Styra Academy - Free OPA Training

Newsroom

Media, Social and Blogs

NewsroomHeaderIcon
thenewstack logo

5 Things You Didn’t Know About Open Policy Agent

Assuming you know the basics — and you’d like to learn more — how do you take your skills to the next level? The answer varies depending on where your interests lay (e.g., performance, data integrations, etc.). So without any pretense of providing a complete answer, here are five ways to step up your OPA/Rego game.

read more
sdx logo

Money Moves: May 2021

Here are some of the most prominent venture capital and merger and acquisition news items from May.

read more
TechStrongTV logo

Open Policy Agent – Bill Mann, Styra

We’re joined by Styra CEO Bill Mann. In the wake of a $40M funding announcement, he outlines plans to advance adoption of Open Policy Agent (OPA) for managing compliance as code.

read more
TFIR

Styra Raises $40 Million Series B

Styra has raised a $40 million Series B funding round led by Battery Ventures with participation from previous investors, A. Capital, Unusual Ventures, and Accel, as well as new investors at Capital One Ventures and Citi Ventures. With this funding, Dharmesh Thakker, General Partner at Battery Ventures, will be joining the Styra board.

read more
database trends logo

Styra Raises $40 Million in Latest Funding Round

Styra, Inc., the founder of Open Policy Agent (OPA) and leader in cloud-native authorization, announced it raised $40 million in a Series B funding round to continue driving the reinvention of policy and authorization for cloud-native applications.

The round was led by Battery Ventures with participation from previous investors, A. Capital, Unusual Ventures, and Accel, as well as new investors at Capital One Ventures and Citi Ventures.

read more
SVBJ logo styra

The Funded: iD Tech, which runs summer coding camps for kids, was just acquired for $200M

Silicon Valley Business Journal covers Styra Series B Funding in their roundup. 

read more
aithority logo

Styra Raises $40 Million in Series B Funding to Drive Access, Security and Compliance in Cloud-Native Applications

Styra, Inc., the founder of Open Policy Agent (OPA) and leader in cloud-native authorization, has raised a $40 million Series B funding round to continue driving the reinvention of policy and authorization for cloud-native applications. 

read more
Cyberguards logo

Cloud-Native Authorization Provider Styra Announced a $40 Million Series B Funding Round

Styra, a cloud-native authorization provider, announced the completion of a $40 million Series B funding round on Tuesday. The company has raised more than $54 million to date.

Battery Ventures led the latest funding round, which included existing investors Accel, A. Capital, and Unusual Ventures, as well as new investors Capital One Ventures and Citi Ventures.

read more
techcrunch logo

Styra, the startup behind Open Policy Agent, nabs $40M to expand its cloud-native authorization tools

As cloud-native apps continue to become increasingly central to how organizations operate, a startup founded by the creators of a popular open-source tool to manage authorization for cloud-native application environments is announcing some funding to expand its efforts at commercializing the opportunity.

Styra, the startup behind Open Policy Agent, has picked up $40 million in a Series B round of funding led by Battery Ventures. Also participating are previous backers A. Capital, Unusual Ventures and Accel; and new backers CapitalOne Ventures and Citi Ventures. Styra has disclosed CapitalOne is also one of its customers, along with e-commerce site Zalando and the European Patent Office.

read more
businessinsider

We got an exclusive look at the pitch deck developer startup Styra used to convince Battery Ventures to invest in its $40 million Series B

Open source developer startup Styra raised fresh funding to create the standard for authorization, which allows developers to control what a user can or cannot do once they log into an app.
 
The firm announced a $40 million Series B funding
led by Battery Ventures with participation from previous investors, A. Capital, Unusual Ventures, and Accel, as well as new investors Capital One and Citi Ventures. The startup has raised $67.5 million in total, according PitchBook.
read more
venturebeat logo

Containerized policy management startup Styra nabs $40M

Styra, a startup offering a platform to secure containerized environments, has raised $40 million in a series B round led by Battery Ventures. The company says the funding will be put toward creating a standard for cloud-native authorization and expanding its employee base.

read more
crunchbase

The Briefing: Back Market Bags $335M, Copper Banks $50M, And More

Here’s what you need to know today in startup and venture news, updated by the Crunchbase News staff throughout the day to keep you in the know.

read more
SiliconAngle

After 75M downloads, cloud-native authorization startup Styra raises $40M

Styra Inc., the startup behind a ubiquitous piece of open-source software used to secure containerized applications, has raised $40 million in funding to help it double its headcount this year and win more customers.

Battery Ventures led the round, the startup disclosed in its funding announcement today. 

read more
YahooFinance

Styra, the startup behind Open Policy Agent, nabs $40M to expand its cloud-native authorization tools

As with many of the enterprise startups getting funded at the moment, Styra has proven itself in particular over the last year, with the switch to remote work, workloads being managed across a number of environments, and the ever-persistent need for better security around what people can and should not be using. Authorization is a particularly acute issue when considering the many access points that need to be monitored: as networks continue to grow across multiple hubs and applications, having a single authorization tool for the whole stack becomes even more important.

 

read more
security week logo

Cloud-Native Authorization Provider Styra Raises $40 Million

Cloud-native authorization provider Styra on Tuesday announced that it closed a $40 million Series B funding round. To date, the company has raised more than $54 million.

The new funding round was led by Battery Ventures, with participation from existing investors Accel, A. Capital, and Unusual Ventures, and new investors at Capital One Ventures and Citi Ventures.

read more
finextra logo

Capital One and Citi Ventures join $40 million round in Styra

The round was led by Battery Ventures with participation from previous investors, A. Capital, Unusual Ventures, and Accel, as well as new investors at Capital One Ventures and Citi Ventures. With this funding, Dharmesh Thakker, General Partner at Battery Ventures, will be joining the Styra board. The round further solidifies its market leadership and provides capital to accelerate its founders’ vision—to create the standard for authorization—which started with OPA.

read more
VC news daily

Styra Raises $40M Series B Financing Round

Styra, the founder of Open Policy Agent (OPA) and leader in cloud-native authorization, has raised a $40 million Series B funding round to continue driving the reinvention of policy and authorization for cloud-native applications. The round was led by Battery Ventures with participation from previous investors, A. Capital, Unusual Ventures, and Accel, as well as new investors at Capital One Ventures and Citi Ventures. With this funding, Dharmesh Thakker, General Partner at Battery Ventures, will be joining the Styra board. The round further solidifies its market leadership and provides capital to accelerate its founders' vision-to create the standard for authorization-which started with OPA.

read more
vcj-logo styra funding

Styra pulls in $40m Series B

Styra Inc, a provider of cloud-native authorization solutions, has secured $40 million in Series B funding. Battery Ventures led the round with participation from A. Capital, Unusual Ventures, Accel, Capital One Ventures and Citi Ventures. 

read more
Financial IT logo

STYRA RAISES $40 MILLION IN SERIES B FUNDING TO DRIVE ACCESS, SECURITY AND COMPLIANCE IN CLOUD-NATIVE APPLICATIONS

Styra, Inc., the founder of Open Policy Agent (OPA) and leader in cloud-native authorization, has raised a $40 million Series B funding round to continue driving the reinvention of policy and authorization for cloud-native applications. The round was led by Battery Ventures with participation from previous investors, A. Capital, Unusual Ventures, and Accel, as well as new investors at Capital One Ventures and Citi Ventures. With this funding, Dharmesh Thakker, General Partner at Battery Ventures, will be joining the Styra board. The round further solidifies its market leadership and provides capital to accelerate its founders’ vision—to create the standard for authorization—which started with OPA.

read more
Battery ventures logo

Authentication and Authorization, Post-Auth0: Styra* and Extending Identity to All Layers of the Cloud-Based Application Stack

Styra and OPA are quickly becoming the de-facto standard for implementing policy controls across the entire tech stack, from service-to-service authorization to end-user application authorization. Feedback from our diligence indicated that Styra/OPA has quickly become a top- five priority when it comes to cloud initiatives and a tier 0 service (a typical nomenclature for describing the highest level of criticality for 3rd party software, similar to AWS or Datadog*).

read more
techcrunch logo

Daily Crunch: How Expensify maintained its early-stage startup culture after 13 years

