPA to enforce policies in microservices, Kubernetes, CI/CD pipelines, API gateways, and more.”
May 3, 2022
We can all agree that the rise of cyberattacks and ransomware threats since the start of the pandemic has put the role of security—and the CISO—in the spotlight. Traditionally responsible for developing and implementing an information security program, including the purchase of every application, the CISO’s office has only taken on more responsibility to provide security training and prevent data breaches and security incidents.
May 2, 2022
Tim Hinrichs, Co-Founder and CTO at Styra, talks about his startup journey and growth strategy. Hinrichs and his co-founders created an open source language that powers authorization and policies. This is significant for cloud software, back-end systems, applications, and almost everything digital.
April 25, 2022
As a driver we often take for granted our driver’s license – unless you’re one of my twin 16-year-old daughters! 😊
In states and countries with reciprocal agreements driver’s licenses allow the authority to use public motorways and define privilege levels or endorsements, such as private automobile, motorcycle, commercial truck, etc. Imagine a world where this authorization was not defined uniformly or applied reciprocally – it would be very inconvenient to need to get new authorization credentials every time we crossed a state or country boundary!
April 25, 2022
Styra, Inc., the creators and maintainers of Open Policy Agent (OPA) and leader of cloud-native authorization, was named outstanding in micro-services capabilities, awarded the highest possible ranking in Security and Usability and recognized for its strong support for DevOps teams in the KuppingerCole Analysts AG’s 2022 Policy Based Access Management (PBAM) Market Compass Report. PBAM, a segment of the access control market, employs real-time evaluation of policies, while providing decisions to user requests for protected resources such as confidential documentation or sensitive databases.
April 20, 2022
The FIDO Alliance wants to use smartphones as a true mobile authenticator, but the proposal faces some obstacles.
For more than 10 years, the FIDO Alliance has been working to end password dependency. Now, the group has a new proposal in mind that enlists smartphones as roaming authenticators to sign into any account on any device, thereby leaving passwords in the dust.
April 20, 2022
The Great Resignation has hit the IT sector particularly hard. That’s a double blow given that this hemorrhaging of talent is occurring at the same time as a rapid acceleration of digital transformation in business and the global shift to a remote-centric workforce.
April 19, 2022
A data report from Styra focuses on how ‘in sync’ IT decision-makers and developers are when it comes to cloud-native technology use and security. This is particularly important during digital transformation journeys.
April 18, 2022
New startups are always emerging to address challenges and leverage opportunities in innovative ways. These companies bring fresh approaches to accelerating digital transformation, expanding what’s possible with analytics, breaking down silos, enhancing security, and more. Here are 15 startups DBTA thinks are worth watching in 2022.
April 18, 2022
Around the globe, there are regular headlines of high-profile cybersecurity breaches hitting organizations large and small—and even government agencies. In response, more and more companies are adopting a “zero-trust” stance when it comes to cybersecurity. This framework, which assumes that networks are constantly at risk from both internal and external attacks, attempts to secure vulnerable data by defaulting to allowing as little access to it as possible.
April 11, 2022
In the past, responsibility for data privacy and security fell on non-development teams, like IT, security or compliance. But this is changing.
Thanks to the adoption of cloud native technologies and trends like policy-as-code, developers are more focused on security than ever. According to the Styra 2022 Cloud-Native Alignment Report, over half of developers think their organization should enhance its data privacy efforts in the next 12 months. And more than three-quarters (77%) of IT decision-makers agree.
April 8, 2022
Cloud-native and open-source are booming with IT decision makers (97%) and developers (96%) stating that their organisations plan to expand use over the next 12 months.
April 1, 2022
Determining which function within the complex corporate structure is responsible for a given security matter is not easy and there are differences between firms and within functional groups. Taking the issue of functional groups, a new report looking into cloud applications draws out these divides.
March 31, 2022
Tim Hinrichs talks about Styra‘s new launch of Styra Declarative Authorization Service (DAS) for Cloud-Native Entitlements. With this solution, IAM teams can move to cloud-native technologies while still using existing systems-of-record as well as scale to the level that their organization requires.
March 29, 2022
Tech companies took 13 of the top 20 spots in a new ranking of best corporate culture, according to a new survey from Comparably. The usual suspects–Microsoft, IBM and Google–showed up in the top three spots and two more–UiPath and Uber–jumped up higher in the list as compared to last year’s ranking.
March 28, 2022
Styra released a research report which explores how in sync, or misaligned, IT leaders and developers are when it comes to cloud-native technology use and security during their digital transformation journeys.
March 28, 2022
New research this week from Styra found that while 97% of IT decision-makers and 96% of developers rate their ability to manage security for cloud apps as “strong,” they were not perfectly aligned when it comes to who owns policy, compliance and cloud security responsibilities.
March 24, 2022
Study from the creators and maintainers of Open Policy Agent provides insight into how an increase in cloud-native and open-source adoption is driving security prioritization at organizations but also leading to ownership misalignment among teams.
March 24, 2022
Study from the creators and maintainers of Open Policy Agent provides insight into how an increase in cloud-native and open-source adoption is driving security prioritization at organizations but also leading to ownership misalignment among teams.
March 23, 2022
Cloud-native and open-source are booming with IT decision makers (97%) and developers (96%) stating that their organisations plan to expand use over the next 12 months.
March 23, 2022
Styra Inc., the creator and maintainer of Open Policy Agent, an open-source engine for unifying and enforcing policies across computing environments, today released a new report on how cloud-native software application adoption is shifting security responsibility across teams.
March 23, 2022
The results of a survey of 350 IT decision-makers and 350 developers that work with cloud-native environments suggest the number of cloud-native applications deployed over the next 12 months will significantly increase.
The survey was conducted by Styra, a provider of a platform for managing authorization, and finds 97% of IT decision-makers and 96% of developers say their organizations plan to expand use of these applications.
March 18, 2022
Access control has very much been centred around models. Who should have access to what, when (and maybe more importantly why) has fascinated computer security researchers since the 1970’s. There have been several models for describing access over the years – many unfortunately lost to the academic past – being taught but never used. However, they do provide an excellent foundation to understand how to tackle some of today’s problems that pertain to the likes of hybrid cloud, zero trust, contextual security and the distributed nature of being simultaneously mobile and cloud first.
March 11, 2022
Organizations today are embracing cloud native technologies to increase time to market, scalability and cost savings. A big part of the cloud native transition is moving legacy systems and architectures to the cloud.
March 4, 2022
By 2023, over 500 million digital apps and services will be developed and deployed using cloud native approaches.
To put that in perspective, more applications will be developed on the cloud in a four-year period (2019-2023) than the total number of apps produced in the past 40 years.
March 3, 2022
What factors affect the efficacy of the cloud and present problems for the digital areas of business operations? Providing insight into the matter via a Digital Journal interview is Torin Sandall, Vice President of Open Source at Styra.
February 27, 2022
While the last two years accelerated digital transformation across a wide range of industries, this has been a long time coming for healthcare. Healthcare has been undergoing a massive shift to improve security, streamline operations, and enhance the patient experience - and much of that shift centers around the movement to the cloud.
February 25, 2022
Styra, Inc. announced Styra Declarative Authorization Service (DAS) for Cloud-Native Entitlements. Solving the gap between legacy and modern application authorization, this new capability enables Identity-and-Access Management (IAM) teams to take full advantage of existing systems-of-record while providing developer teams what they need-cloud-native, context-rich authorization, replicated across clouds, regions, availability zones and clusters. With Styra DAS, organizations can use their existing centralized IAM systems to seamlessly move applications to the cloud and accelerate their cloud migration with unified authorization.
February 25, 2022
Styra, the authorization startup behind Open Policy Agent, recently announced another solution to their kit bag. Their Cloud Native Entitlements approach seems to be aimed at bringing a distributed and replicated approach to entitlements management – but with a centralised management angle. Their whitepaper (reg required) explains how the modern enterprise will likely have applications operating in numerous locations in different models – from the “legacy” apps on-premise, to cloud and SaaS services.
February 23, 2022
Solving the gap between legacy and modern application authorization, this new capability enables Identity-and-Access Management (IAM) teams to take full advantage of existing systems-of-record while providing developer teams what they need—cloud-native, context-rich authorization, replicated across clouds, regions, availability zones and clusters. With Styra DAS, organizations can use their existing centralized IAM systems to seamlessly move applications to the cloud and accelerate their cloud migration with unified authorization.
February 22, 2022
The new solution, shortened to DAS, allows organizations to use existing identity and access management (IAM) solutions to move applications to the cloud. Authorization can be replicated across clouds, regions, availability zones, and clusters.
February 16, 2022
US agencies warn of Russian cyberespionage against cleared defense contractors. Updates on the Russian pressure against Ukraine. ShadowPad as China’s RAT of choice. BlackCat claims to have leaked data stolen in a double-extortion ransomware attack. Follow the bouncing QR code. Dinah Davis from Arctic Wolf on Canada’s government ransomware playbook. Rick Howard chats with Bill Mann from Styra on DevSecOps. And if you’re addicted to cryptocurrency speculation, the first step in recovery is admitting you’ve got a problem. (The second step is to step away from the phone.)
February 8, 2022
More than 90% of applications will be cloud-native by 2023. As organizations transition from monolithic, on-premises environments to dynamic cloud-based ones, ensuring access control becomes more critical—and complex.
That’s why I co-created Open Policy Agent, also known as OPA.
February 1, 2022
Ukraine and NATO increase their cyber readiness. Chinese cyberespionage has been looking closely at financial services in Taiwan. Hacktivists hit Iranian state television. Arid Viper is phishing for targets in the Palestinian Territories, and apparently doesn’t care who knows it. BlackCat ransomware implicated in attacks on German fuel distribution firms. Verizon’s Chris Novak shares his thoughts on the cyber talent pool. Our guest is Torin Sandall from Styra on Open Policy Agent. And, Bro, treat yourself to a pair of Vans.
January 19, 2022
An organization’s first line of cyber defense is its team members, and one essential role they play is keeping up with software and security updates on company-issued devices. With the demands of their day-to-day work, it can be all too easy for team members to fall behind on this important task—which leaves not only their devices but the entire company’s digital assets vulnerable.
