Styra today announced new enhancements to
their
Declarative Authorization Service (DAS), including support for
Kubernetes mutating webhooks and new compliance pack for pod security policies.
Styra DAS, the company's first commercial product, is a management plane that
enables Developers and DevOps teams to operationalize OPA authorization
policies. These new enhancements extend the Styra DAS security and compliance
solution for Kubernetes, enabling DevOps to author, distribute, monitor, audit
and perform impact analysis for OPA policy-as-code guardrails, with a
consistent framework.
As
enterprises move containerized/cloud-native applications into production, they
must ensure that workloads are secure and compliant with relevant regulations
before they reach runtime. This can require manual reviews and operational
overhead, both of which can lead to operational errors, risk and interruptions
that slow developer productivity. Styra mitigates these risks with guardrails
that integrate with Kubernetes to allow only what's right, minimizing human
error and preventing non-compliant workloads from ever reaching production.
"Our
team is always trying to get the most out of automation, so that we can focus
on quickly delivering apps and updates to our customers," says Marlene Veum,
Director, Security Engineering at Frontdoor, Inc. "That said, compliance is a
big wrapper around everything we do, and we can't cut corners when it comes to
internal and external regulations. By supporting Kubernetes Pod Security
Policies and mutating webhooks, Styra allows us to easily implement best
practices across our clusters without having to research and build them from the
ground up, and eliminates a lot of manual overhead that can slow our release
cycles-freeing our team up to focus on delivering the best apps to our
customers."
Adding
support for Kubernetes mutating webhooks enables Styra policies to go beyond
"allow or deny," to automatically append, update or add relevant parameters to
ensure workloads are compliant before they reach production. Support for these
Admission Controllers means Styra DAS can automatically remediate problems that
would otherwise result in blocked workloads and manual review. The new Pod
security policies (PSP) pack extends the existing best practices and PCI DSS
3.2 policy packs, all of which eliminate the need to research, identify and
implement baseline guardrails/policies for Kubernetes. With best-practice
guardrails in place from the start, human error and missteps that delay
projects, slow delivery and introduce risk are eliminated.
"As
more organizations embrace the cloud, they also need to adopt a cloud-native
authorization policy in order to mitigate security and compliance risk. Our
mission now is the same as it has been since we launched OPA -- to provide
organizations with the guardrails necessary to implement a consistent policy
framework across the entire app development environment," said Tim Hinrichs,
co-founder and chief technology officer of Styra. "These new enhancements to
Styra DAS help our customers eliminate manual overhead, minimize risk and
accelerate development timelines."
Increasing developer productivity with Styra DAS
Mutating Webhooks: Taking full advantage of Kubernetes
Admission Control APIs, support for Mutating Webhooks means that Styra DAS can
automate compliance and minimize the need for human intervention. This streamlines
delivery pipelines and lessens interrupts that can distract and slow DevOps
teams. The ability to automatically modify non-compliant workloads before
deployment means, for example, that workloads missing critical configuration
like resource requirements, privilege controls, labels or network parameters
will have those details added programmatically, based on specified
policy.
Mutating
webhooks can also help ensure correct, consistent deployment. For example,
Styra DAS can enforce policy that automatically adds an appropriate sidecar,
such as a proxy, to each relevant workload to ensure service mesh or networking
rules always have the necessary components to keep clusters running correctly.
Pod Security Policies Packs: PSPs, which are
native to Kubernetes, enable developers to control access to the host operating
system. Acting as built-in baseline guardrails across clusters, PSPs allow
developers to enforce run-time permissions for a container and permit actions
on the kernel. While PSPs are valuable to managing security risk, the time and
expertise needed to research, identify and manually implement them on each
Kubernetes cluster can result in costly delays due to misconfigurations.
With
Styra support for PSPs, developers can build, save and distribute PSP policy in
discrete "packs" to accelerate Kubernetes adoption, decrease time spent writing
and configuring policies from scratch and reduce human error. Styra eases the
process of authoring configurations and distribution across clusters, while also
providing DevOps teams impact analysis, monitoring and auditing of
results.
Availability
Automatic
webhook mutating and PSP packs are available now to all Styra customers.