As summer kicks into gear, the IPO market is mimicking the season by cranking up its temperature. Today, TechCrunch explored the IPO filings from venture-backed Marqeta and software startup WalkMe. Squarespace direct lists later this week, along with public debuts from Oatly and Procore on Thursday. All this is great news for late-stage startups and their backers. Not to mention lots of tech workers around the world.

read more
CNCF

An Introduction to Cloud Native Security - Ash Narkar, Styra; Aradhna Chetal, TIAA & Andres Vega

Wonder about the security of CNCF projects? What about the state of security in cloud native? Security is not binary, it’s a practice of reducing risk. With fast-changing infrastructure and emerging best practices, there’s no simple, cookie-cutter solution. The Special Interest Group (SIG) Security is a group of security minded folx in the cloud native community. These awesome people are focused on improving security of cloud native projects & minimizing security gaps in cloud native adoption. In this session you will learn about our current and future projects, efforts, and how you can get involved in the future of cloud native security.

read more
thenewstack logo

Getting Open Policy Agent Up and Running

Whether an organization aims for a large-scale OPA use case, such as those from Netflix or Atlassian, or wants to begin with a single OPA instance, teams need to walk before they can run. Here, we discuss how companies can create a robust policy-as-code lifecycle for OPA, allowing the company to then create repeatable processes that are scalable across teams, clusters and clouds. This is less about diving into the technical nuts and bolts of OPA as it is about establishing a framework that teams can use to get organized and get OPA up and running.

read more
Forbes logo

Why Cloud-Native Is Essential For FinServ And How To Make The Shift

The financial services industry is shifting to cloud-native because it is more flexible and resilient than traditional systems, which can lead to a better, more accessible user experience. Customer expectations have skyrocketed with the pace of technology, and FinServ is not immune from these demands.

Of course, security is paramount, and there's a mountain of tech debt to consider. An understanding of the upside — and a few best practices — can pave the way forward.

read more
InfoQ logo_Styra_OPA

Open Policy Agent (OPA) with the Project’s Co-Creators

The Open Policy Agent is used for policy decision-making across the stack. In the case of Kubernetes, it is often used as an admission controller to protect the API Server with dynamic rules that don’t require recompilation to introduce. Today on the InfoQ Podcast, Wes Reisz speaks with Tim Hinrichs and Torin Sandall (two of the Open Policy Agent Project creators). The three talk about the project, including things like architecture, origin, community, the policy language (Rego), and, of course, performance. The podcast is an introduction to how OPA can is used across the stack for policy decisioning

read more
Security Blvd logo

7 Ways Policy as Code Can Improve Automation and Security

From startups to large organizations, handbook-based policy management rarely scales well and is often applied in a non-uniform way. Policy as Code addresses this by codifying policies, providing visibility, and enforcing them automatically. By adopting Policy as Code, an organization forces itself to translate its policy decisions into code that enforces decisions in the same way, every time.

read more
help net security logo

Styra’s compliance packs for DAS ease collaboration between security and DevOps teams

Styra DAS compliance packs eliminate the need for IT and DevOps teams to research, identify and implement baseline policies.

The technology allows teams to abstract policy as code into plain language, and align security practices to standards such as MITRE, CIS Benchmarks, and PCI, and prove compliance with detailed audit logs.

 

read more
TechStrongTV logo

Bill Mann – TechStrong TV

CEO of Styra, Bill Mann talks to host Alan Shimel about Open Policy Agent, Strya DAS and the cloud-native authorization market. 

 

read more
IT OPS TIMES LOGO

ITOps Times news digest: Styra’s new compliance packs, expanded Azure Blob storage, and Guardicore’s new Zero Trust assessments

Styra has announced new compliance packs for its Declarative Authorization Service (DAS). The new packs are designed to bridge the gap between security and DevOps teams. 

New packs include a MITRE ATT&CK Matrix for Enterprise and CIS Kubernetes Benchmarks. The new packs consist of best practices from the OPA community. 

 

read more
SDTimes_log_Styra

Policy as code shifts compliance left

Automating policy enforcement is a key component of ensuring development teams are releasing secure applications in today’s fast-paced, cloud-native world. Many DevSecOps teams are achieving this by utilizing policy as code. 

read more
vmblog

Styra Releases New Compliance Packs to Further Bridge the Gap Between Security and DevOps Teams

Styra, Inc., the founders of Open Policy Agent (OPA), announced new compliance packs for its Declarative Authorization Service (DAS), which include MITRE ATT&CK Matrix for Enterprise covering cloud-based techniques, and CIS Kubernetes Benchmarks, to ease collaboration between security and DevOps teams. These two new turnkey compliance packs consist of best practices from the OPA community, and are the latest additions to the Styra compliance pack library, which includes PCI DSS 3.2, Admission Control Best Practices and Kubernetes Pod Security Policies.

READ MORE
Infoworld logo

What is unified policy as code, and why do you need it?

By decoupling policy from applications, policy as code allows you to change the coding for policy without changing the coding for apps. Translation: reliability, uptime, and efficiency.

read more
Container solutions logo_styra_opa

WTF Is Policy as Code?

The focus for this post is how we arrived at an open-source solution, in the form of the Open Policy Agent (OPA) that met all of our goals for working with policy as code. Whether for infrastructure or authorisation, Kubernetes or build pipelines, OPA offers a unified way of working with policy that will only grow in importance with your organisation and tech stack.

read more
Forbes Styra

DevSecOps: What It Is And Why You Need To Make The Shift Now

Security architects are a critical presence in your IT department. If you haven’t already done so, it’s time to give them a seat at the table and a strong voice.

Why? The cybersecurity landscape has changed dramatically over the last several years, and what worked before doesn’t work anymore. Worse, it might seem like it still works. Until it really, really doesn’t.

read more
TFIR

OPA Is One Ring To Rule All Authorization Problems

Tim Hinrichs, co-creator of Open Policy Agent (OPA), and CTO and co-founder of Styra, discusses OPA and Styra momentum, including OPA's graduation in the CNCF. 

read more
apidays

Apidays LIVE Helsinki 2021 - Policy as code By Anders Eknert

In just a few years, Open Policy Agent (OPA) has established itself as the de-facto standard for policy based guard rails around kubernetes clusters - now it's moving into our microservices! In this talk we'll explore the benefits of decoupling policy from application logic, and how OPA can help bring order to an increasingly distributed, heterogeneous and complex tech stack.

Watch Here
Kong

Authorizing Microservice APIs With OPA and Kuma

Kuma is a great way to think about putting a service mesh in place. What you can also do for this authorization system is use Open Policy Agent (OPA). The idea here is you’ve deployed the Kuma data plane and the OPA all on the same server. You can hook up Kuma to the OPA, and then whenever an external request comes in, Kuma will send the agent an authorization query that says, “Hey, is this API call authorized or not?” OPA returns that authorization decision and Kuma is responsible for enforcing that decision.

read more
tech trailblazers podcast

Flash Talk with Bill Mann, CEO of Styra

As part of the Tech Trailblazers Showcase at the London Enterprise Tech Meetup in January, Bill Mann, CEO of Styra, gives an introduction to the firm which won the Containers category in the 2020 Awards. He gives a quick explanation of how Styra is aiming to revolutionize authorization, making it code instead of being defined in PDFs, fast making it the defacto standard for authorization in cloud native environments.

Watch Here
cloudnative AMA

Cloud Native Security AMA with Anders Eknert & Steve Giguere

What is cloud native security? What are the biggest security headaches when moving from legacy stacks to cloud native? Secure by default VS productive by default? Watch Anders Eknert and Steve Giguere answer questions about all things Cloud Native Security and share some of the worst security breaches they have experienced. This session is a recording of the Cloud Native Northern Sweden meetup that took place on March 3. Moderator: Cristian Klein, Senior Cloud Architect at Elastisys.