January 11, 2022
The Payment Card Industry Data Security Standard (PCI DSS) entered the scene back in 2004 with the rise of payment fraud. Created by leaders in the credit card industry, PCI DSS was developed to provide a baseline of technical and operational requirements designed to protect cardholder payment data and was commonly understood by those in the legacy security world.
January 4, 2022
Charlene and Bill discuss why Styra decided to close its office doors and go fully remote starting in 2022 and some of the not-so-obvious benefits of remote work, including greater equity and inclusion.
December 21, 2021
Many companies felt strained, if not completely out of control when they were forced into what they hoped was a temporary shift to remote work. Now, the “big quit,” extended concerns about health and safety, and a host of other factors have put pressure on companies to continue offering remote options.
December 10, 2021
Hosting and developing services on the cloud helps companies achieve high uptime, fast updates, global availability and other benefits. Yet, storing data over the internet expands an organization's attack surface, creating a higher risk of non-compliance and security breaches.
November 23, 2021
Cyber Monday: It’s traditionally one of the biggest shopping days of the year, but 2021, it’s also a day that many retailers have been dreading.
With so many aspects of this year’s holiday shopping experience outside retailers’ control—shipping delays, supply chain issues, and labor shortages, to name just a few—retailers are shifting their focus and using enhanced data security policies in their mobile apps and websites to improve the shopping experience for customers
November 18, 2021
Writing good code can be as much an art as a science, and there’s no doubt that there are some who have an almost instinctive gift for crafting good code. Still, tech leaders say the best coders aren’t just talented; they’re careful and methodic, following established good habits and best practices. Fortunately, all of these habits and practices can be learned.
November 17, 2021
Techstrong Group, the power source for people and technology, has announced the finalists for the 24 categories in the seventh annual DevOps Dozen² Awards. The DevOps Dozen² Awards honor the most innovative and inspiring individuals and companies that have demonstrated their leadership and commitment to the DevOps community.
November 9, 2021
How can banking become better protected? What measures can help to turn the tables on rogue actors and bring stability to the finance world? Are neobanks at the greatest risk?
To explore these issues, Digital Journal spoke with Bill Mann, CEO of Styra
November 8, 2021
This interview from October 27th, 2021 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner speaks with Bill Mann of Styra on how rising compliance regulations are leading to security drift and leaving organizations vulnerable to attack.
November 8, 2021
The US offers a reward of up to ten million dollars for information leading to the identification or location of the leaders of the DarkSide ransomware gang. Researchers expect BlackMatter’s nominally retired operators to resurface in other criminal organizations. Ukraine outlines Russian FSB cyber operations during the hybrid war that’s been waged since 2014. Deterrence in cyberspace. Carole Theriault takes on high value targets. Our guest is Bill Mann of Styra on rising compliance regulations and security drift. An arrest is made in Special Counsel Durham’s investigation.
November 5, 2021
Least hot take of all time: Interruptions and rework are the worst. The modern dev pipeline is purpose-built to make collaboration easier and allow individuals and teams to work together to contribute to regular code pushes. This of course means lots of invention, feedback, creativity and iteration, all of which work best when they can be the point of current focus. Interrupting the process of creating new ideas because individuals or teams have to go backward and make changes based on config errors or compliance issues is frustrating. It’s also slow. No good.
November 3, 2021
Peggy and Bill Mann, CEO, Styra, talk about why cybersecurity is in the spotlight—and authentication and authorization. He explains it by looking at the larger cybersecurity landscape and explains preventative and detective security controls.
November 1, 2021
Customers have more choices than ever when it comes to banking. The rise of neobanks, banks born in the cloud, have upended the industry with built-in agility and responsiveness, elevating customer expectations of convenience. That expectation has extended to the entire spectrum of banking institutions, whether or not they’re cloud-based.
October 18, 2021
The Cloud Native Computing Foundation (CNCF) continues to lead the industry in supporting new cloud-native technologies. The innovative packages hosted by CNCF have seen impressive adoption rates among software teams of all sizes. One area where CNCF is especially active is security and compliance, an area seeing much development in recent years
October 18, 2021
Full-stack agile services and digital consulting firm Raft has secured the US Air Force (USAF) Data Fabric small business innovation research (SBIR) Phase III contract.
Under the contract, the digital consulting firm will provide data centralisation services to support the Chief Architect Office (CAO) of the Department of the Air Force (DAF) enterprise data architecture.
October 18, 2021
The F-22 Raptor, assigned to the 525th Fighter Squadron, will conduct an agile combat employment operation to support architecture demonstrations and ratings 5.2 during the operation of Pacific Iron 21 at Antonio B. Credits: USAF / Master Sergeant Matthew Plou.
Raft, a full-stack agile services and digital consulting firm, has won a Phase III contract for Data Fabric Small Business Innovation Research (SBIR) from the US Air Force (USAF).
October 11, 2021
More than three years into the law’s existence, significant compliance challenges remain for organizations both large and small
October 8, 2021
Microservices fundamentally changed the way we build modern applications. Before microservices, engineers had a small number of huge chunks of code that made up their application. Many apps were a single monolith of code, and some might have been broken out into a frontend, backend and database.
October 8, 2021
Styra, founders of the Open Policy Agent (OPA), have announced a new partnership with Kong.
October 8, 2021
Styra, founders of the Open Policy Agent (OPA), have announced a new partnership with Kong.
October 7, 2021
Styra, Inc. announced a new partnership with Kong Inc., the cloud connectivity company and the creators of Kuma. The two organizations are aligned on a common vision to secure modern cloud-native applications with dynamic, policy-enabled traffic control for microservices. Styra Declarative Authorization Service (DAS) is now integrated with Kong Mesh, an enterprise-grade service mesh built on top of open source Kuma, so security and operations teams can more easily meet internal and external regulations. Styra DAS and Kong Mesh together give teams granular control over traffic flow, and the real-time monitoring and historical audit records required to secure services and prove compliance.
October 6, 2021
Kong and Styra have announced their new partnership. It is designed to help advance secure cloud-native applications with dynamic, policy-based traffic control. Kong is known as a manufacturer of various open source applications such as Kong Gateway and the Mesh Kuma service. Styra founded the open source Open Policy Agent (OPA) designed as a general purpose policy engine.
October 6, 2021
Styra, the founders of Open Policy Agent (OPA) and leaders in cloud-native authorisation, today announced a new partnership with Kong, the cloud connectivity company and the creators of Kuma. The two organisations are aligned on a common vision to secure modern cloud-native applications with dynamic, policy-enabled traffic control for microservices. Styra Declarative Authorization Service (DAS) is now integrated with Kong Mesh, an enterprise-grade service mesh built on top of open source Kuma, so security and operations teams can more easily meet internal and external regulations. Styra DAS and Kong Mesh together give teams granular control over traffic flow, and the real-time monitoring and historical audit records required to secure services and prove compliance.
October 6, 2021
Styra announced a new partnership with Kong Inc.
The two organizations are aligned on a common vision to secure modern cloud-native applications with dynamic, policy-enabled traffic control for microservices. Styra Declarative Authorization Service (DAS) is now integrated with Kong Mesh, an enterprise-grade service mesh built on top of open source Kuma, so security and operations teams can more easily meet internal and external regulations. Styra DAS and Kong Mesh together give teams granular control over traffic flow, and the real-time monitoring and historical audit records required to secure services and prove compliance.
October 5, 2021
Companies behind two leading open source projects advance common vision with technology integration to tightly control traffic flow to, from and between microservices
Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, today announced a new partnership with Kong Inc., the cloud connectivity company and the creators of Kuma. The two organizations are aligned on a common vision to secure modern cloud-native applications with dynamic, policy-enabled traffic control for microservices. Styra Declarative Authorization Service (DAS) is now integrated with Kong Mesh, an enterprise-grade service mesh built on top of open source Kuma, so security and operations teams can more easily meet internal and external regulations.
October 5, 2021
Kong, Inc. and Styra, Inc. announced today that have allied to bring the Open Policy Agent (OPA) used to achieve compliance-as-code in cloud-native environments to both the open source Kuma service mesh and the enterprise-grade platform based on the platform known as Kong Mesh. This offering extends the reach of OPA to environments that include service meshes created by Kong that are deployed using containers.
September 28, 2021
As organizations continue to refine and structure their hybrid work plans and policies, it’s important to stay aware of the advantages and pitfalls these hybrid workforces can create when it comes to inclusion.
September 23, 2021
In today’s cloud-native, app-first and remote-first world, it has become a considerably more complicated task to verify a user or a service’s identity and determine policies that say what they are and aren’t allowed to do.
September 15, 2021
Securing investors is always a challenge for startups. But for open-source companies, it’s even harder.
Open-source companies need the right investors to innovate and enter new markets. But when you deal with a specific subset like open-source products, it can be difficult to find venture capitalists (VCs) with the required experience and knowledge.
September 9, 2021
Bill Mann, CEO founder of Styra catches up with Alan about how Styra is helping with DevSecOps and the challenges organizations are facing with access control and authorization.
September 6, 2021
Many enterprises have adopted DevOps practices in order to streamline their development. But security is all too often treated as an afterthought.
There is of course a way around this which is to integrate security into the DevOps pipeline, in other words move to DevSecOps.
August 27, 2021
There’s a persistent myth in the software engineering ecosystem about sales. Engineers don’t like sales, won’t interact with sales and don’t need sales. Anyway, an awesome product should just sell itself!
August 26, 2021
Getting an open-source project hosted by a foundation can provide a lot of opportunities for growth, such as through increased marketing and awareness. In this episode we spoke with Torin Sandall, VP of Open Source at Styra, about the process of donating Open Policy Agent (OPA) to the CNCF and its journey up to its recent graduation.
August 26, 2021
There are over 42 million public repositories on GitHub, but only a handful of projects reach the point of widespread use and adoption. One such project is Open Policy Agent (OPA), which is used to write policy as code.
August 26, 2021
GitHub has over 42 million public repositories, but only a handful of projects have become widely used and adopted. One such project is the Open Policy Agent (OPA), which is used to write policies as code.
