Media, Social and Blogs

As enterprises and cloud services providers rapidly adopt Kubernetes to undergird modern applications, a new generation of startups is emerging to enhance the core technology with deeper observability, code delivery and integration, management and security features.

The following are 10 red-hot startups making waves across the Kubernetes ecosystem.

Long, long before we were coding policy enforcement into our clouds, we tried to code it into our programs. Most of the answers we created were hard-coded, difficult to maintain, and nigh unto impossible to update. But, in 2016, Open Policy Agent for cloud native environments was created, and policy enforcement in code became much more practical. Now, its developers, under their company, Styra, have announced a new three-tier product offering for Styra Declarative Authorization Service (DAS).

The new DAS Free and DAS Pro editions, along with the existing DAS Enterprise, give teams of any size and stage a budget-friendly and fast option to operationalize OPA at scale for Kubernetes. Platform engineers and teams can now deploy DAS in just minutes and have access to more than 100 built-in policies, as well as full enterprise-grade monitoring, impact analysis and decision logging. These new offerings enable a self-service experience and eliminate the need for learning and custom coding OPA policies for Kubernetes admission control. 

Kubernetes Admission Control is not only powerful but is fast becoming a mandatory tool for securing Kubernetes. Strategies like RBAC, trusted repositories and runtime — while wonderful and necessary in their own right — are simply not enough.

To understand why developers need Admission Control, let’s first take a look at the limitations of RBAC, trusted repositories and runtime tools.

The new DAS Free and DAS Pro editions, along with the existing DAS Enterprise, give teams of any size and stage a budget-friendly and fast option to operationalize OPA at scale for Kubernetes. Platform engineers and teams can now deploy DAS in just minutes and have access to more than 100 built-in policies, as well as full enterprise-grade monitoring, impact analysis and decision logging. These new offerings enable a self-service experience and eliminate the need for learning and custom coding OPA policies for Kubernetes admission control.

Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, today announced a new three-tier product offering for Styra Declarative Authorization Service (DAS). The new DAS Free and DAS Pro editions, along with the existing DAS Enterprise, give teams of any size and stage a budget-friendly and fast option to operationalize OPA at scale for Kubernetes.

With the new Styra DAS editions (DAS Free and DAS Pro), platform engineers are now able to get started with DAS Free, a completely free, self-service option for up to two clusters or 10 nodes to streamline the adoption process. For teams with larger production scale needs, DAS Pro offers a clear and transparent pricing model, for up to 50 nodes, to protect and manage Kubernetes clusters as they grow from initial testing/deployment to full production environments.

In this episode of The New Stack Makers podcast, five guests each offer a hands-on “lightning demo” of their respective open source cloud native projects, as a teaser for next week’s Cloud Native Computing Foundation’s KubeCon + CloudNativeCon North America.

In his demo, Torin Sandall, VP of Open Source at Styra, showed how Open Policy Agent works for microservices API authorization. The demo application consisted of a service offering employee profiles for a company.

Developing software applications is an important endeavor for many companies. It’s also a very expensive one—and the costs aren’t always apparent upfront. The time and resources required to build a successful app can quickly deplete a development team’s budget and energy. We asked the members of Forbes Technology Council how to counteract some common “resource bleeds” in app development operations. Their best tips are below.

Adam welcomes Torin Sandall to the show. Torin is the Vice President of Open Source at Styra and the co-creator of Open Policy agent.

Adam & Torin discuss the origin of the project, why create new language from scratch called Rego, why that language is awesome, how Adam fell in love with Conftest, and how to use all these tools to create more secure systems.

My focus is on security, so a lot of my discussion with them focused on security. One of the big things that captured my attention was their Open Policy Agent (OPA). This tool was developed as an open source method of providing admission control for microservices and containers. Rather than letting developers create more and more containers to accomplish a goal, or worse yet, have dozens created under their IDs in an attack, Styra OPA allows you to set rules and conditions for admission control.

Learn how companies like Netflix, Pinterest, Yelp, Chef, and Atlassian use OPA for ‘who-and what-can-do-what’ application policy.