Watch Here
thenewstack logo

5 OPA Deployment Performance Models for Microservices

For when you need to deploy OPA outside of your application, here are some of the most popular OPA deployment performance models for microservices, along with some *rubs hands* experimental models that can get your creative-architectural juices flowing. No right or wrong answers; with the flexibility of OPA, this is only a matter of finding the right policy model for your environment and your latency needs. Time for the rubber to meet the road.

read more
James blog

Rego Unit Testing

This post is going to outline some basics, interesting tidbits, and caveats on unit testing rego policies.

read more
eweek logo styra

Product Overview and Insight: Styra Software

Styra enables enterprises to define, enforce and monitor policy across their cloud-native environments. With a combination of open-source (Open Policy Agent) and commercial solutions (Declarative Authorization Service), Styra provides security, operations and compliance guardrails to protect applications, as well as the infrastructure on which they run. Styra policy-as-code solutions let developers, DevOps and security teams mitigate risks, reduce human error and accelerate application development. OPA was initially proven out at scale by the likes of Netflix, Capital One, Atlassian, Pinterest and others. Two years later, it has reached the point of over 1 million downloads per week.

read more
DSO overflow logo

DSO Overflow Ep07: Using Rego to define your policies

In this episode we invited Anders from the Open Policy Agent project and Alex one of the masterminds behind a new opensource project called KICS.

Watch Here
TFIR

Styra Registers 3x Revenue Growth In 2020

Styra has announced 2020 results, including over 300 percent growth year-over-year, 90 percent headcount increase and record-breaking open source project success.

The rapid adoption of Styra Declarative Authorization Service (DAS), the company’s turnkey enterprise security solution built on the recently graduated open-source project OPA, can be attributed to accelerating global demand for an authorization solution that meets the flexibility and scale requirements of Kubernetes and cloud-native environments—due in no small part to a newly remote workforce and need for highly available cloud-based applications and services.

read more
TFIR

Steve Erickson, Paul Murphy Join Styra’s Senior Leadership Team

Styra has announced two new additions to its senior leadership team. Steve Erickson and Paul Murphy will serve as vice presidents of engineering and sales, respectively, to support the company’s growth.

The company today also shared its 2020 results, including over 300 percent growth year-over-year, 90 percent headcount growth and record-breaking open source success with OPA.

The new hires bring policy and open source experience to help Styra expand its growing customer base, support the OPA community and provide more teams access to Styra Declarative Authorization Service (DAS), giving them guardrails for Kubernetes and microservices.

read more
AP logo styra

Styra Achieves 3x Revenue Growth Based on OPA Momentum, Graduation and Accelerated Adoption of Cloud-Native Technology

Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, today announced 2020 results, including over 300 percent growth year-over-year, 90 percent headcount increase and record-breaking open source project success. The rapid adoption of Styra Declarative Authorization Service (DAS), the company’s turnkey enterprise security solution built on the recently graduated open-source project OPA, can be attributed to accelerating global demand for an authorization solution that meets the flexibility and scale requirements of Kubernetes and cloud-native environments—due in no small part to a newly remote workforce and need for highly available cloud-based applications and services. This tremendous business momentum comes in parallel with the amazing traction of OPA, which was awarded graduated status from the Cloud Native Computing Foundation (CNCF) after meeting the foundation’s criteria for community growth and project adoption with downloads increasing from 6 million to over 35 million in 2020 alone.

read more
containerjournal

Styra Achieves 3x Revenue Growth Based on OPA Momentum, Graduation and Accelerated Adoption of Cloud-Native Technology

The success of OPA and Styra DAS indicates an inflection point amongst enterprises—the time of digital transformation has officially arrived, and with it the need to secure and manage Kubernetes, containerized microservices and the cloud-native application development environment in general.  Styra continues to add headcount in all areas to support anticipated growth, especially in the areas of sales, engineering, customer success and developer advocacy. In 2021, the company has already made several strategic hires to its senior leadership team including naming Paul Murphy as vice president of sales and Steve Erickson as vice president of engineering.

read more
SVBJ logo styra

People on the move: Steve Erickson

Steve Erickson will serve as Vice President of Engineering to support Styra's innovation and growth. He brings deep policy security expertise to the engineering team as VP and will accelerate feature and product updates for Styra DAS, so more OPA users can manage policy at scale across their cloud-native environments. Styra DAS and OPA fill an important policy and security gap within the cloud-native stack, and Erickson will scale and grow the engineering team to meet market demand.

read more
SVBJ logo styra

People on the move: Paul Murphy

Paul Murphy will serve as Vice President of Sales to support Styra's innovation and growth. With a strong cloud-native background, Murphy will continue to help Styra customers make their digital transformations and embrace the cloud. He will show customers how to use OPA and Styra DAS to minimize risk, mitigate errors and advance security and compliance.

read more
converge digest

Styra cites rapid growth of its cloud-native Open Policy Agent authorization

Privately-held Styra, the founders of Open Policy Agent (OPA) and provides of cloud-native authorization, reported over 300 percent growth year-over-year in 2020. The company's employee headcount grew by 90% during the year.

The company said the rapid adoption of its Declarative Authorization Service (DAS), the company’s turnkey enterprise security solution built on the recently graduated open-source project OPA, can be attributed to accelerating global demand for an authorization solution that meets the flexibility and scale requirements of Kubernetes and cloud-native environments—due in no small part to a newly remote workforce and need for highly available cloud-based applications and services. 

read more
thenewstack logo

The Open Policy Agent Journey from Sandbox to Graduation

As anyone who has built or introduced a new project or product knows, success doesn’t happen overnight. It takes time and patience. When we first started the Open Policy Agent (OPA) project in 2016, we didn’t just spend all of our time on code — a lot of it was spent building awareness around the project and the community. As OPA started gaining traction, we were encouraged every time we’d hear a developer talk about OPA at a conference or mention it in a blog post.

Today, we’re humbled by OPA’s growth and even more amazed by its trajectory. We still remember our first hundred downloads and our first few slack users, and today OPA is a household name among platform engineers and application developers.

read more
TechStrongTV logo

TechStrong TV - February 11, 2021

Torin Sandall, VP of Open Source at Styra, joins Tech Strong TV to talk about Open Policy Agent's Graduation in the Cloud Native Computing Foundation. 

Watch here
aithority logo

SugarCRM Chooses Styra DAS and Open Policy Agent to Automate Authorization Policy for Fast-Growing Volume of Kubernetes Clusters

Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, announced SugarCRM Inc., the innovator of time-aware CX, has deployed Styra Declarative Authorization Service (DAS) to dramatically cut infrastructure costs and free up DevOps and platform team resources and time, while improving security and reducing downtime. SugarCRM has moved from a manual review of workloads and YAML configurations to automated guardrails, enabling the team to spend more time on business-critical projects, accelerate time-to-market, improve reliability and ease compliance concerns.

read more
SiliconAngle

OPA’s graduation from CNCF signals growing interest in unified authorization solution

Open Policy Agent is now officially a member of the Cloud Native Computing Foundation’s graduating class of 2021.

The open-source general purpose policy engine had experienced 91% adoption, according to an OPA user survey, and has been placed in production for major enterprises, such as Netflix Inc., Pinterest Inc., T-Mobile USA Inc. and The Goldman Sachs Group Inc.

The OPA project, created by Styra Inc., achieved graduation from CNCF after completing a security audit, addressing vulnerabilities and defining its own governance. OPA’s mission is to extend user access beyond identity management and authentication into authorized actions.

read more
yahoo finance logo styra

SugarCRM Chooses Styra DAS and Open Policy Agent to Automate Authorization Policy for Fast-Growing Volume of Kubernetes Clusters

Styra DAS enables SugarCRM to improve operational efficiency, reliability and compliance preparedness while cutting costs and freeing resources to focus on business-critical projects

read more
Bloomberg logo styra

SugarCRM Chooses Styra DAS and Open Policy Agent to Automate Authorization Policy for Fast-Growing Volume of Kubernetes

With Styra DAS, SugarCRM has simplified policy enforcement with a built-in library of best practices, allowing the platform team to spend less time researching which policies are important and how to write effective rules. Instead they can spend more time on differentiated work, improving platform availability and reliability, and speeding time to market. Adding to the operational efficiency, all policy decisions can be monitored in real time and tracked historically. That means SugarCRM can look back at every “allow and
deny” decision to prove to the team and their peers in security and compliance that their policy-based controls are effective over time.

read more
thecube logo

Tim Hinrichs, Styra | CUBE Conversation, February 2021

theCUBE host Stu Miniman (@stu) is joined by Tim Hinrichs from Styra for a CUBE Conversation hosted from our Boston studio

Watch Here
Forbes logo

Why Enterprises Must Embrace The Most Recently Graduated CNCF Project - Open Policy Agent

The Cloud Native Computing Foundation announced the Open Policy Agent project’s graduation to join the likes of mature cloud native projects, including Kubernetes, Helm and Prometheus.