August 18, 2021
What is Open Policy Agent (OPA)? And what can someone do with it? These are some of the questions that episode 57 of the Full Stack Journey podcast tackles. In this episode, Scott is joined by Diego Comas (@diegocomas on Twitter), a user/consumer of OPA, to discuss his direct experience in using OPA in real production environments.
August 18, 2021
Peggy and Bill Mann, CEO, Styra, talk about how the overall security market is getting more complex. He says as we get more technology, there are more moving parts.
July 30, 2021
Styra is a company built to reinvent policy and authorization for cloud-native development. Accordingly, part of their focus is Policy as Code, “The best way to understand it is the idea of taking software engineering best practices and applying them to policy, authorization, and the controls that govern who can do what or what can do what inside of your systems,” explains Torin Sandall, VP of Open Source at Styra.
July 23, 2021
Styra has announced new cloud infrastructure support via Terraform, extending Styra Declarative Authorization Service (DAS) guardrails to storage, network and compute resource configuration in public clouds including AWS, GCP and Azure.
With this addition, Styra DAS now provides a unified policy-as-code solution, built on OPA, to ensure cloud infrastructure, Kubernetes and service mesh deployments are secure and compliant. With Styra DAS and OPA, cloud and DevOps teams have a unified platform for authorization to mitigate risk, reduce human error and accelerate platform development.
July 23, 2021
Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, announced new cloud infrastructure support via Terraform, extending Styra Declarative Authorization Service (DAS) guardrails to storage, network and compute resource configuration in public clouds including AWS, GCP and Azure. With this addition, Styra DAS now provides a unified policy-as-code solution, built on OPA, to ensure cloud infrastructure, Kubernetes and service mesh deployments are secure and compliant. With Styra DAS and OPA, cloud and DevOps teams have a unified platform for authorization to mitigate risk, reduce human error and accelerate platform development.
July 22, 2021
Styra DAS extends OPA policy-as-code guardrails to public, private & hybrid cloud configurations, as well as Kubernetes and service mesh environments
July 22, 2021
Styra announced new cloud infrastructure support via Terraform, extending Styra Declarative Authorization Service (DAS) guardrails to storage, network and compute resource configuration in public clouds including AWS, GCP and Azure.
July 22, 2021
Once upon a time, we tried to code policy positions into our programs. It didn’t — it really didn’t — work well. Then in 2016, some developers at a company they called Styra came up with Open Policy Agent (OPA, pronounced “oh-pa”) for cloud native environments. With OPA, policy enforcement in code became much more practical. Styra recently commercialized OPA into a three-tier offering called Declarative Authorization Service (DAS). Now, Styra has taken another step forward with it by using HashiCorp‘s Terraform to extend DAS guardrails to public cloud storage, network, and compute resource configuration in Styra DAS for Terraform.
July 21, 2021
Styra, Inc., the founders of Open Policy Agent (OPA) and providers of cloud-native authorization, is releasing new cloud infrastructure support via Terraform, extending Styra Declarative Authorization Service (DAS) guardrails to storage, network, and compute resource configuration in public clouds including AWS, GCP and Azure.
July 21, 2021
Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, today announced new cloud infrastructure support via Terraform, extending Styra Declarative Authorization Service (DAS) guardrails to storage, network and compute resource configuration in public clouds including AWS, GCP and Azure. With this addition, Styra DAS now provides a unified policy-as-code solution, built on OPA, to ensure cloud infrastructure, Kubernetes and service mesh deployments are secure and compliant. With Styra DAS and OPA, cloud and DevOps teams have a unified platform for authorization to mitigate risk, reduce human error and accelerate platform development.
July 21, 2021
Building a company from the ground up is not for the faint of heart. I know, I've been there. As co-founder of Duo, the leading provider of Zero Trust access security, I know what it means to dedicate yourself fully to a vision, to your customers, and to your team. And I know how daunting it can be to find the right investors to join the team - people and organizations that truly understand, and believe in your vision.
July 20, 2021
Styra, Inc. announced new cloud infrastructure support via Terraform, extending Styra Declarative Authorization Service (DAS) guardrails to storage, network and compute resource configuration in public clouds including AWS, GCP and Azure. With this addition, Styra DAS now provides a unified policy-as-code solution, built on OPA, to ensure cloud infrastructure, Kubernetes and service mesh deployments are secure and compliant. With Styra DAS and OPA, cloud and DevOps teams have a unified platform for authorization to mitigate risk, reduce human error and accelerate platform development.
July 20, 2021
Tim Hinrichs and Teemu Koponen recognized that cloud computing was going to change how software authorization was done. The authorization problem--how approval was given for access and rights--was complex and only going to get more complicated. Hinrichs and Koponen wanted to solve this widespread and foundational problem, with the help of experts across industries that use cloud-native applications.
After building the core technology, Hinrichs and Koponen made an unusual choice. They decided to give it away for free.
July 20, 2021
Cloud-native authorization startup Styra Inc., the founders of Open Policy Agent, today announced new cloud infrastructure support via Terraform.
The Terraform support extends Styra Declarative Authorization Service guardrails to storage, network and compute resource configuration in public clouds, including Amazon Web Services Inc., the Google Cloud Platform and Microsoft Corp.’s Azure. Terraform is an infrastructure as code tool that allows users to build, change and version infrastructure safely and efficiently.
July 20, 2021
Sysdig plans to acquire an infrastructure-as-code security startup as enterprise container and DevOps adoption reach critical mass, linking application and infrastructure deployments together more tightly.
The cloud-native observability and security vendor said this week it will acquire Apolicy, a small startup based in Sunnyvale, Calif., for undisclosed financial terms.
July 15, 2021
Cloud native tooling for authorization is an emerging trend poised to revolutionize the way we approach this oft-neglected part of our applications. Open Policy Agent (OPA) is the leading contender to become a de-facto standard for applying policies to many different systems, from workloads running on Kubernetes to requests passing through Istio. In this article I will look more closely at the latter use case and try to answer the question of what OPA and its commercial management tool Styra DAS offer.
June 17, 2021
Assuming you know the basics — and you’d like to learn more — how do you take your skills to the next level? The answer varies depending on where your interests lay (e.g., performance, data integrations, etc.). So without any pretense of providing a complete answer, here are five ways to step up your OPA/Rego game.
June 13, 2021
Here are some of the most prominent venture capital and merger and acquisition news items from May.
June 3, 2021
We’re joined by Styra CEO Bill Mann. In the wake of a $40M funding announcement, he outlines plans to advance adoption of Open Policy Agent (OPA) for managing compliance as code.
May 24, 2021
Styra has raised a $40 million Series B funding round led by Battery Ventures with participation from previous investors, A. Capital, Unusual Ventures, and Accel, as well as new investors at Capital One Ventures and Citi Ventures. With this funding, Dharmesh Thakker, General Partner at Battery Ventures, will be joining the Styra board.
May 21, 2021
Styra, Inc., the founder of Open Policy Agent (OPA) and leader in cloud-native authorization, announced it raised $40 million in a Series B funding round to continue driving the reinvention of policy and authorization for cloud-native applications.
The round was led by Battery Ventures with participation from previous investors, A. Capital, Unusual Ventures, and Accel, as well as new investors at Capital One Ventures and Citi Ventures.
May 19, 2021
Silicon Valley Business Journal covers Styra Series B Funding in their roundup.
May 19, 2021
Styra, Inc., the founder of Open Policy Agent (OPA) and leader in cloud-native authorization, has raised a $40 million Series B funding round to continue driving the reinvention of policy and authorization for cloud-native applications.
May 19, 2021
Styra, a cloud-native authorization provider, announced the completion of a $40 million Series B funding round on Tuesday. The company has raised more than $54 million to date.
Battery Ventures led the latest funding round, which included existing investors Accel, A. Capital, and Unusual Ventures, as well as new investors Capital One Ventures and Citi Ventures.
May 18, 2021
As cloud-native apps continue to become increasingly central to how organizations operate, a startup founded by the creators of a popular open-source tool to manage authorization for cloud-native application environments is announcing some funding to expand its efforts at commercializing the opportunity.
Styra, the startup behind Open Policy Agent, has picked up $40 million in a Series B round of funding led by Battery Ventures. Also participating are previous backers A. Capital, Unusual Ventures and Accel; and new backers CapitalOne Ventures and Citi Ventures. Styra has disclosed CapitalOne is also one of its customers, along with e-commerce site Zalando and the European Patent Office.
May 18, 2021
May 18, 2021
Styra, a startup offering a platform to secure containerized environments, has raised $40 million in a series B round led by Battery Ventures. The company says the funding will be put toward creating a standard for cloud-native authorization and expanding its employee base.
May 18, 2021
Here’s what you need to know today in startup and venture news, updated by the Crunchbase News staff throughout the day to keep you in the know.
May 18, 2021
Styra Inc., the startup behind a ubiquitous piece of open-source software used to secure containerized applications, has raised $40 million in funding to help it double its headcount this year and win more customers.
Battery Ventures led the round, the startup disclosed in its funding announcement today.
May 18, 2021
As with many of the enterprise startups getting funded at the moment, Styra has proven itself in particular over the last year, with the switch to remote work, workloads being managed across a number of environments, and the ever-persistent need for better security around what people can and should not be using. Authorization is a particularly acute issue when considering the many access points that need to be monitored: as networks continue to grow across multiple hubs and applications, having a single authorization tool for the whole stack becomes even more important.
May 18, 2021
Cloud-native authorization provider Styra on Tuesday announced that it closed a $40 million Series B funding round. To date, the company has raised more than $54 million.
The new funding round was led by Battery Ventures, with participation from existing investors Accel, A. Capital, and Unusual Ventures, and new investors at Capital One Ventures and Citi Ventures.
May 18, 2021
The round was led by Battery Ventures with participation from previous investors, A. Capital, Unusual Ventures, and Accel, as well as new investors at Capital One Ventures and Citi Ventures. With this funding, Dharmesh Thakker, General Partner at Battery Ventures, will be joining the Styra board. The round further solidifies its market leadership and provides capital to accelerate its founders’ vision—to create the standard for authorization—which started with OPA.