Today, authorization refers not only to people, accounts and roles and the permissions they have but — crucially — also to infrastructure authorization. The entire tech stack today is now software-defined. The controls of "who or what can do what" are more important than ever — and they can only be effective if they, too, are software-defined.

In other words, we've moved from just "Who can do what?" to "What can do what?"

OPA (pronounced “oh-pa!” like a thrown plate) is a unified toolset and framework for policy enforcement across your whole cloud native stack. Torin Sandall, VP of open source and co-creator of OPA at Styra, will demonstrate how OPA aims to decouple policy decision-making from policy enforcement, so that you can release, analyze and review policies, compliance and security, while not seeing a drop in performance or availability.

Eric Anderson catches up with Torin Sandall, co-creator of Open Policy Agent (OPA), the open-source, general-purpose policy engine. By focusing on demonstrating OPA’s value through case studies, targeted interviews, and word-of-mouth, Torin and the folks at Styra were able to grow OPA into the emerging standard for unified policy enforcement across the cloud-native stack.

With so many tasks on their to-do list, tech leaders often don’t have much time left to source and recruit top talent for open positions on the team. That’s why we asked the members of Forbes Technology Council how they manage to balance their talent search with their heavy workloads. Try these 14 innovative strategies to build out your dream tech team.

Open Policy Agent addresses Kubernetes authorization challenges with a full toolkit for integrating declarative policies into any number of application and infrastructure components.

Join Paavan, and the co-creators of OPA (Tim Hinrichs and Torin Sandall) as we dive in to look at managing your security policy using OPA and Styra Declarative Authorization Service. 

Here is a quick introduction to Open Policy Agent (OPA), which is now a Cloud Native Computing Foundation incubating project, and which provides an open source, general-purpose policy engine for cloud infrastructure.

KubeCon + CloudNativeCon EU is continuing through tomorrow. Here are a few more highlights from the event, including Styra providing long term support and new online academy for Open Policy Agent. 

As companies move from experimentation towards production, reducing risk becomes more critical.  One way some teams mitigate risk is by limiting when new features and functionality can be deployed. Styra Essentials limits the risk often associated with new features, while still providing security-related updates on a schedule that can be managed by companies for which outage windows, patches and updates are closely managed.

Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, today announced that Styra Essentials now includes Long Term Support for Open Policy Agent, enabling companies in highly regulated industries to take advantage of cloud-native authorization policy. Highly regulated industries typically limit how often companies can update their software in order to reduce new risks. Styra Essentials solves this problem with a vetted,  semi-annual version of OPA that includes critical fixes and security patches, as well as Styra Essentials 24x7 support.

Cloud-native organizations embracing microservices are running into an unavoidable security question: how to handle microservice authorization controls?  

During my time at both CA and at Centrify, I witnessed the transition from built-in, local, native, per-service authentication to shared, externalized, standards-based authentication. The security industry must make the same paradigm shift for authorization—with proven, industry-accepted standards that enterprises can easily operationalize. That change is already underway.

Created four years ago as an open-source, domain-agnostic policy engine, OPA is becoming the de facto standard for cloud-native policy. As a matter of fact, OPA is already employed in production by companies like Netflix, Pinterest, and Goldman Sachs, for use cases like Kubernetes admission control and microservices API authorization. OPA also powers many of the cloud-native tools you already know and love, including the Atlassian suite and Chef Automate.

Everything that the team at Styra continues to build brings us ever closer to achieving our plan—from developing Rego, to contributing OPA to the CNCF, to building Styra Declarative Authorization Service as our OPA control plane, to enhancing each with new features based on community learnings and best practices. And now, we’ve taken our next big step forward by “democratizing” policy authorization with the Rego Policy Builder. 

Styra announced Rego Policy Builder for the Styra Declarative Authorization Service (DAS).

With Rego Policy Builder, DevOps/platform teams can more easily build authorization policy in Styra DAS, with a point-and-click interface that speeds development of new rules and provides a policy interface that is easy to read.