OPA was initially created by Styra before joining CNCF in 2018 as a sandbox project. The company now offers a commercial implementation branded as Declarative Authorization Service (DAS), a control plane for authoring and implementing OPA policies. 

read more
help net security logo

Cloud Native Computing Foundation announces graduation of Open Policy Agent

The Cloud Native Computing Foundation (CNCF) announced the graduation of Open Policy Agent (OPA). OPA is an open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack. The project was accepted into the CNCF sandbox in April 2018 and one year later was promoted to incubation.

More than 90 individuals from approximately 30 organizations contribute to OPA, and maintainers come from four organizations, including Google, Microsoft, VMware, and Styra.

read more
Devops

CNCF Graduates Open Policy Agent Project to Manage Compliance as Code

The Cloud Native Computing Foundation (CNCF) announced this week that the Open Policy Agent (OPA) project, which many IT teams are employing to manage compliance as code, has officially graduated.

Torin Sandall, co-founder of the OPA project and vice president of open source at Styra, whose compliance management platform is based on OPA, said formal recognition of OPA alongside other CNCF projects, such as Kubernetes, should help further adoption of the open source project that first took shape in 2016.

read more
aithority logo

Cloud Native Computing Foundation Announces Open Policy Agent Graduation

Open Policy Agent has been adopted widely in production by organizations like Goldman Sachs, Netflix, Pinterest, T-Mobile, and many others. According to a recent OPA user survey of more than 150 organizations, 91% indicated they use OPA in some stage of OPA adoption from QA to production. More than half indicated they use OPA for at least two use cases. The most common use cases for OPA are configuration authorization (such as Kubernetes admission control) and API authorization. The project has successfully integrated with several CNCF projects, including Kubernetes, Envoy, CoreDNS, Helm, SPIFFE/SPIRE, and more. It also integrates with Gatekeeper to provide a Kubernetes-native experience for admission policy enforcement and auditing.


read more
containerjournal

Cloud Native Computing Foundation Announces Open Policy Agent Graduation

The cloud native policy enforcement engine is used in production by organizations like Goldman Sachs, Netflix, Pinterest, and T-Mobile 

OPA is an open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack. The project was accepted into the CNCF sandbox in April 2018 and one year later was promoted to incubation. More than 90 individuals from approximately 30 organizations contribute to OPA, and maintainers come from four organizations, including Google, Microsoft, VMware, and Styra.

read more
dark reading logo-OPA-styra

Cloud Native Computing Foundation Announces Open Policy Agent Graduation

The Cloud Native Computing Foundation (CNCF) announced the graduation of Open Policy Agent (OPA). The project has been adopted widely in production by organizations like Goldman Sachs, Netflix, Pinterest, T-Mobile, and many others.

The most common use cases for OPA are configuration authorization (such as Kubernetes admission control) and API authorization. The project has successfully integrated with several CNCF projects, including Kubernetes, Envoy, CoreDNS, Helm, SPIFFE/SPIRE, and more. It also integrates with Gatekeeper to provide a Kubernetes-native experience for admission policy enforcement and auditing.

read more
CNCF

Cloud Native Computing Foundation Announces Open Policy Agent Graduation

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, today announced the graduation of Open Policy Agent (OPA). OPA has demonstrated widespread adoption, an open governance process, feature maturity, and a strong commitment to community, sustainability, and inclusivity to graduate.

read more
Devops

Meet the Winners of the 2020 DevOps Dozen² Awards

This is the moment you have all been waiting for. It is time to announce the honorees for the 2020 DevOps Dozen² Awards, and we couldn’t be more excited to share the names of the most outstanding leaders and tools in the DevOps community. Although, I must say, all the finalists have done an amazing job at making the DevOps community better through their mentorship, service and innovative ideas, and every single one is deserving of special recognition.

read more
Infoworld logo

Using OPA with GitOps to speed cloud-native development

Devops teams are flocking to GitOps strategies to accelerate development time frames and eliminate cloud misconfigurations. They should adopt a similar ‘as-code’ approach to policy.

read more
Bitlist sytra logo

100 Cyber Security Startupsto watch in 2021

Meet the cyber security startups that are working on revolutionary products and services that protect individuals, businesses and governments from the bad guys online.

read more
vmblog

VMblog 2021 Industry Experts Video Predictions Series - Episode 3

As part of our annual predictions series for 2021, VMblog asked a number of different industry experts to share their thoughts about the new year.

In episode 3, we hear from these experts: Kendall Miller, President, Fairwinds; Ken Grohe, President and CRO, Weka; David Somo, SVP Corporate Strategy, On Semiconductor; Bill Mann, CEO, Styra; Tarun Desikan, Co-Founder and COO, Banyan Security.

Watch as these experts talk about their 2021 predictions and share their thoughts around the future of technology within the IT industry.

read more
vmblog

VMblog 2021 Industry Experts Video #Predictions Series Episode 3 YouTube

As part of our annual #predictions series for 2021, VMblog (https://vmblog.com) asked a number of different industry experts to share their thoughts about the new year. In episode 3, we hear from Bill Mann, CEO of Styra, among others.

watch here
API Belgium Meetup logo styra

API Community Belgium Online Meetup 8 - Open Policy Agent (OPA) by Gustaf Kaijser & Anders Eknert

Styra gives an overview, with use cases, of Open Policy Agent (OPA) and provides insights into the evolution of access control -- Identity and authorization in distributed systems -- at API Belgium's virtual January Meetup. 

Watch Here
Forbes Styra

14 Ways Marketing And Tech Teams Can Collaborate To Boost Targeting And Outreach

Across nearly every industry, technology continues to play an increasingly important role in the workplace. This widespread infusion of technology presents an ideal opportunity for various departments to collaborate with the tech team.

This is especially true for marketing and communications teams, where targeting and outreach are becoming more analytical. Below, the members of Forbes Technology Council share 14 potential projects in which your company’s marketing and tech teams can work together for better outcomes.

read more
TFIR

Software Architects Will Have More Say: 2021 Predictions By Styra

Bill Mann, CEO of Styra shares his predictions for 2021, including that security architects will have a strong voice as their architectures will be applied both across the production environments and the development environments. Their focus will be on standardization and implementing security at an earlier stage.

read more
thenewstack logo

Open Policy Agent: The Top 5 Kubernetes Admission Control Policies

Without the right policies in place, the extensive power of Kubernetes can result in consequences that are as grand as the designs. Fortunately, Kubernetes provides the ability to set policies that can limit those consequences, by checking for — and preventing — deployment mistakes from ever making it into production. To ensure that your teams’ apps aren’t more consequence than confidence, here are the top five Kubernetes admission control policies that you should have running in your cluster right now.

read more
security magazine logo

Shadow IT was a security crisis. Now Shadow IT 2.0 is looming. Let’s skip the crisis this time.

Shadow IT is officially behind us, thanks to standardization, plus tighter interaction between security teams and LOB. But Shadow IT 2.0 is looming, with the star of the show shifting from SaaS to PaaS (platform as a service). With the emergence of public cloud infrastructure, development teams can, for the first time, deploy, configure and manage their own application infrastructure – all without the need to ask permission from IT.

read more
software circus meetup styra

Anders Eknert - Styra - You shall not pass! On identity and access control in distributed systems.

After a brief introduction to the technologies involved, we'll take a deep dive into an architecture utilizing OAuth2 and OpenID Connect for carrying identity across our distributed systems, and how once identity is established, we may leverage Open Policy Agent (OPA) for fine-grained policy based access control in our APIs. We'll learn how to use Rego, the policy language used by OPA, to write concise and clear policies for access control, as well as methods for distributing them across our platforms and how to monitor policy enforcement in real-time.

Watch Here
Forbes Styra

Three Steps To Embrace Cloud-Native And Leverage It To Your Advantage

Automated, consistent policy reduces the risk of user error, removes undifferentiated heavy lifting between repeated tasks, and makes it seamless to onboard new employees and new applications because they’ll have guardrails already in place. It also means that this time, security can be built in from the start instead of added after implementation.