May 18, 2021
Styra, the founder of Open Policy Agent (OPA) and leader in cloud-native authorization, has raised a $40 million Series B funding round to continue driving the reinvention of policy and authorization for cloud-native applications. The round was led by Battery Ventures with participation from previous investors, A. Capital, Unusual Ventures, and Accel, as well as new investors at Capital One Ventures and Citi Ventures. With this funding, Dharmesh Thakker, General Partner at Battery Ventures, will be joining the Styra board. The round further solidifies its market leadership and provides capital to accelerate its founders' vision-to create the standard for authorization-which started with OPA.
May 18, 2021
Styra Inc, a provider of cloud-native authorization solutions, has secured $40 million in Series B funding. Battery Ventures led the round with participation from A. Capital, Unusual Ventures, Accel, Capital One Ventures and Citi Ventures.
May 18, 2021
Styra, Inc., the founder of Open Policy Agent (OPA) and leader in cloud-native authorization, has raised a $40 million Series B funding round to continue driving the reinvention of policy and authorization for cloud-native applications. The round was led by Battery Ventures with participation from previous investors, A. Capital, Unusual Ventures, and Accel, as well as new investors at Capital One Ventures and Citi Ventures. With this funding, Dharmesh Thakker, General Partner at Battery Ventures, will be joining the Styra board. The round further solidifies its market leadership and provides capital to accelerate its founders’ vision—to create the standard for authorization—which started with OPA.
May 18, 2021
Styra and OPA are quickly becoming the de-facto standard for implementing policy controls across the entire tech stack, from service-to-service authorization to end-user application authorization. Feedback from our diligence indicated that Styra/OPA has quickly become a top- five priority when it comes to cloud initiatives and a tier 0 service (a typical nomenclature for describing the highest level of criticality for 3rd party software, similar to AWS or Datadog*).
May 18, 2021
As summer kicks into gear, the IPO market is mimicking the season by cranking up its temperature. Today, TechCrunch explored the IPO filings from venture-backed Marqeta and software startup WalkMe. Squarespace direct lists later this week, along with public debuts from Oatly and Procore on Thursday. All this is great news for late-stage startups and their backers. Not to mention lots of tech workers around the world.
May 14, 2021
Wonder about the security of CNCF projects? What about the state of security in cloud native? Security is not binary, it’s a practice of reducing risk. With fast-changing infrastructure and emerging best practices, there’s no simple, cookie-cutter solution. The Special Interest Group (SIG) Security is a group of security minded folx in the cloud native community. These awesome people are focused on improving security of cloud native projects & minimizing security gaps in cloud native adoption. In this session you will learn about our current and future projects, efforts, and how you can get involved in the future of cloud native security.
May 11, 2021
Whether an organization aims for a large-scale OPA use case, such as those from Netflix or Atlassian, or wants to begin with a single OPA instance, teams need to walk before they can run. Here, we discuss how companies can create a robust policy-as-code lifecycle for OPA, allowing the company to then create repeatable processes that are scalable across teams, clusters and clouds. This is less about diving into the technical nuts and bolts of OPA as it is about establishing a framework that teams can use to get organized and get OPA up and running.
May 7, 2021
The financial services industry is shifting to cloud-native because it is more flexible and resilient than traditional systems, which can lead to a better, more accessible user experience. Customer expectations have skyrocketed with the pace of technology, and FinServ is not immune from these demands.
Of course, security is paramount, and there's a mountain of tech debt to consider. An understanding of the upside — and a few best practices — can pave the way forward.
April 26, 2021
The Open Policy Agent is used for policy decision-making across the stack. In the case of Kubernetes, it is often used as an admission controller to protect the API Server with dynamic rules that don’t require recompilation to introduce. Today on the InfoQ Podcast, Wes Reisz speaks with Tim Hinrichs and Torin Sandall (two of the Open Policy Agent Project creators). The three talk about the project, including things like architecture, origin, community, the policy language (Rego), and, of course, performance. The podcast is an introduction to how OPA can is used across the stack for policy decisioning
April 22, 2021
From startups to large organizations, handbook-based policy management rarely scales well and is often applied in a non-uniform way. Policy as Code addresses this by codifying policies, providing visibility, and enforcing them automatically. By adopting Policy as Code, an organization forces itself to translate its policy decisions into code that enforces decisions in the same way, every time.
April 16, 2021
Styra DAS compliance packs eliminate the need for IT and DevOps teams to research, identify and implement baseline policies.
The technology allows teams to abstract policy as code into plain language, and align security practices to standards such as MITRE, CIS Benchmarks, and PCI, and prove compliance with detailed audit logs.
April 15, 2021
CEO of Styra, Bill Mann talks to host Alan Shimel about Open Policy Agent, Strya DAS and the cloud-native authorization market.
April 15, 2021
Styra has announced new compliance packs for its Declarative Authorization Service (DAS). The new packs are designed to bridge the gap between security and DevOps teams.
New packs include a MITRE ATT&CK Matrix for Enterprise and CIS Kubernetes Benchmarks. The new packs consist of best practices from the OPA community.
April 15, 2021
Automating policy enforcement is a key component of ensuring development teams are releasing secure applications in today’s fast-paced, cloud-native world. Many DevSecOps teams are achieving this by utilizing policy as code.
April 14, 2021
Styra, Inc., the founders of Open Policy Agent (OPA), announced new compliance packs for its Declarative Authorization Service (DAS), which include MITRE ATT&CK Matrix for Enterprise covering cloud-based techniques, and CIS Kubernetes Benchmarks, to ease collaboration between security and DevOps teams. These two new turnkey compliance packs consist of best practices from the OPA community, and are the latest additions to the Styra compliance pack library, which includes PCI DSS 3.2, Admission Control Best Practices and Kubernetes Pod Security Policies.
April 8, 2021
By decoupling policy from applications, policy as code allows you to change the coding for policy without changing the coding for apps. Translation: reliability, uptime, and efficiency.
April 1, 2021
The focus for this post is how we arrived at an open-source solution, in the form of the Open Policy Agent (OPA) that met all of our goals for working with policy as code. Whether for infrastructure or authorisation, Kubernetes or build pipelines, OPA offers a unified way of working with policy that will only grow in importance with your organisation and tech stack.
March 19, 2021
Security architects are a critical presence in your IT department. If you haven’t already done so, it’s time to give them a seat at the table and a strong voice.
Why? The cybersecurity landscape has changed dramatically over the last several years, and what worked before doesn’t work anymore. Worse, it might seem like it still works. Until it really, really doesn’t.
March 19, 2021
Tim Hinrichs, co-creator of Open Policy Agent (OPA), and CTO and co-founder of Styra, discusses OPA and Styra momentum, including OPA's graduation in the CNCF.
March 19, 2021
In just a few years, Open Policy Agent (OPA) has established itself as the de-facto standard for policy based guard rails around kubernetes clusters - now it's moving into our microservices! In this talk we'll explore the benefits of decoupling policy from application logic, and how OPA can help bring order to an increasingly distributed, heterogeneous and complex tech stack.
March 16, 2021
Kuma is a great way to think about putting a service mesh in place. What you can also do for this authorization system is use Open Policy Agent (OPA). The idea here is you’ve deployed the Kuma data plane and the OPA all on the same server. You can hook up Kuma to the OPA, and then whenever an external request comes in, Kuma will send the agent an authorization query that says, “Hey, is this API call authorized or not?” OPA returns that authorization decision and Kuma is responsible for enforcing that decision.
March 4, 2021
As part of the Tech Trailblazers Showcase at the London Enterprise Tech Meetup in January, Bill Mann, CEO of Styra, gives an introduction to the firm which won the Containers category in the 2020 Awards. He gives a quick explanation of how Styra is aiming to revolutionize authorization, making it code instead of being defined in PDFs, fast making it the defacto standard for authorization in cloud native environments.
March 4, 2021
What is cloud native security? What are the biggest security headaches when moving from legacy stacks to cloud native? Secure by default VS productive by default? Watch Anders Eknert and Steve Giguere answer questions about all things Cloud Native Security and share some of the worst security breaches they have experienced. This session is a recording of the Cloud Native Northern Sweden meetup that took place on March 3. Moderator: Cristian Klein, Senior Cloud Architect at Elastisys.
March 1, 2021
For when you need to deploy OPA outside of your application, here are some of the most popular OPA deployment performance models for microservices, along with some *rubs hands* experimental models that can get your creative-architectural juices flowing. No right or wrong answers; with the flexibility of OPA, this is only a matter of finding the right policy model for your environment and your latency needs. Time for the rubber to meet the road.
February 23, 2021
This post is going to outline some basics, interesting tidbits, and caveats on unit testing rego policies.
February 23, 2021
Styra enables enterprises to define, enforce and monitor policy across their cloud-native environments. With a combination of open-source (Open Policy Agent) and commercial solutions (Declarative Authorization Service), Styra provides security, operations and compliance guardrails to protect applications, as well as the infrastructure on which they run. Styra policy-as-code solutions let developers, DevOps and security teams mitigate risks, reduce human error and accelerate application development. OPA was initially proven out at scale by the likes of Netflix, Capital One, Atlassian, Pinterest and others. Two years later, it has reached the point of over 1 million downloads per week.
February 18, 2021
In this episode we invited Anders from the Open Policy Agent project and Alex one of the masterminds behind a new opensource project called KICS.
February 17, 2021
Styra has announced 2020 results, including over 300 percent growth year-over-year, 90 percent headcount increase and record-breaking open source project success.
The rapid adoption of Styra Declarative Authorization Service (DAS), the company’s turnkey enterprise security solution built on the recently graduated open-source project OPA, can be attributed to accelerating global demand for an authorization solution that meets the flexibility and scale requirements of Kubernetes and cloud-native environments—due in no small part to a newly remote workforce and need for highly available cloud-based applications and services.
February 17, 2021
Styra has announced two new additions to its senior leadership team. Steve Erickson and Paul Murphy will serve as vice presidents of engineering and sales, respectively, to support the company’s growth.
The company today also shared its 2020 results, including over 300 percent growth year-over-year, 90 percent headcount growth and record-breaking open source success with OPA.