Continuing the vision of the OPA founders, this latest enhancement to the OPA control plane empowers more teams to take advantage of the speed and security of policy-as-code for unified authorization.

Styra this week launched a declarative tool that enables cybersecurity teams to generate authorization policies that can be implemented programmatically by a DevOps team.

Company CEO Bill Mann said Rego Policy Builder for the Styra Declarative Authorization Service (DAS) is intended to help organizations bridge the divide between cybersecurity teams that define policies and developers that are increasingly being tasked with implementing them.

The Styra DAS Rego Policy Builder provides a streamlined, graphical, purpose-built, point and click policy interface for OPA authorization rules. This visualization of policy-as-code enables DevOps, security and compliance teams to take advantage of the speed and security of OPA, without investing up-front time to learn all the details of its custom policy language, speed development of sophisticated security, compliance and operational rules for modern cloud-native applications, and more easily communicate across teams to prove that security is in place, and built as intended.

With Rego Policy Builder, DevOps/platform teams can more easily build authorization policy in Styra DAS, with a point-and-click interface that speeds development of new rules and provides a policy interface that is easy to read. Continuing the vision of the OPA founders, this latest enhancement to the OPA control plane empowers more teams to take advantage of the speed and security of policy-as-code for unified authorization.

Former software engineer and now CEO, Bill Mann, joins Coruzant Technologies for the Digital Executive podcast. He shares how Styra, Open Policy Agent (OPA) and Declarative Authorization Service (DAS) provide security, operations and compliance guardrails for the cloud environment.

Styra Inc. is offering a double-barreled approach to bolstering security and compliance in the cloud-native world.

Through the company’s open-source Open Policy Agent, software developers can apply security and compliance policies to the Kubernetes container orchestration platform. Styra is also providing a software-as-a-service declarative authorization service product — Styra DAS — to help enterprises ensure that workloads are compliant with internal and external regulation.

Bill Man, CEO of Styra, discusses the creation of Open Policy Agent and Styra DAS with theCube. Mann also talks about the cloud-native space and why policy-as-code guardrails are essential. 

In this episode, we sat down with Tim Hinrichs, a co-founder of the Open Policy Agent project and CTO of Styra. We talked about why he created Styra and its relationship with Open Policy Agent (a project that was contributed to CNCF). We also talked about Styra Declarative Authorization Service (DAS) and why Styra is focussing on the Kubernetes use case.

The Business Intelligence Group today announced the winners of the 2020 Fortress Cyber Security Awards. The business award program sought to identify and reward the world's leading companies and products that are working to keep our data and electronic assets safe among a growing threat from hackers.

Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, today announced that Styra Declarative Authorization Service (DAS) has won the Business Intelligence Group 2020 Fortress Cyber Security Award in the Compliance category. The industry awards program recognizes Styra for being among the world’s leading companies and products working to keep data and electronic assets safe as security threats continue to grow. 

Kubernetes is the most popular container orchestration platform in today's cloud-native ecosystem. Consequently, Kubernetes is also an area of increased interest and attention.

In this blog post, first I will discuss the Pod Security Policy admission controller. Then we will see how Open Policy Agent can implement Pod Security Policies.

Mike Vizard speaks with Tim Hinrichs, CTO of Styra, about additions to its Declarative Authorization Service for microservices security and compliance.

With authorization for microservices, Styra DAS helps operationalize the service mesh by controlling what APIs can be executed on what services, both on ingress and egress. As companies increase deployments and software scales to customer demands, these controls are critical in ensuring cloud-native applications adhere to data privacy and compliance regulations, as well as risk mitigation.

Styra today announced it has extended the Styra Declarative Authorization Service (DAS) for automating compliance management to now include support for both microservices and the service mesh platforms that are relied on to manage them.

Company CTO Tim Hinrichs says Styra Declarative Authorization Service can now be employed to ensure compliance by attaching open source Open Policy Agent (OPA) software on which Styra DAS relies as a sidecar using containers.