So, where do you start?

read more
thenewstack logo

Why We Need to Rethink Authorization for Cloud Native

As companies embrace cloud native, software-defined development strategies to deliver immense value at unprecedented speed, they are running headlong into the challenge of solving authorization among and between the core components of the cloud native stack. For many companies, OPA represents a way to unify authorization and policy across every cloud environment — and of bringing authorization, itself, into the cloud native era.

read more
Infoworld logo

Using OPA for multicloud policy and process portability

How Open Policy Agent allows developer teams to write and enforce consistent policy and authorization across multicloud and hybrid cloud environments.

read more
aithority logo

Styra Unveils Top 5 Cloud-Native Predictions for the Enterprise in 2021

Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, announced the company’s top five predictions for 2021.

These trends foretell broad-scale changes in the enterprise in 2021 changes that are not limited to technology, but every facet of enterprise business, from company culture, to sales, to talent organization, to the rest of the organization. With these enterprise shifts, inevitably, will come the need for unified authorization across every layer of the cloud-native stack.

read more
Forbes Styra

10 Tech Industry Leaders Share Best Practices For Reviewing Code

A code review process can go more smoothly—and catch more potential problems—if tech teams follow tested best practices. Below, 10 tech leaders from Forbes Technology Council, including Bill Mann from Styra, share helpful strategies for companies looking to implement or perfect a code review process.

read more
techtrailblazers

Winner: Containers Trailblazers Award

Styra has been named the winner in the 2020 Tech Trailblazers Containers category. 

This category is open to all private companies, privately funded or VC backed (Series C or earlier), under six years old. It seeks to recognize the early stage companies who are delivering next generation application infrastructure that help containers evolve from developer laptops to full scale enterprise production success stories.

read more
aithority logo

Styra Unveils Top 5 Cloud-Native Predictions For The Enterprise In 2021

Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, announced the company’s top five predictions for 2021.

These trends foretell broad-scale changes in the enterprise in 2021 changes that are not limited to technology, but every facet of enterprise business, from company culture, to sales, to talent organization, to the rest of the organization. With these enterprise shifts, inevitably, will come the need for unified authorization across every layer of the cloud-native stack.

read more
techtrailblazers

Male CxO Trailblazers Award

Tim Hinrichs, CTO and co-founder of Styra, was named a runner up in the 2020 Male CxO Trailblazers Award.

Male CxO’s within enterprise tech startups demonstrating key qualities and proven achievements: driving company innovation, proof of leadership, implementing and encouraging agile practices, promoting diversity within the company, and contribution to the wider tech community.

read more
thenewstack logo

Quick Take: Container Security on Amazon Web Services

For better or worse, how containers are used on Amazon Web Services will impact the technology’s future. So, for better or worse, it is necessary to track this, which is what AWS developer advocate and Cloud Native Computing Foundation (CNCF) ambassador Michael Hausenblas has done for the second consecutive year. The AWS Container Security Survey 2020 had 156 respondents, of which half used the Elastic Kubernetes Service (EKS) on the Elastic Cloud Compute (EC2) service. In addition, 36% are running a container service on top of AWS Fargate, but with about half of this group exclusively relying on AWS ECS.

read more
CNCF

Secure Policy Distribution With OPA - Ash Narkar, Styra

In this talk, we will describe how OPA can assist in the secure distribution of policies and data by creating a “Signed Bundle” - a bundle that is digitally signed so that industry-standard cryptographic primitives can verify its authenticity. Our demo will show an end-to-end flow of generating and validating a “signed bundle” and also how this reduces OPA’s attack surface.

watch here
CNCF

Fortifying Microservice Security with SPIRE and OPA - Ash Nakar

SPIRE solves authentication by creating an identity plane across varied infrastructure over which cryptographically verifiable identities such as JWTs are delivered securely to workloads. OPA provides a policy engine that can be used to enforce fine-grained authorization policies across the stack. We will show how SPIRE issued JWT SVID claims created using SPIRE’s OIDC Federation can be used by OPA to enforce service-to-service and end-user access control in microservice environments without compromising on speed and availability.

watch here
CNCF

Open Policy Agent Intro - Patrick East, Styra & Max Smythe, Google

OPA is a general-purpose policy engine that solves a number of policy-related use cases for Kubernetes, microservices, CI/CD, cloud, and more. During this session the OPA maintainers will introduce the project for newcomers and then provide updates on the latest and greatest features landing in OPA and OPA Gatekeeper. If you are interested in policy and security as it relates to cloud native technology, this session is for you.

watch here
aithority logo

Styra Declarative Authorization Service Now Available In AWS Marketplace

Styra is now a member of the Amazon Web Services (AWS) Partner Network (APN)  and all three editions of Styra Declarative Authorization Service (DAS) — Free, Pro and Enterprise — are available in AWS Marketplace. Styra DAS is the fastest and easiest way to operationalize OPA at scale across Kubernetes, microservices or custom APIs, and now platform engineers and application development teams have an additional way to access Styra DAS directly through AWS Marketplace. 

read more
DevOps logo

Announcing the 2020 DevOps Dozen² Awards Finalists

Styra has been named a finalist in the 2020 DevOps Dozen² Awards "Best Cloud Native Security Solution/Service" category. Open Policy Agent has also been named a finalist, but in the "Most Innovative DevOps Open Source Project." 

For six years in a row, the awards have been honoring the most outstanding leaders in the DevOps community. This year, the awards program was expanded to include two different sections: DevOps Dozen Tools and Services Awards and DevOps Dozen Community Awards.

read more
CRN Styra

The 10 Hottest Kubernetes Startups Of 2020

As enterprises and cloud services providers rapidly adopt Kubernetes to undergird modern applications, a new generation of startups is emerging to enhance the core technology with deeper observability, code delivery and integration, management and security features.

The following are 10 red-hot startups making waves across the Kubernetes ecosystem.

read more
thenewstack logo

Open Policy Agent for the Enterprise: Styra’s Declarative Authorization Service

Long, long before we were coding policy enforcement into our clouds, we tried to code it into our programs. Most of the answers we created were hard-coded, difficult to maintain, and nigh unto impossible to update. But, in 2016, Open Policy Agent for cloud native environments was created, and policy enforcement in code became much more practical. Now, its developers, under their company, Styra, have announced a new three-tier product offering for Styra Declarative Authorization Service (DAS).

read more
aithority logo

Styra Expands Declarative Authorization Service With Free And Mid-Tier Offerings To Manage OPA At Scale

The new DAS Free and DAS Pro editions, along with the existing DAS Enterprise, give teams of any size and stage a budget-friendly and fast option to operationalize OPA at scale for Kubernetes. Platform engineers and teams can now deploy DAS in just minutes and have access to more than 100 built-in policies, as well as full enterprise-grade monitoring, impact analysis and decision logging. These new offerings enable a self-service experience and eliminate the need for learning and custom coding OPA policies for Kubernetes admission control. 

read more
thenewstack logo

The Power of Kubernetes Admission Control: Why Role-Based Access Control Isn’t Enough

Kubernetes Admission Control is not only powerful but is fast becoming a mandatory tool for securing Kubernetes. Strategies like RBAC, trusted repositories and runtime — while wonderful and necessary in their own right — are simply not enough.

To understand why developers need Admission Control, let’s first take a look at the limitations of RBAC, trusted repositories and runtime tools.

read more
containerjournal

Styra Expands Declarative Authorization Service with Free and Mid-tier Offerings to Manage Open Policy Agent at Scale

The new DAS Free and DAS Pro editions, along with the existing DAS Enterprise, give teams of any size and stage a budget-friendly and fast option to operationalize OPA at scale for Kubernetes. Platform engineers and teams can now deploy DAS in just minutes and have access to more than 100 built-in policies, as well as full enterprise-grade monitoring, impact analysis and decision logging. These new offerings enable a self-service experience and eliminate the need for learning and custom coding OPA policies for Kubernetes admission control.

read more
YahooFinance

Styra Expands Declarative Authorization Service with Free and Mid-tier Offerings to Manage Open Policy Agent at Scale

Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, today announced a new three-tier product offering for Styra Declarative Authorization Service (DAS). The new DAS Free and DAS Pro editions, along with the existing DAS Enterprise, give teams of any size and stage a budget-friendly and fast option to operationalize OPA at scale for Kubernetes.

read more
digital journal styra

Styra Expands Declarative Authorization Service with Free and Mid-tier Offerings to Manage Open Policy Agent at Scale

With the new Styra DAS editions (DAS Free and DAS Pro), platform engineers are now able to get started with DAS Free, a completely free, self-service option for up to two clusters or 10 nodes to streamline the adoption process. For teams with larger production scale needs, DAS Pro offers a clear and transparent pricing model, for up to 50 nodes, to protect and manage Kubernetes clusters as they grow from initial testing/deployment to full production environments.

read more
thenewstack logo

Lightning Demos: Open Service Mesh, Crossplane, Cloudstate, Open Policy Agent and Grafana

In this episode of The New Stack Makers podcast, five guests each offer a hands-on “lightning demo” of their respective open source cloud native projects, as a teaser for next week’s Cloud Native Computing Foundation’s KubeCon + CloudNativeCon North America.