The new hires bring policy and open source experience to help Styra expand its growing customer base, support the OPA community and provide more teams access to Styra Declarative Authorization Service (DAS), giving them guardrails for Kubernetes and microservices.
February 16, 2021
Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, today announced 2020 results, including over 300 percent growth year-over-year, 90 percent headcount increase and record-breaking open source project success. The rapid adoption of Styra Declarative Authorization Service (DAS), the company’s turnkey enterprise security solution built on the recently graduated open-source project OPA, can be attributed to accelerating global demand for an authorization solution that meets the flexibility and scale requirements of Kubernetes and cloud-native environments—due in no small part to a newly remote workforce and need for highly available cloud-based applications and services. This tremendous business momentum comes in parallel with the amazing traction of OPA, which was awarded graduated status from the Cloud Native Computing Foundation (CNCF) after meeting the foundation’s criteria for community growth and project adoption with downloads increasing from 6 million to over 35 million in 2020 alone.
February 16, 2021
The success of OPA and Styra DAS indicates an inflection point amongst enterprises—the time of digital transformation has officially arrived, and with it the need to secure and manage Kubernetes, containerized microservices and the cloud-native application development environment in general. Styra continues to add headcount in all areas to support anticipated growth, especially in the areas of sales, engineering, customer success and developer advocacy. In 2021, the company has already made several strategic hires to its senior leadership team including naming Paul Murphy as vice president of sales and Steve Erickson as vice president of engineering.
February 16, 2021
Steve Erickson will serve as Vice President of Engineering to support Styra's innovation and growth. He brings deep policy security expertise to the engineering team as VP and will accelerate feature and product updates for Styra DAS, so more OPA users can manage policy at scale across their cloud-native environments. Styra DAS and OPA fill an important policy and security gap within the cloud-native stack, and Erickson will scale and grow the engineering team to meet market demand.
February 16, 2021
Paul Murphy will serve as Vice President of Sales to support Styra's innovation and growth. With a strong cloud-native background, Murphy will continue to help Styra customers make their digital transformations and embrace the cloud. He will show customers how to use OPA and Styra DAS to minimize risk, mitigate errors and advance security and compliance.
February 16, 2021
Privately-held Styra, the founders of Open Policy Agent (OPA) and provides of cloud-native authorization, reported over 300 percent growth year-over-year in 2020. The company's employee headcount grew by 90% during the year.
The company said the rapid adoption of its Declarative Authorization Service (DAS), the company’s turnkey enterprise security solution built on the recently graduated open-source project OPA, can be attributed to accelerating global demand for an authorization solution that meets the flexibility and scale requirements of Kubernetes and cloud-native environments—due in no small part to a newly remote workforce and need for highly available cloud-based applications and services.
February 12, 2021
As anyone who has built or introduced a new project or product knows, success doesn’t happen overnight. It takes time and patience. When we first started the Open Policy Agent (OPA) project in 2016, we didn’t just spend all of our time on code — a lot of it was spent building awareness around the project and the community. As OPA started gaining traction, we were encouraged every time we’d hear a developer talk about OPA at a conference or mention it in a blog post.
Today, we’re humbled by OPA’s growth and even more amazed by its trajectory. We still remember our first hundred downloads and our first few slack users, and today OPA is a household name among platform engineers and application developers.
February 11, 2021
Torin Sandall, VP of Open Source at Styra, joins Tech Strong TV to talk about Open Policy Agent's Graduation in the Cloud Native Computing Foundation.
February 11, 2021
Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, announced SugarCRM Inc., the innovator of time-aware CX, has deployed Styra Declarative Authorization Service (DAS) to dramatically cut infrastructure costs and free up DevOps and platform team resources and time, while improving security and reducing downtime. SugarCRM has moved from a manual review of workloads and YAML configurations to automated guardrails, enabling the team to spend more time on business-critical projects, accelerate time-to-market, improve reliability and ease compliance concerns.
February 10, 2021
Open Policy Agent is now officially a member of the Cloud Native Computing Foundation’s graduating class of 2021.
The open-source general purpose policy engine had experienced 91% adoption, according to an OPA user survey, and has been placed in production for major enterprises, such as Netflix Inc., Pinterest Inc., T-Mobile USA Inc. and The Goldman Sachs Group Inc.
The OPA project, created by Styra Inc., achieved graduation from CNCF after completing a security audit, addressing vulnerabilities and defining its own governance. OPA’s mission is to extend user access beyond identity management and authentication into authorized actions.
February 10, 2021
Styra DAS enables SugarCRM to improve operational efficiency, reliability and compliance preparedness while cutting costs and freeing resources to focus on business-critical projects
February 10, 2021
With Styra DAS, SugarCRM has simplified policy enforcement with a built-in library of best practices, allowing the platform team to spend less time researching which policies are important and how to write effective rules. Instead they can spend more time on differentiated work, improving platform availability and reliability, and speeding time to market. Adding to the operational efficiency, all policy decisions can be monitored in real time and tracked historically. That means SugarCRM can look back at every “allow and
deny” decision to prove to the team and their peers in security and compliance that their policy-based controls are effective over time.
February 9, 2021
theCUBE host Stu Miniman (@stu) is joined by Tim Hinrichs from Styra for a CUBE Conversation hosted from our Boston studio
February 8, 2021
The Cloud Native Computing Foundation announced the Open Policy Agent project’s graduation to join the likes of mature cloud native projects, including Kubernetes, Helm and Prometheus.
OPA was initially created by Styra before joining CNCF in 2018 as a sandbox project. The company now offers a commercial implementation branded as Declarative Authorization Service (DAS), a control plane for authoring and implementing OPA policies.
February 8, 2021
The Cloud Native Computing Foundation (CNCF) announced the graduation of Open Policy Agent (OPA). OPA is an open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack. The project was accepted into the CNCF sandbox in April 2018 and one year later was promoted to incubation.
More than 90 individuals from approximately 30 organizations contribute to OPA, and maintainers come from four organizations, including Google, Microsoft, VMware, and Styra.
March 10, 2021
The Cloud Native Computing Foundation (CNCF) announced this week that the Open Policy Agent (OPA) project, which many IT teams are employing to manage compliance as code, has officially graduated.
Torin Sandall, co-founder of the OPA project and vice president of open source at Styra, whose compliance management platform is based on OPA, said formal recognition of OPA alongside other CNCF projects, such as Kubernetes, should help further adoption of the open source project that first took shape in 2016.
February 5, 2021
Open Policy Agent has been adopted widely in production by organizations like Goldman Sachs, Netflix, Pinterest, T-Mobile, and many others. According to a recent OPA user survey of more than 150 organizations, 91% indicated they use OPA in some stage of OPA adoption from QA to production. More than half indicated they use OPA for at least two use cases. The most common use cases for OPA are configuration authorization (such as Kubernetes admission control) and API authorization. The project has successfully integrated with several CNCF projects, including Kubernetes, Envoy, CoreDNS, Helm, SPIFFE/SPIRE, and more. It also integrates with Gatekeeper to provide a Kubernetes-native experience for admission policy enforcement and auditing.
February 4, 2021
The cloud native policy enforcement engine is used in production by organizations like Goldman Sachs, Netflix, Pinterest, and T-Mobile
OPA is an open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack. The project was accepted into the CNCF sandbox in April 2018 and one year later was promoted to incubation. More than 90 individuals from approximately 30 organizations contribute to OPA, and maintainers come from four organizations, including Google, Microsoft, VMware, and Styra.
March 10, 2021
The Cloud Native Computing Foundation (CNCF) announced the graduation of Open Policy Agent (OPA). The project has been adopted widely in production by organizations like Goldman Sachs, Netflix, Pinterest, T-Mobile, and many others.
The most common use cases for OPA are configuration authorization (such as Kubernetes admission control) and API authorization. The project has successfully integrated with several CNCF projects, including Kubernetes, Envoy, CoreDNS, Helm, SPIFFE/SPIRE, and more. It also integrates with Gatekeeper to provide a Kubernetes-native experience for admission policy enforcement and auditing.
February 4, 2021
The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, today announced the graduation of Open Policy Agent (OPA). OPA has demonstrated widespread adoption, an open governance process, feature maturity, and a strong commitment to community, sustainability, and inclusivity to graduate.
January 22, 2021
This is the moment you have all been waiting for. It is time to announce the honorees for the 2020 DevOps Dozen² Awards, and we couldn’t be more excited to share the names of the most outstanding leaders and tools in the DevOps community. Although, I must say, all the finalists have done an amazing job at making the DevOps community better through their mentorship, service and innovative ideas, and every single one is deserving of special recognition.
January 21, 2021
Devops teams are flocking to GitOps strategies to accelerate development time frames and eliminate cloud misconfigurations. They should adopt a similar ‘as-code’ approach to policy.
January 19, 2021
Meet the cyber security startups that are working on revolutionary products and services that protect individuals, businesses and governments from the bad guys online.
January 15, 2021
As part of our annual predictions series for 2021, VMblog asked a number of different industry experts to share their thoughts about the new year.
In episode 3, we hear from these experts: Kendall Miller, President, Fairwinds; Ken Grohe, President and CRO, Weka; David Somo, SVP Corporate Strategy, On Semiconductor; Bill Mann, CEO, Styra; Tarun Desikan, Co-Founder and COO, Banyan Security.
Watch as these experts talk about their 2021 predictions and share their thoughts around the future of technology within the IT industry.
January 15, 2021
As part of our annual #predictions series for 2021, VMblog (https://vmblog.com) asked a number of different industry experts to share their thoughts about the new year. In episode 3, we hear from Bill Mann, CEO of Styra, among others.
January 13, 2021
Styra gives an overview, with use cases, of Open Policy Agent (OPA) and provides insights into the evolution of access control -- Identity and authorization in distributed systems -- at API Belgium's virtual January Meetup.
January 12, 2021
Across nearly every industry, technology continues to play an increasingly important role in the workplace. This widespread infusion of technology presents an ideal opportunity for various departments to collaborate with the tech team.
This is especially true for marketing and communications teams, where targeting and outreach are becoming more analytical. Below, the members of Forbes Technology Council share 14 potential projects in which your company’s marketing and tech teams can work together for better outcomes.