 Styra Declarative Authorization Service (DAS) now supports microservices and extends context-based authorization to the service mesh. This new use case is the second addition to the company's turnkey enterprise security solution, which is built on OPA. 

Built on Open Policy Agent, Styra is the first and only company to solve authorization for both Kubernetes and Microservices. 

Styra DAS provides security, compliance and operational guardrails for both Kubernetes and microservices to help customers mitigate risk, reduce errors and accelerate software development. With OPA at its core, Styra DAS provides a single control plane for authorization both within applications and for the infrastructure they run upon. 

Styra DAS was introduced in 2019 to help enterprises set up policy-as-code guardrails for Kubernetes, ensuring that workloads are compliant with both internal and external regulations. Now, with support for microservices, Styra DAS provides unified policy across two crucial layers of the new software stack: Kubernetes and microservices.

Tim Hinrichs and Torin Sandall are the creators of Open Policy Agent (OPA), a project which allows policy to be integrated with popular cloud native software (including Kubernetes and Envoy) or anything you write yourself. Adam and Craig discuss OPA with Tim and Torin after the news of the week.

Open Policy Agent has turned heads among IT shops for Kubernetes compliance as code, and its commercial backer looks to capitalize on that momentum with new enterprise features.

The company, Styra, offers IT compliance as code and technical support based on the Open Policy Agent (OPA), which caught the attention of Kubernetes security practitioners last year. The OPA is a declarative means to apply security and compliance policies to the container orchestration platform.

Talks focused on Open Policy Agent (OPA) are featured prominently in the agenda for KubeCon + CloudNativeCon Europe — 15 OPA-focused sessions were accepted from users at Google, City of Ottawa Ada Health and more — signaling the importance of authorization in the cloud.

While the event and those talks are now on hold until August, that doesn’t mean we should postpone learning more about authorization within applications, across Kubernetes clusters and on top of a service mesh. 

Styra today announced it has added support for Kubernetes Mutating Webhooks and a new compliance pack for pod security policies (PSP) to its software-as-a-service (SaaS) platform for managing container compliance.

Bill Mann , CEO of Styra, says Styra DAS is designed to enable DevOps teams to more easily author, distribute, monitor and analyze instances of compliance as code built using OPA. Rather than having to perform those tasks manually, Styra DAS provides access to a control plane to manage that process end to end, he says.

As enterprises move containerized/cloud-native applications into production, they must ensure that workloads are secure and compliant with relevant regulations before they reach runtime. This can require manual reviews and operational overhead, both of which can lead to operational errors, risk and interruptions that slow developer productivity.

Styra mitigates these risks with guardrails that integrate with Kubernetes to allow only what’s right, minimizing human error and preventing non-compliant workloads from ever reaching production.

Styra announced new enhancements to their Declarative Authorization Service (DAS), including support for Kubernetes mutating webhooks and new compliance pack for pod security policies.

Styra DAS, the company’s first commercial product, is a management plane that enables Developers and DevOps teams to operationalize OPA authorization policies. These new enhancements extend the Styra DAS security and compliance solution for Kubernetes, enabling DevOps to author, distribute, monitor, audit and perform impact analysis for OPA policy-as-code guardrails, with a consistent framework.

Adding support for Kubernetes mutating webhooks enables Styra policies to go beyond "allow or deny," to automatically append, update or add relevant parameters to ensure workloads are compliant before they reach production.

The new Pod security policies (PSP) pack extends the existing best practices and PCI DSS 3.2 policy packs, all of which eliminate the need to research, identify and implement baseline guardrails/policies for Kubernetes. 

Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, today announced new enhancements to their Declarative Authorization Service (DAS), including support for Kubernetes mutating webhooks and new compliance pack for pod security policies.

These new enhancements extend the Styra DAS security and compliance solution for Kubernetes, enabling DevOps to author, distribute, monitor, audit and perform impact analysis for OPA policy-as-code guardrails, with a consistent framework.

Torin Sandall of Styra and Open Policy Agent discussed OPA and policy engines and how they can benefit software projects security and compliance.