In his demo, Torin Sandall, VP of Open Source at Styra, showed how Open Policy Agent works for microservices API authorization. The demo application consisted of a service offering employee profiles for a company.

read more
Forbes Styra

Avoid The Hidden Costs Of App Development With These 15 Expert Strategies

Developing software applications is an important endeavor for many companies. It’s also a very expensive one—and the costs aren’t always apparent upfront. The time and resources required to build a successful app can quickly deplete a development team’s budget and energy. We asked the members of Forbes Technology Council how to counteract some common “resource bleeds” in app development operations. Their best tips are below.

read more
small batches OPA styra

Open Policy Agent with Torin Sandall

Adam welcomes Torin Sandall to the show. Torin is the Vice President of Open Source at Styra and the co-creator of Open Policy agent.

Adam & Torin discuss the origin of the project, why create new language from scratch called Rego, why that language is awesome, how Adam fell in love with Conftest, and how to use all these tools to create more secure systems.

read more
Gestalt IT styra

Pet Perplexity vs. Cattle Control with Styra

My focus is on security, so a lot of my discussion with them focused on security. One of the big things that captured my attention was their Open Policy Agent (OPA). This tool was developed as an open source method of providing admission control for microservices and containers. Rather than letting developers create more and more containers to accomplish a goal, or worse yet, have dozens created under their IDs in an attack, Styra OPA allows you to set rules and conditions for admission control.

read more
Infoworld logo

Using OPA for cloud-native app authorization

Learn how companies like Netflix, Pinterest, Yelp, Chef, and Atlassian use OPA for ‘who-and what-can-do-what’ application policy.

read more
Kong

Microservice Authorization with Open Policy Agent and Kuma

Applications architected as microservices are becoming more prevalent every day, but just like their monolithic ancestors, microservice applications must adhere to organization-wide constraints around compliance, security, performance, etc. Authorization, controlling which people and machines can perform which actions, is a foundational security problem that requires new solutions in a microservice world because of changes in requirements around performance, availability, and even where authorization gets enforced architecturally.

read more
Kong

Learnings from CNCF’s Envoy and OPA Creators Matt Klein and Tim Hinrichs

This talk discusses describes taking a policy-as-code approach, where authorization policies are decoupled from the underlying microservices yet employ a shared-fate evaluation model so that policies are consistent, enforced consistently, meet high-availability and performance demands, and enable relatively rapid security reviews and hot-patching. Specifically, we describe how to employ the Open Policy Agent for a unified approach to policy-as-code, where policies are enforced through the Kuma service mesh.

read more
Forbes Styra

Everything You Know About Authorization Is Wrong

Today, authorization refers not only to people, accounts and roles and the permissions they have but — crucially — also to infrastructure authorization. The entire tech stack today is now software-defined. The controls of "who or what can do what" are more important than ever — and they can only be effective if they, too, are software-defined.

In other words, we've moved from just "Who can do what?" to "What can do what?"

read more
thenewstack logo

Join Us Oct. 20 for KubeCon Preview Livestream Demos: 5 Projects, 10 Minutes Each

OPA (pronounced “oh-pa!” like a thrown plate) is a unified toolset and framework for policy enforcement across your whole cloud native stack. Torin Sandall, VP of open source and co-creator of OPA at Styra, will demonstrate how OPA aims to decouple policy decision-making from policy enforcement, so that you can release, analyze and review policies, compliance and security, while not seeing a drop in performance or availability.

read more
contributor logo styra

Open Policy Agent with Torin Sandall

Eric Anderson catches up with Torin Sandall, co-creator of Open Policy Agent (OPA), the open-source, general-purpose policy engine. By focusing on demonstrating OPA’s value through case studies, targeted interviews, and word-of-mouth, Torin and the folks at Styra were able to grow OPA into the emerging standard for unified policy enforcement across the cloud-native stack.

read more
Forbes Styra

14 Innovative Strategies To Help Tech Leaders Find New Talent

With so many tasks on their to-do list, tech leaders often don’t have much time left to source and recruit top talent for open positions on the team. That’s why we asked the members of Forbes Technology Council how they manage to balance their talent search with their heavy workloads. Try these 14 innovative strategies to build out your dream tech team.

read more
Infoworld logo

Using OPA to safeguard Kubernetes

Open Policy Agent addresses Kubernetes authorization challenges with a full toolkit for integrating declarative policies into any number of application and infrastructure components.

read more
AWS containers from the couch podcast styra

Policy-based control for cloud native environments using OPA

Join Paavan, and the co-creators of OPA (Tim Hinrichs and Torin Sandall) as we dive in to look at managing your security policy using OPA and Styra Declarative Authorization Service. 

read more
converge digest

Open Policy Agent: Building a standard for cloud-native authorization

Here is a quick introduction to Open Policy Agent (OPA), which is now a Cloud Native Computing Foundation incubating project, and which provides an open source, general-purpose policy engine for cloud infrastructure.

read more
ItOpsTimes Styra

KubeCon + CloudNativeCon EU: Datadog Live Containers, NeuVector compliance templates, and more

KubeCon + CloudNativeCon EU is continuing through tomorrow. Here are a few more highlights from the event, including Styra providing long term support and new online academy for Open Policy Agent. 

read more
containerjournal

Styra Offers Long Term Support Release for Open Policy Agent

As companies move from experimentation towards production, reducing risk becomes more critical.  One way some teams mitigate risk is by limiting when new features and functionality can be deployed. Styra Essentials limits the risk often associated with new features, while still providing security-related updates on a schedule that can be managed by companies for which outage windows, patches and updates are closely managed.

read more
vmblog - styra

Styra Offers Long Term Support Release for Open Policy Agent

Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, today announced that Styra Essentials now includes Long Term Support for Open Policy Agent, enabling companies in highly regulated industries to take advantage of cloud-native authorization policy. Highly regulated industries typically limit how often companies can update their software in order to reduce new risks. Styra Essentials solves this problem with a vetted,  semi-annual version of OPA that includes critical fixes and security patches, as well as Styra Essentials 24x7 support.

read more
infosecurity-styra-logo

Why Microservices Require Unified Tools for Authorization

Cloud-native organizations embracing microservices are running into an unavoidable security question: how to handle microservice authorization controls?  

read more
security magazine logo

Authentication vs. authorization | Why we need authorization standards and what it means for enterprise cybersecurity

During my time at both CA and at Centrify, I witnessed the transition from built-in, local, native, per-service authentication to shared, externalized, standards-based authentication. The security industry must make the same paradigm shift for authorization—with proven, industry-accepted standards that enterprises can easily operationalize. That change is already underway.

read more
Infoworld logo

OPA: A general-purpose policy engine for cloud-native

Created four years ago as an open-source, domain-agnostic policy engine, OPA is becoming the de facto standard for cloud-native policy. As a matter of fact, OPA is already employed in production by companies like Netflix, Pinterest, and Goldman Sachs, for use cases like Kubernetes admission control and microservices API authorization. OPA also powers many of the cloud-native tools you already know and love, including the Atlassian suite and Chef Automate.

read more
Coruzant logo

Styra Simplifies Cloud-native Policy and Authorization for All

Everything that the team at Styra continues to build brings us ever closer to achieving our plan—from developing Rego, to contributing OPA to the CNCF, to building Styra Declarative Authorization Service as our OPA control plane, to enhancing each with new features based on community learnings and best practices. And now, we’ve taken our next big step forward by “democratizing” policy authorization with the Rego Policy Builder. 

read more
devops digest logo

Styra Introduces Rego Policy Builder for Declarative Authorization Service

Styra announced Rego Policy Builder for the Styra Declarative Authorization Service (DAS).