January 13, 2021
Bill Mann, CEO of Styra shares his predictions for 2021, including that security architects will have a strong voice as their architectures will be applied both across the production environments and the development environments. Their focus will be on standardization and implementing security at an earlier stage.
December 22, 2020
Without the right policies in place, the extensive power of Kubernetes can result in consequences that are as grand as the designs. Fortunately, Kubernetes provides the ability to set policies that can limit those consequences, by checking for — and preventing — deployment mistakes from ever making it into production. To ensure that your teams’ apps aren’t more consequence than confidence, here are the top five Kubernetes admission control policies that you should have running in your cluster right now.
December 21, 2020
Shadow IT is officially behind us, thanks to standardization, plus tighter interaction between security teams and LOB. But Shadow IT 2.0 is looming, with the star of the show shifting from SaaS to PaaS (platform as a service). With the emergence of public cloud infrastructure, development teams can, for the first time, deploy, configure and manage their own application infrastructure – all without the need to ask permission from IT.
December 17, 2020
After a brief introduction to the technologies involved, we'll take a deep dive into an architecture utilizing OAuth2 and OpenID Connect for carrying identity across our distributed systems, and how once identity is established, we may leverage Open Policy Agent (OPA) for fine-grained policy based access control in our APIs. We'll learn how to use Rego, the policy language used by OPA, to write concise and clear policies for access control, as well as methods for distributing them across our platforms and how to monitor policy enforcement in real-time.
December 11, 2020
Automated, consistent policy reduces the risk of user error, removes undifferentiated heavy lifting between repeated tasks, and makes it seamless to onboard new employees and new applications because they’ll have guardrails already in place. It also means that this time, security can be built in from the start instead of added after implementation.
So, where do you start?
December 9, 2020
As companies embrace cloud native, software-defined development strategies to deliver immense value at unprecedented speed, they are running headlong into the challenge of solving authorization among and between the core components of the cloud native stack. For many companies, OPA represents a way to unify authorization and policy across every cloud environment — and of bringing authorization, itself, into the cloud native era.
December 9, 2020
How Open Policy Agent allows developer teams to write and enforce consistent policy and authorization across multicloud and hybrid cloud environments.
December 8, 2020
Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, announced the company’s top five predictions for 2021.
These trends foretell broad-scale changes in the enterprise in 2021 changes that are not limited to technology, but every facet of enterprise business, from company culture, to sales, to talent organization, to the rest of the organization. With these enterprise shifts, inevitably, will come the need for unified authorization across every layer of the cloud-native stack.
December 9, 2020
A code review process can go more smoothly—and catch more potential problems—if tech teams follow tested best practices. Below, 10 tech leaders from Forbes Technology Council, including Bill Mann from Styra, share helpful strategies for companies looking to implement or perfect a code review process.
December 8, 2020
Styra has been named the winner in the 2020 Tech Trailblazers Containers category.
This category is open to all private companies, privately funded or VC backed (Series C or earlier), under six years old. It seeks to recognize the early stage companies who are delivering next generation application infrastructure that help containers evolve from developer laptops to full scale enterprise production success stories.
December 8, 2020
Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, announced the company’s top five predictions for 2021.
These trends foretell broad-scale changes in the enterprise in 2021 changes that are not limited to technology, but every facet of enterprise business, from company culture, to sales, to talent organization, to the rest of the organization. With these enterprise shifts, inevitably, will come the need for unified authorization across every layer of the cloud-native stack.
December 8, 2020
Tim Hinrichs, CTO and co-founder of Styra, was named a runner up in the 2020 Male CxO Trailblazers Award.
Male CxO’s within enterprise tech startups demonstrating key qualities and proven achievements: driving company innovation, proof of leadership, implementing and encouraging agile practices, promoting diversity within the company, and contribution to the wider tech community.
December 7, 2020
For better or worse, how containers are used on Amazon Web Services will impact the technology’s future. So, for better or worse, it is necessary to track this, which is what AWS developer advocate and Cloud Native Computing Foundation (CNCF) ambassador Michael Hausenblas has done for the second consecutive year. The AWS Container Security Survey 2020 had 156 respondents, of which half used the Elastic Kubernetes Service (EKS) on the Elastic Cloud Compute (EC2) service. In addition, 36% are running a container service on top of AWS Fargate, but with about half of this group exclusively relying on AWS ECS.
December 4, 2020
In this talk, we will describe how OPA can assist in the secure distribution of policies and data by creating a “Signed Bundle” - a bundle that is digitally signed so that industry-standard cryptographic primitives can verify its authenticity. Our demo will show an end-to-end flow of generating and validating a “signed bundle” and also how this reduces OPA’s attack surface.
December 4, 2020
SPIRE solves authentication by creating an identity plane across varied infrastructure over which cryptographically verifiable identities such as JWTs are delivered securely to workloads. OPA provides a policy engine that can be used to enforce fine-grained authorization policies across the stack. We will show how SPIRE issued JWT SVID claims created using SPIRE’s OIDC Federation can be used by OPA to enforce service-to-service and end-user access control in microservice environments without compromising on speed and availability.
December 4, 2020
OPA is a general-purpose policy engine that solves a number of policy-related use cases for Kubernetes, microservices, CI/CD, cloud, and more. During this session the OPA maintainers will introduce the project for newcomers and then provide updates on the latest and greatest features landing in OPA and OPA Gatekeeper. If you are interested in policy and security as it relates to cloud native technology, this session is for you.
December 2, 2020
Styra is now a member of the Amazon Web Services (AWS) Partner Network (APN) and all three editions of Styra Declarative Authorization Service (DAS) — Free, Pro and Enterprise — are available in AWS Marketplace. Styra DAS is the fastest and easiest way to operationalize OPA at scale across Kubernetes, microservices or custom APIs, and now platform engineers and application development teams have an additional way to access Styra DAS directly through AWS Marketplace.
December 2, 2020
Styra has been named a finalist in the 2020 DevOps Dozen² Awards "Best Cloud Native Security Solution/Service" category. Open Policy Agent has also been named a finalist, but in the "Most Innovative DevOps Open Source Project."
For six years in a row, the awards have been honoring the most outstanding leaders in the DevOps community. This year, the awards program was expanded to include two different sections: DevOps Dozen Tools and Services Awards and DevOps Dozen Community Awards.
November 20, 2020
As enterprises and cloud services providers rapidly adopt Kubernetes to undergird modern applications, a new generation of startups is emerging to enhance the core technology with deeper observability, code delivery and integration, management and security features.
The following are 10 red-hot startups making waves across the Kubernetes ecosystem.
November 18, 2020
Long, long before we were coding policy enforcement into our clouds, we tried to code it into our programs. Most of the answers we created were hard-coded, difficult to maintain, and nigh unto impossible to update. But, in 2016, Open Policy Agent for cloud native environments was created, and policy enforcement in code became much more practical. Now, its developers, under their company, Styra, have announced a new three-tier product offering for Styra Declarative Authorization Service (DAS).
November 18, 2020
The new DAS Free and DAS Pro editions, along with the existing DAS Enterprise, give teams of any size and stage a budget-friendly and fast option to operationalize OPA at scale for Kubernetes. Platform engineers and teams can now deploy DAS in just minutes and have access to more than 100 built-in policies, as well as full enterprise-grade monitoring, impact analysis and decision logging. These new offerings enable a self-service experience and eliminate the need for learning and custom coding OPA policies for Kubernetes admission control.
November 17, 2020
Kubernetes Admission Control is not only powerful but is fast becoming a mandatory tool for securing Kubernetes. Strategies like RBAC, trusted repositories and runtime — while wonderful and necessary in their own right — are simply not enough.
To understand why developers need Admission Control, let’s first take a look at the limitations of RBAC, trusted repositories and runtime tools.
November 17, 2020
The new DAS Free and DAS Pro editions, along with the existing DAS Enterprise, give teams of any size and stage a budget-friendly and fast option to operationalize OPA at scale for Kubernetes. Platform engineers and teams can now deploy DAS in just minutes and have access to more than 100 built-in policies, as well as full enterprise-grade monitoring, impact analysis and decision logging. These new offerings enable a self-service experience and eliminate the need for learning and custom coding OPA policies for Kubernetes admission control.
November 17, 2020
Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, today announced a new three-tier product offering for Styra Declarative Authorization Service (DAS). The new DAS Free and DAS Pro editions, along with the existing DAS Enterprise, give teams of any size and stage a budget-friendly and fast option to operationalize OPA at scale for Kubernetes.
November 17, 2020
With the new Styra DAS editions (DAS Free and DAS Pro), platform engineers are now able to get started with DAS Free, a completely free, self-service option for up to two clusters or 10 nodes to streamline the adoption process. For teams with larger production scale needs, DAS Pro offers a clear and transparent pricing model, for up to 50 nodes, to protect and manage Kubernetes clusters as they grow from initial testing/deployment to full production environments.
November 13, 2020
In this episode of The New Stack Makers podcast, five guests each offer a hands-on “lightning demo” of their respective open source cloud native projects, as a teaser for next week’s Cloud Native Computing Foundation’s KubeCon + CloudNativeCon North America.
In his demo, Torin Sandall, VP of Open Source at Styra, showed how Open Policy Agent works for microservices API authorization. The demo application consisted of a service offering employee profiles for a company.
November 11, 2020
Developing software applications is an important endeavor for many companies. It’s also a very expensive one—and the costs aren’t always apparent upfront. The time and resources required to build a successful app can quickly deplete a development team’s budget and energy. We asked the members of Forbes Technology Council how to counteract some common “resource bleeds” in app development operations. Their best tips are below.
November 9, 2020
Adam welcomes Torin Sandall to the show. Torin is the Vice President of Open Source at Styra and the co-creator of Open Policy agent.
Adam & Torin discuss the origin of the project, why create new language from scratch called Rego, why that language is awesome, how Adam fell in love with Conftest, and how to use all these tools to create more secure systems.
November 5, 2020
My focus is on security, so a lot of my discussion with them focused on security. One of the big things that captured my attention was their Open Policy Agent (OPA). This tool was developed as an open source method of providing admission control for microservices and containers. Rather than letting developers create more and more containers to accomplish a goal, or worse yet, have dozens created under their IDs in an attack, Styra OPA allows you to set rules and conditions for admission control.