He also discussed how policy engines can be leveraged in combination with authentication protocols, such as OAUTH, to create a Authentication, Authorization, and Account (AAA) stack within applications.

Styra, Inc., the founders of Open Policy Agent and leaders in cloud-native authorization, today announced that it has successfully completed the Service Organization Control (SOC) 2 Type I audit for the Styra Declarative Authorization Service (DAS). 

The SOC 2 audit addresses controls relevant to security, availability and processing integrity of the systems the service organization uses to process users’ data, and the confidentiality and privacy of the information these systems process.

The application development market is moving to containerised “cloud-native” application architectures and away from monolithic apps. 

In the speed of this new world, businesses must continue to be efficient, while also mitigating risk and reducing errors.  The only answer?  Automated authorisation, or policy-as-code.

In order to operationalize cloud-native technologies for widespread enterprise use at scale...three core challenges [Governance, security and compliance] suddenly become top of mind.

Such is the strategy of Styra, the vendor behind the open-source Open Policy Agent project. The idea of OPA is to establish a lightweight, standard approach to representing and enforcing policies across the Kubernetes landscape. Today, Styra is ramping up its efforts to commercialize OPA, offering declarative authorization for securing Kubernetes...

To understand the current and future state of Kubernetes (K8s) in the enterprise, we gathered insights from IT executives at 22 companies. We asked, "What are the most common failures you see with K8s?" Typically these failures are the function of a lack of knowledge and skill, highly complex technology, lack of planning for security, and day-two operations...

To understand the current and future state of Kubernetes (K8s) in the enterprise, we gathered insights from IT executives at 22 companies. We asked, "What are the most important elements of implementing K8s for orchestrating containers?" Here’s what we learned...

A look at three use cases where organizations used Open Policy Agent to reliably automate cloud-based access policy control.

Every product or service has a unique way of handling policy and authorization: who-can-do-what and what-can-do-what. In the cloud-native world, authorization and policy are more complex than ever before. As the cloud-native ecosystem evolves...

Gartner recently included container security as one of its Top 10 Security Projects for 2019. However, container technology remains something of a mystery to many cybersecurity pros.

That unfamiliarity is complicated by a lack of adequate tools on this front: ESG data says that more than 30% of security pros indicate that their organization's current security solutions don't support containers and that most of the specialized tools available...

As founders and maintainers of the Open Policy Agent project (OPA), Teemu Koponen, Torin Sandall and I are pleased to be looking back at the project’s first three years and recognizing a significant milestone. At KubeCon in Barcelona, we were overwhelmed by support—many people and companies that we have had no interaction with were extolling the virtues of OPA Policy and claiming that OPA “was everywhere.” This followed...

A Kubernetes-friendly compliance as code project hosted by the CNCF has caught on among large enterprises in the first half of 2019, largely through word of mouth.

An open source compliance as code project has gained a groundswell of popularity over the last six months among enterprise IT pros, who say it simplifies and standardizes Kubernetes policy management...

Tim Hinrichs, CTO and Co-Founder of Styra and Co-Founder of Open Policy Agent, sees the world of Kubernetes security and compliance evolving rapidly. Here, he shares insights about how software development teams are “shifting security left,” focusing on prevention, rather than detection...

To understand the current and future state of DevSecOps, we gathered insights from 29 IT professionals in 27 companies. We asked them, "What do you consider to be the most important elements of a successful DevSecOps implementation?" Here's what they told us...

At the KubeCon + CloudNativeCon Europe 2019 conference this week, Styra announced it has extended the policy management engine it created for Kubernetes clusters to provide additional integrations and controls intended to advance best DevSecOps practices.

The Styra Declarative Authorization Service (DAS) is based on the open source Open Policy Agent (OPA) software the company developed...

Policy engine Open Policy Agent, or OPA for short, has been accepted into the incubator of the Cloud Native Computing Foundation (CNCF). The project joined the CNCF’s sandbox in March 2018 and is now expected to graduate within the next two years.

To get into the incubating stage of the CNCF, a project needs at least two members of the technical oversight committee as sponsors, and it must document that it is successfully...