With Rego Policy Builder, DevOps/platform teams can more easily build authorization policy in Styra DAS, with a point-and-click interface that speeds development of new rules and provides a policy interface that is easy to read.

Continuing the vision of the OPA founders, this latest enhancement to the OPA control plane empowers more teams to take advantage of the speed and security of policy-as-code for unified authorization.

read more
Security Blvd logo

Styra Adds Declarative Tool to Generate Authorization Policies

Styra this week launched a declarative tool that enables cybersecurity teams to generate authorization policies that can be implemented programmatically by a DevOps team.

Company CEO Bill Mann said Rego Policy Builder for the Styra Declarative Authorization Service (DAS) is intended to help organizations bridge the divide between cybersecurity teams that define policies and developers that are increasingly being tasked with implementing them.

read more
aithority logo

Styra Introduces Rego Policy Builder For DAS Making OPA Accessible To More Teams

The Styra DAS Rego Policy Builder provides a streamlined, graphical, purpose-built, point and click policy interface for OPA authorization rules. This visualization of policy-as-code enables DevOps, security and compliance teams to take advantage of the speed and security of OPA, without investing up-front time to learn all the details of its custom policy language, speed development of sophisticated security, compliance and operational rules for modern cloud-native applications, and more easily communicate across teams to prove that security is in place, and built as intended.

read more
DevOps logo

Styra Introduces Rego Policy Builder for Declarative Authorization Service Making Open Policy Agent Accessible to More Teams

With Rego Policy Builder, DevOps/platform teams can more easily build authorization policy in Styra DAS, with a point-and-click interface that speeds development of new rules and provides a policy interface that is easy to read. Continuing the vision of the OPA founders, this latest enhancement to the OPA control plane empowers more teams to take advantage of the speed and security of policy-as-code for unified authorization.

read more
Coruzant logo

How One CEO is Bringing Security to DevOps in the Cloud with CEO Bill Mann | Ep 55

Former software engineer and now CEO, Bill Mann, joins Coruzant Technologies for the Digital Executive podcast. He shares how Styra, Open Policy Agent (OPA) and Declarative Authorization Service (DAS) provide security, operations and compliance guardrails for the cloud environment.

read more
SiliconAngle

Styra’s policy-as-code approach targets security in the cloud-native stack

Styra Inc. is offering a double-barreled approach to bolstering security and compliance in the cloud-native world.

Through the company’s open-source Open Policy Agent, software developers can apply security and compliance policies to the Kubernetes container orchestration platform. Styra is also providing a software-as-a-service declarative authorization service product — Styra DAS — to help enterprises ensure that workloads are compliant with internal and external regulation.

read more
thecube logo

Bill Mann, Styra | CUBE Conversation, July 2020

Styra Inc. is offering a double-barreled approach to bolstering security and compliance in the cloud-native world.

Through the company’s open-source Open Policy Agent, software developers can apply security and compliance policies to the Kubernetes container orchestration platform. Styra is also providing a software-as-a-service declarative authorization service product — Styra DAS — to help enterprises ensure that workloads are compliant with internal and external regulation.

read more
TFIR

Unified Solution For Authorization Across Cloud: Tim Hinrichs, Co-Founder/CTO, Styra

In this episode, we sat down with Tim Hinrichs, a co-founder of the Open Policy Agent project and CTO of Styra. We talked about why he created Styra and its relationship with Open Policy Agent (a project that was contributed to CNCF). We also talked about Styra Declarative Authorization Service (DAS) and why Styra is focussing on the Kubernetes use case.

read more
businessinsider

Fortress Cyber Security Awards Honors 41 Global Innovators and Products

The Business Intelligence Group today announced the winners of the 2020 Fortress Cyber Security Awards. The business award program sought to identify and reward the world's leading companies and products that are working to keep our data and electronic assets safe among a growing threat from hackers.

read more
YahooFinance

Styra Declarative Authorization Service Wins 2020 Fortress Cyber Security Award

Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, today announced that Styra Declarative Authorization Service (DAS) has won the Business Intelligence Group 2020 Fortress Cyber Security Award in the Compliance category. The industry awards program recognizes Styra for being among the world’s leading companies and products working to keep data and electronic assets safe as security threats continue to grow. 

read more
Dzone Styra OPA

Kubernetes Pod Security Policies with Open Policy Agent (OPA)

Kubernetes is the most popular container orchestration platform in today's cloud-native ecosystem. Consequently, Kubernetes is also an area of increased interest and attention.

In this blog post, first I will discuss the Pod Security Policy admission controller. Then we will see how Open Policy Agent can implement Pod Security Policies.

read more
Styra News TechStrong

Tim Hinrichs – TechStrong TV

Mike Vizard speaks with Tim Hinrichs, CTO of Styra, about additions to its Declarative Authorization Service for microservices security and compliance.

With authorization for microservices, Styra DAS helps operationalize the service mesh by controlling what APIs can be executed on what services, both on ingress and egress. As companies increase deployments and software scales to customer demands, these controls are critical in ensuring cloud-native applications adhere to data privacy and compliance regulations, as well as risk mitigation.

read more
containerjournal styra microservices

Styra Brings Compliance Controls to Microservices

Styra today announced it has extended the Styra Declarative Authorization Service (DAS) for automating compliance management to now include support for both microservices and the service mesh platforms that are relied on to manage them.

Company CTO Tim Hinrichs says Styra Declarative Authorization Service can now be employed to ensure compliance by attaching open source Open Policy Agent (OPA) software on which Styra DAS relies as a sidecar using containers.

 

read more
vmblog styra microservices

Styra Declarative Authorization Service Expands Offering to Microservices and Service Mesh

 Styra Declarative Authorization Service (DAS) now supports microservices and extends context-based authorization to the service mesh. This new use case is the second addition to the company's turnkey enterprise security solution, which is built on OPA. 

read more
aithority styra microservices

Styra Declarative Authorization Service Expands Offering to Microservices and Service Mesh

Built on Open Policy Agent, Styra is the first and only company to solve authorization for both Kubernetes and Microservices. 

Styra DAS provides security, compliance and operational guardrails for both Kubernetes and microservices to help customers mitigate risk, reduce errors and accelerate software development. With OPA at its core, Styra DAS provides a single control plane for authorization both within applications and for the infrastructure they run upon. 

read more
devops digest styra microservices

Styra Declarative Authorization Service Expands Offering to Microservices and Service Mesh

Styra DAS was introduced in 2019 to help enterprises set up policy-as-code guardrails for Kubernetes, ensuring that workloads are compliant with both internal and external regulations. Now, with support for microservices, Styra DAS provides unified policy across two crucial layers of the new software stack: Kubernetes and microservices.

read more
kubernetes podcast styra

Open Policy Agent, with Tim Hinrichs and Torin Sandall

Tim Hinrichs and Torin Sandall are the creators of Open Policy Agent (OPA), a project which allows policy to be integrated with popular cloud native software (including Kubernetes and Envoy) or anything you write yourself. Adam and Craig discuss OPA with Tim and Torin after the news of the week.

read more
techtarget styra

IT compliance as code tool makes Kubernetes security inroads

Open Policy Agent has turned heads among IT shops for Kubernetes compliance as code, and its commercial backer looks to capitalize on that momentum with new enterprise features.

The company, Styra, offers IT compliance as code and technical support based on the Open Policy Agent (OPA), which caught the attention of Kubernetes security practitioners last year. The OPA is a declarative means to apply security and compliance policies to the container orchestration platform.

read more
thenewstack styra

Open Policy Agent: Authorization for the Cloud

Talks focused on Open Policy Agent (OPA) are featured prominently in the agenda for KubeCon + CloudNativeCon Europe — 15 OPA-focused sessions were accepted from users at Google, City of Ottawa Ada Health and more — signaling the importance of authorization in the cloud.

While the event and those talks are now on hold until August, that doesn’t mean we should postpone learning more about authorization within applications, across Kubernetes clusters and on top of a service mesh. 

read more
containerjournalstyra

Styra brings compliance as code to Kubernetes

Styra today announced it has added support for Kubernetes Mutating Webhooks and a new compliance pack for pod security policies (PSP) to its software-as-a-service (SaaS) platform for managing container compliance.