November 4, 2020
Learn how companies like Netflix, Pinterest, Yelp, Chef, and Atlassian use OPA for ‘who-and what-can-do-what’ application policy.
October 20, 2020
Applications architected as microservices are becoming more prevalent every day, but just like their monolithic ancestors, microservice applications must adhere to organization-wide constraints around compliance, security, performance, etc. Authorization, controlling which people and machines can perform which actions, is a foundational security problem that requires new solutions in a microservice world because of changes in requirements around performance, availability, and even where authorization gets enforced architecturally.
October 20, 2020
This talk discusses describes taking a policy-as-code approach, where authorization policies are decoupled from the underlying microservices yet employ a shared-fate evaluation model so that policies are consistent, enforced consistently, meet high-availability and performance demands, and enable relatively rapid security reviews and hot-patching. Specifically, we describe how to employ the Open Policy Agent for a unified approach to policy-as-code, where policies are enforced through the Kuma service mesh.
October 15, 2019
Today, authorization refers not only to people, accounts and roles and the permissions they have but — crucially — also to infrastructure authorization. The entire tech stack today is now software-defined. The controls of "who or what can do what" are more important than ever — and they can only be effective if they, too, are software-defined.
In other words, we've moved from just "Who can do what?" to "What can do what?"
October 15, 2020
OPA (pronounced “oh-pa!” like a thrown plate) is a unified toolset and framework for policy enforcement across your whole cloud native stack. Torin Sandall, VP of open source and co-creator of OPA at Styra, will demonstrate how OPA aims to decouple policy decision-making from policy enforcement, so that you can release, analyze and review policies, compliance and security, while not seeing a drop in performance or availability.
October 7, 2020
Eric Anderson catches up with Torin Sandall, co-creator of Open Policy Agent (OPA), the open-source, general-purpose policy engine. By focusing on demonstrating OPA’s value through case studies, targeted interviews, and word-of-mouth, Torin and the folks at Styra were able to grow OPA into the emerging standard for unified policy enforcement across the cloud-native stack.
September 29, 2020
With so many tasks on their to-do list, tech leaders often don’t have much time left to source and recruit top talent for open positions on the team. That’s why we asked the members of Forbes Technology Council how they manage to balance their talent search with their heavy workloads. Try these 14 innovative strategies to build out your dream tech team.
September 9, 2020
Open Policy Agent addresses Kubernetes authorization challenges with a full toolkit for integrating declarative policies into any number of application and infrastructure components.
September 9, 2020
Join Paavan, and the co-creators of OPA (Tim Hinrichs and Torin Sandall) as we dive in to look at managing your security policy using OPA and Styra Declarative Authorization Service.
September 2, 2020
Here is a quick introduction to Open Policy Agent (OPA), which is now a Cloud Native Computing Foundation incubating project, and which provides an open source, general-purpose policy engine for cloud infrastructure.
August 19, 2020
KubeCon + CloudNativeCon EU is continuing through tomorrow. Here are a few more highlights from the event, including Styra providing long term support and new online academy for Open Policy Agent.
August 17, 2020
As companies move from experimentation towards production, reducing risk becomes more critical. One way some teams mitigate risk is by limiting when new features and functionality can be deployed. Styra Essentials limits the risk often associated with new features, while still providing security-related updates on a schedule that can be managed by companies for which outage windows, patches and updates are closely managed.
August 17, 2020
Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, today announced that Styra Essentials now includes Long Term Support for Open Policy Agent, enabling companies in highly regulated industries to take advantage of cloud-native authorization policy. Highly regulated industries typically limit how often companies can update their software in order to reduce new risks. Styra Essentials solves this problem with a vetted, semi-annual version of OPA that includes critical fixes and security patches, as well as Styra Essentials 24x7 support.
August 11, 2020
Cloud-native organizations embracing microservices are running into an unavoidable security question: how to handle microservice authorization controls?
August 6, 2020
During my time at both CA and at Centrify, I witnessed the transition from built-in, local, native, per-service authentication to shared, externalized, standards-based authentication. The security industry must make the same paradigm shift for authorization—with proven, industry-accepted standards that enterprises can easily operationalize. That change is already underway.
August 5, 2020
Created four years ago as an open-source, domain-agnostic policy engine, OPA is becoming the de facto standard for cloud-native policy. As a matter of fact, OPA is already employed in production by companies like Netflix, Pinterest, and Goldman Sachs, for use cases like Kubernetes admission control and microservices API authorization. OPA also powers many of the cloud-native tools you already know and love, including the Atlassian suite and Chef Automate.
August 4, 2020
Everything that the team at Styra continues to build brings us ever closer to achieving our plan—from developing Rego, to contributing OPA to the CNCF, to building Styra Declarative Authorization Service as our OPA control plane, to enhancing each with new features based on community learnings and best practices. And now, we’ve taken our next big step forward by “democratizing” policy authorization with the Rego Policy Builder.
August 3, 2020
Styra announced Rego Policy Builder for the Styra Declarative Authorization Service (DAS).
With Rego Policy Builder, DevOps/platform teams can more easily build authorization policy in Styra DAS, with a point-and-click interface that speeds development of new rules and provides a policy interface that is easy to read.
Continuing the vision of the OPA founders, this latest enhancement to the OPA control plane empowers more teams to take advantage of the speed and security of policy-as-code for unified authorization.
July 31, 2020
Styra this week launched a declarative tool that enables cybersecurity teams to generate authorization policies that can be implemented programmatically by a DevOps team.
Company CEO Bill Mann said Rego Policy Builder for the Styra Declarative Authorization Service (DAS) is intended to help organizations bridge the divide between cybersecurity teams that define policies and developers that are increasingly being tasked with implementing them.
July 31, 2020
The Styra DAS Rego Policy Builder provides a streamlined, graphical, purpose-built, point and click policy interface for OPA authorization rules. This visualization of policy-as-code enables DevOps, security and compliance teams to take advantage of the speed and security of OPA, without investing up-front time to learn all the details of its custom policy language, speed development of sophisticated security, compliance and operational rules for modern cloud-native applications, and more easily communicate across teams to prove that security is in place, and built as intended.
July 31, 2020
With Rego Policy Builder, DevOps/platform teams can more easily build authorization policy in Styra DAS, with a point-and-click interface that speeds development of new rules and provides a policy interface that is easy to read. Continuing the vision of the OPA founders, this latest enhancement to the OPA control plane empowers more teams to take advantage of the speed and security of policy-as-code for unified authorization.
July 29, 2020
Former software engineer and now CEO, Bill Mann, joins Coruzant Technologies for the Digital Executive podcast. He shares how Styra, Open Policy Agent (OPA) and Declarative Authorization Service (DAS) provide security, operations and compliance guardrails for the cloud environment.
July 10, 2020
Styra Inc. is offering a double-barreled approach to bolstering security and compliance in the cloud-native world.
Through the company’s open-source Open Policy Agent, software developers can apply security and compliance policies to the Kubernetes container orchestration platform. Styra is also providing a software-as-a-service declarative authorization service product — Styra DAS — to help enterprises ensure that workloads are compliant with internal and external regulation.
July 8, 2020
Styra Inc. is offering a double-barreled approach to bolstering security and compliance in the cloud-native world.
Through the company’s open-source Open Policy Agent, software developers can apply security and compliance policies to the Kubernetes container orchestration platform. Styra is also providing a software-as-a-service declarative authorization service product — Styra DAS — to help enterprises ensure that workloads are compliant with internal and external regulation.
June 29, 2020
In this episode, we sat down with Tim Hinrichs, a co-founder of the Open Policy Agent project and CTO of Styra. We talked about why he created Styra and its relationship with Open Policy Agent (a project that was contributed to CNCF). We also talked about Styra Declarative Authorization Service (DAS) and why Styra is focussing on the Kubernetes use case.
June 16, 2020
The Business Intelligence Group today announced the winners of the 2020 Fortress Cyber Security Awards. The business award program sought to identify and reward the world's leading companies and products that are working to keep our data and electronic assets safe among a growing threat from hackers.
June 16, 2020
Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, today announced that Styra Declarative Authorization Service (DAS) has won the Business Intelligence Group 2020 Fortress Cyber Security Award in the Compliance category. The industry awards program recognizes Styra for being among the world’s leading companies and products working to keep data and electronic assets safe as security threats continue to grow.
June 7, 2020
Kubernetes is the most popular container orchestration platform in today's cloud-native ecosystem. Consequently, Kubernetes is also an area of increased interest and attention.
In this blog post, first I will discuss the Pod Security Policy admission controller. Then we will see how Open Policy Agent can implement Pod Security Policies.
May 20, 2020
Mike Vizard speaks with Tim Hinrichs, CTO of Styra, about additions to its Declarative Authorization Service for microservices security and compliance.
With authorization for microservices, Styra DAS helps operationalize the service mesh by controlling what APIs can be executed on what services, both on ingress and egress. As companies increase deployments and software scales to customer demands, these controls are critical in ensuring cloud-native applications adhere to data privacy and compliance regulations, as well as risk mitigation.
May 20, 2020
Styra today announced it has extended the Styra Declarative Authorization Service (DAS) for automating compliance management to now include support for both microservices and the service mesh platforms that are relied on to manage them.
Company CTO Tim Hinrichs says Styra Declarative Authorization Service can now be employed to ensure compliance by attaching open source Open Policy Agent (OPA) software on which Styra DAS relies as a sidecar using containers.
May 20, 2020
Styra Declarative Authorization Service (DAS) now supports microservices and extends context-based authorization to the service mesh. This new use case is the second addition to the company's turnkey enterprise security solution, which is built on OPA.
May 20, 2020
Built on Open Policy Agent, Styra is the first and only company to solve authorization for both Kubernetes and Microservices.
Styra DAS provides security, compliance and operational guardrails for both Kubernetes and microservices to help customers mitigate risk, reduce errors and accelerate software development. With OPA at its core, Styra DAS provides a single control plane for authorization both within applications and for the infrastructure they run upon.
May 20, 2020
Styra DAS was introduced in 2019 to help enterprises set up policy-as-code guardrails for Kubernetes, ensuring that workloads are compliant with both internal and external regulations. Now, with support for microservices, Styra DAS provides unified policy across two crucial layers of the new software stack: Kubernetes and microservices.
April 28, 2020
Tim Hinrichs and Torin Sandall are the creators of Open Policy Agent (OPA), a project which allows policy to be integrated with popular cloud native software (including Kubernetes and Envoy) or anything you write yourself. Adam and Craig discuss OPA with Tim and Torin after the news of the week.
April 27, 2020
Open Policy Agent has turned heads among IT shops for Kubernetes compliance as code, and its commercial backer looks to capitalize on that momentum with new enterprise features.
The company, Styra, offers IT compliance as code and technical support based on the Open Policy Agent (OPA), which caught the attention of Kubernetes security practitioners last year. The OPA is a declarative means to apply security and compliance policies to the container orchestration platform.
April 21, 2020
Talks focused on Open Policy Agent (OPA) are featured prominently in the agenda for KubeCon + CloudNativeCon Europe — 15 OPA-focused sessions were accepted from users at Google, City of Ottawa Ada Health and more — signaling the importance of authorization in the cloud.
While the event and those talks are now on hold until August, that doesn’t mean we should postpone learning more about authorization within applications, across Kubernetes clusters and on top of a service mesh.
April 21, 2020
Styra today announced it has added support for Kubernetes Mutating Webhooks and a new compliance pack for pod security policies (PSP) to its software-as-a-service (SaaS) platform for managing container compliance.
Bill Mann , CEO of Styra, says Styra DAS is designed to enable DevOps teams to more easily author, distribute, monitor and analyze instances of compliance as code built using OPA. Rather than having to perform those tasks manually, Styra DAS provides access to a control plane to manage that process end to end, he says.
April 21, 2020
As enterprises move containerized/cloud-native applications into production, they must ensure that workloads are secure and compliant with relevant regulations before they reach runtime. This can require manual reviews and operational overhead, both of which can lead to operational errors, risk and interruptions that slow developer productivity.
Styra mitigates these risks with guardrails that integrate with Kubernetes to allow only what’s right, minimizing human error and preventing non-compliant workloads from ever reaching production.
April 21, 2020
Styra announced new enhancements to their Declarative Authorization Service (DAS), including support for Kubernetes mutating webhooks and new compliance pack for pod security policies.
Styra DAS, the company’s first commercial product, is a management plane that enables Developers and DevOps teams to operationalize OPA authorization policies. These new enhancements extend the Styra DAS security and compliance solution for Kubernetes, enabling DevOps to author, distribute, monitor, audit and perform impact analysis for OPA policy-as-code guardrails, with a consistent framework.
April 21, 2020
Adding support for Kubernetes mutating webhooks enables Styra policies to go beyond "allow or deny," to automatically append, update or add relevant parameters to ensure workloads are compliant before they reach production.
The new Pod security policies (PSP) pack extends the existing best practices and PCI DSS 3.2 policy packs, all of which eliminate the need to research, identify and implement baseline guardrails/policies for Kubernetes.
April 21, 2020
Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, today announced new enhancements to their Declarative Authorization Service (DAS), including support for Kubernetes mutating webhooks and new compliance pack for pod security policies.
These new enhancements extend the Styra DAS security and compliance solution for Kubernetes, enabling DevOps to author, distribute, monitor, audit and perform impact analysis for OPA policy-as-code guardrails, with a consistent framework.
April 15, 2020
Torin Sandall of Styra and Open Policy Agent discussed OPA and policy engines and how they can benefit software projects security and compliance.
He also discussed how policy engines can be leveraged in combination with authentication protocols, such as OAUTH, to create a Authentication, Authorization, and Account (AAA) stack within applications.
March 18, 2020
Styra, Inc., the founders of Open Policy Agent and leaders in cloud-native authorization, today announced that it has successfully completed the Service Organization Control (SOC) 2 Type I audit for the Styra Declarative Authorization Service (DAS).
The SOC 2 audit addresses controls relevant to security, availability and processing integrity of the systems the service organization uses to process users’ data, and the confidentiality and privacy of the information these systems process.
December 3, 2019
The application development market is moving to containerised “cloud-native” application architectures and away from monolithic apps.
In the speed of this new world, businesses must continue to be efficient, while also mitigating risk and reducing errors. The only answer? Automated authorisation, or policy-as-code.
November 22, 2019
In order to operationalize cloud-native technologies for widespread enterprise use at scale...three core challenges [Governance, security and compliance] suddenly become top of mind.
Such is the strategy of Styra, the vendor behind the open-source Open Policy Agent project. The idea of OPA is to establish a lightweight, standard approach to representing and enforcing policies across the Kubernetes landscape. Today, Styra is ramping up its efforts to commercialize OPA, offering declarative authorization for securing Kubernetes...
August 27, 2019
To understand the current and future state of Kubernetes (K8s) in the enterprise, we gathered insights from IT executives at 22 companies. We asked, "What are the most common failures you see with K8s?" Typically these failures are the function of a lack of knowledge and skill, highly complex technology, lack of planning for security, and day-two operations...
August 26, 2019
To understand the current and future state of Kubernetes (K8s) in the enterprise, we gathered insights from IT executives at 22 companies. We asked, "What are the most important elements of implementing K8s for orchestrating containers?" Here’s what we learned...
August 21, 2019
A look at three use cases where organizations used Open Policy Agent to reliably automate cloud-based access policy control.
Every product or service has a unique way of handling policy and authorization: who-can-do-what and what-can-do-what. In the cloud-native world, authorization and policy are more complex than ever before. As the cloud-native ecosystem evolves...
August 6, 2019
Gartner recently included container security as one of its Top 10 Security Projects for 2019. However, container technology remains something of a mystery to many cybersecurity pros.
That unfamiliarity is complicated by a lack of adequate tools on this front: ESG data says that more than 30% of security pros indicate that their organization's current security solutions don't support containers and that most of the specialized tools available...
July 19, 2019
A Kubernetes-friendly compliance as code project hosted by the CNCF has caught on among large enterprises in the first half of 2019, largely through word of mouth.
An open source compliance as code project has gained a groundswell of popularity over the last six months among enterprise IT pros, who say it simplifies and standardizes Kubernetes policy management...
July 3, 2019
Tim Hinrichs, CTO and Co-Founder of Styra and Co-Founder of Open Policy Agent, sees the world of Kubernetes security and compliance evolving rapidly. Here, he shares insights about how software development teams are “shifting security left,” focusing on prevention, rather than detection...
June 25, 2019
To understand the current and future state of DevSecOps, we gathered insights from 29 IT professionals in 27 companies. We asked them, "What do you consider to be the most important elements of a successful DevSecOps implementation?" Here's what they told us...
July 3, 2019
As founders and maintainers of the Open Policy Agent project (OPA), Teemu Koponen, Torin Sandall and I are pleased to be looking back at the project’s first three years and recognizing a significant milestone. At KubeCon in Barcelona, we were overwhelmed by support—many people and companies that we have had no interaction with were extolling the virtues of OPA Policy and claiming that OPA “was everywhere.” This followed...
April 3, 2019
Policy engine Open Policy Agent, or OPA for short, has been accepted into the incubator of the Cloud Native Computing Foundation (CNCF). The project joined the CNCF’s sandbox in March 2018 and is now expected to graduate within the next two years.
To get into the incubating stage of the CNCF, a project needs at least two members of the technical oversight committee as sponsors, and it must document that it is successfully...
May 22, 2019
At the KubeCon + CloudNativeCon Europe 2019 conference this week, Styra announced it has extended the policy management engine it created for Kubernetes clusters to provide additional integrations and controls intended to advance best DevSecOps practices.
The Styra Declarative Authorization Service (DAS) is based on the open source Open Policy Agent (OPA) software the company developed...
March 10, 2021
The Cloud Native Computing Foundation announced the Open Policy Agent project’s graduation to join the likes of mature cloud native projects, including Kubernetes, Helm and Prometheus.
OPA was initially created by Styra before joining CNCF in 2018 as a sandbox project. The company now offers a commercial implementation branded as Declarative Authorization Service (DAS), a control plane for authoring and implementing OPA policies.
March 10, 2021
The Cloud Native Computing Foundation announced the Open Policy Agent project’s graduation to join the likes of mature cloud native projects, including Kubernetes, Helm and Prometheus.
OPA was initially created by Styra before joining CNCF in 2018 as a sandbox project. The company now offers a commercial implementation branded as Declarative Authorization Service (DAS), a control plane for authoring and implementing OPA policies.
March 10, 2021
The Cloud Native Computing Foundation announced the Open Policy Agent project’s graduation to join the likes of mature cloud native projects, including Kubernetes, Helm and Prometheus.
OPA was initially created by Styra before joining CNCF in 2018 as a sandbox project. The company now offers a commercial implementation branded as Declarative Authorization Service (DAS), a control plane for authoring and implementing OPA policies.
March 10, 2021
The Cloud Native Computing Foundation announced the Open Policy Agent project’s graduation to join the likes of mature cloud native projects, including Kubernetes, Helm and Prometheus.
OPA was initially created by Styra before joining CNCF in 2018 as a sandbox project. The company now offers a commercial implementation branded as Declarative Authorization Service (DAS), a control plane for authoring and implementing OPA policies.
December 10, 2021
The Cloud Native Computing Foundation announced the Open Policy Agent project’s graduation to join the likes of mature cloud native projects, including Kubernetes, Helm and Prometheus.
OPA was initially created by Styra before joining CNCF in 2018 as a sandbox project. The company now offers a commercial implementation branded as Declarative Authorization Service (DAS), a control plane for authoring and implementing OPA policies.
March 10, 2021
The Cloud Native Computing Foundation announced the Open Policy Agent project’s graduation to join the likes of mature cloud native projects, including Kubernetes, Helm and Prometheus.
OPA was initially created by Styra before joining CNCF in 2018 as a sandbox project. The company now offers a commercial implementation branded as Declarative Authorization Service (DAS), a control plane for authoring and implementing OPA policies.