Bill Mann , CEO of Styra, says Styra DAS is designed to enable DevOps teams to more easily author, distribute, monitor and analyze instances of compliance as code built using OPA. Rather than having to perform those tasks manually, Styra DAS provides access to a control plane to manage that process end to end, he says.

read more
aithority styra

Styra extends security and compliance to Kubernetes

As enterprises move containerized/cloud-native applications into production, they must ensure that workloads are secure and compliant with relevant regulations before they reach runtime. This can require manual reviews and operational overhead, both of which can lead to operational errors, risk and interruptions that slow developer productivity.

Styra mitigates these risks with guardrails that integrate with Kubernetes to allow only what’s right, minimizing human error and preventing non-compliant workloads from ever reaching production.

read more
devops digest logo

Styra Enhances DAS

Styra announced new enhancements to their Declarative Authorization Service (DAS), including support for Kubernetes mutating webhooks and new compliance pack for pod security policies.

Styra DAS, the company’s first commercial product, is a management plane that enables Developers and DevOps teams to operationalize OPA authorization policies. These new enhancements extend the Styra DAS security and compliance solution for Kubernetes, enabling DevOps to author, distribute, monitor, audit and perform impact analysis for OPA policy-as-code guardrails, with a consistent framework.

read more
vmblog

Styra extends security and compliance to Kubernetes

Adding support for Kubernetes mutating webhooks enables Styra policies to go beyond "allow or deny," to automatically append, update or add relevant parameters to ensure workloads are compliant before they reach production.

The new Pod security policies (PSP) pack extends the existing best practices and PCI DSS 3.2 policy packs, all of which eliminate the need to research, identify and implement baseline guardrails/policies for Kubernetes. 

read more
YahooFinance

Styra Extends Security and Compliance for Kubernetes

Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, today announced new enhancements to their Declarative Authorization Service (DAS), including support for Kubernetes mutating webhooks and new compliance pack for pod security policies.

These new enhancements extend the Styra DAS security and compliance solution for Kubernetes, enabling DevOps to author, distribute, monitor, audit and perform impact analysis for OPA policy-as-code guardrails, with a consistent framework.

read more
software engineering radio styra

Episode 406: Torin Sandall on Distributed Policy Enforcement

Torin Sandall of Styra and Open Policy Agent discussed OPA and policy engines and how they can benefit software projects security and compliance.

He also discussed how policy engines can be leveraged in combination with authentication protocols, such as OAUTH, to create a Authentication, Authorization, and Account (AAA) stack within applications.

read more
YahooFinanceStyra

Styra Further Commits to Safeguarding Customer Data With SOC 2 Attestation

Styra, Inc., the founders of Open Policy Agent and leaders in cloud-native authorization, today announced that it has successfully completed the Service Organization Control (SOC) 2 Type I audit for the Styra Declarative Authorization Service (DAS)

The SOC 2 audit addresses controls relevant to security, availability and processing integrity of the systems the service organization uses to process users’ data, and the confidentiality and privacy of the information these systems process.

read more
ITProPortalStyra

3 trends behind the need to reinvent policy and authorisation in cloud-native application architectures

The application development market is moving to containerised “cloud-native” application architectures and away from monolithic apps. 

In the speed of this new world, businesses must continue to be efficient, while also mitigating risk and reducing errors.  The only answer?  Automated authorisation, or policy-as-code.

read more
Silicon Angle Styra Open Policy Agent

At KubeCon, cloud-native starts to get real for the enterprise

In order to operationalize cloud-native technologies for widespread enterprise use at scale...three core challenges [Governance, security and compliance] suddenly become top of mind.

Such is the strategy of Styra, the vendor behind the open-source Open Policy Agent project. The idea of OPA is to establish a lightweight, standard approach to representing and enforcing policies across the Kubernetes landscape. Today, Styra is ramping up its efforts to commercialize OPA, offering declarative authorization for securing Kubernetes...

read more
dzone

DZone: What are the most common failures you see with K8s?

To understand the current and future state of Kubernetes (K8s) in the enterprise, we gathered insights from IT executives at 22 companies. We asked, "What are the most common failures you see with K8s?" Typically these failures are the function of a lack of knowledge and skill, highly complex technology, lack of planning for security, and day-two operations...

read more
dzone

DZone: How to Implement Kubernetes - Start with security, planning, skills, and data locality.

To understand the current and future state of Kubernetes (K8s) in the enterprise, we gathered insights from IT executives at 22 companies. We asked, "What are the most important elements of implementing K8s for orchestrating containers?" Here’s what we learned...

read more
opensource.com

Opensource.com: Open Policy Agent—Cloud-native security and compliance

A look at three use cases where organizations used Open Policy Agent to reliably automate cloud-based access policy control.

Every product or service has a unique way of handling policy and authorization: who-can-do-what and what-can-do-what. In the cloud-native world, authorization and policy are more complex than ever before. As the cloud-native ecosystem evolves...

read more
techbeacon

TechBeacon: The state of container security: Tools, policy trail the technology

Gartner recently included container security as one of its Top 10 Security Projects for 2019. However, container technology remains something of a mystery to many cybersecurity pros.

That unfamiliarity is complicated by a lack of adequate tools on this front: ESG data says that more than 30% of security pros indicate that their organization's current security solutions don't support containers and that most of the specialized tools available...

read more
containerjournal

Container Journal: Why Styra Open Sourced OPA

As founders and maintainers of the Open Policy Agent project (OPA), Teemu Koponen, Torin Sandall and I are pleased to be looking back at the project’s first three years and recognizing a significant milestone. At KubeCon in Barcelona, we were overwhelmed by support—many people and companies that we have had no interaction with were extolling the virtues of OPA Policy and claiming that OPA “was everywhere.” This followed...

read more
techtarget

TechTarget: Kubernetes policy project takes enterprise IT by storm

A Kubernetes-friendly compliance as code project hosted by the CNCF has caught on among large enterprises in the first half of 2019, largely through word of mouth.

An open source compliance as code project has gained a groundswell of popularity over the last six months among enterprise IT pros, who say it simplifies and standardizes Kubernetes policy management...

read more
itbriefcase

IT Briefcase: Kubernetes Security & Compliance—How Software Development is “Shifting Security Left”

Tim Hinrichs, CTO and Co-Founder of Styra and Co-Founder of Open Policy Agent, sees the world of Kubernetes security and compliance evolving rapidly. Here, he shares insights about how software development teams are “shifting security left,” focusing on prevention, rather than detection...

read more
dzone

DZone: DevSecOps Keys to Success— automation, shifting left, and collaboration

To understand the current and future state of DevSecOps, we gathered insights from 29 IT professionals in 27 companies. We asked them, "What do you consider to be the most important elements of a successful DevSecOps implementation?" Here's what they told us...

read more
containerjournal

Container Journal: Styra Shifts Kubernetes Policy Management Left

At the KubeCon + CloudNativeCon Europe 2019 conference this week, Styra announced it has extended the policy management engine it created for Kubernetes clusters to provide additional integrations and controls intended to advance best DevSecOps practices.

The Styra Declarative Authorization Service (DAS) is based on the open source Open Policy Agent (OPA) software the company developed...

read more
devclass

OPA gets to leave the sandbox to play with the big kids in the CNCF incubator

Policy engine Open Policy Agent, or OPA for short, has been accepted into the incubator of the Cloud Native Computing Foundation (CNCF). The project joined the CNCF’s sandbox in March 2018 and is now expected to graduate within the next two years.

To get into the incubating stage of the CNCF, a project needs at least two members of the technical oversight committee as sponsors, and it must document that it is successfully...

read more
vmblog

Why Enterprises Must Embrace The MostRecently Graduated CNCF Project - OpenPolicy Agent

The Cloud Native Computing Foundation announced the Open Policy Agent project’s graduation to join the likes of mature cloud native projects, including Kubernetes, Helm and Prometheus.

OPA was initially created by Styra before joining CNCF in 2018 as a sandbox project. The company now offers a commercial implementation branded as Declarative Authorization Service (DAS), a control plane for authoring and implementing OPA policies.

read more

1800 Broadway, Suite 1 Redwood City CA 94063