Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, today announced that Styra Declarative Authorization Service (DAS) now supports microservices and
extends context-based authorization to the service mesh. This new use
case is the second addition to the company's turnkey enterprise security
solution, which is built on OPA. Now, Styra DAS provides security,
compliance and operational guardrails for both Kubernetes and
microservices to help customers mitigate risk, reduce errors and
accelerate software development. With OPA at its core, Styra DAS
provides a single control plane for authorization both within
applications and for the infrastructure they run upon.
Styra Support for Microservices and Service Mesh
Styra DAS was introduced in 2019 to
help enterprises set up policy-as-code guardrails for Kubernetes,
ensuring that workloads are compliant with both internal and external
regulations. Now, with support for microservices, Styra DAS provides
unified policy across two crucial layers of the new software stack:
Kubernetes and microservices.
With
authorization for microservices, Styra DAS helps operationalize the
service mesh by controlling what APIs can be executed on what services,
both on ingress and egress. As companies increase deployments and
software scales to customer demands, these controls are critical in
ensuring cloud-native applications adhere to data privacy and compliance
regulations, as well as risk mitigation. Styra DAS goes beyond what
service mesh provides natively, by allowing any business context to be
evaluated, compared and included in policy decisions. Developers have
far richer control over service proxy authorization and can tightly
define communication throughout the mesh.
"It's
critical when working with highly private data, like medical data, that
it's carefully controlled and formatted. When my team transfers data
within an app, it has to be under the correct circumstances," said
Martin Pratt, program director (Platform) at Ada Health. "To stay
compliant, we tried to build our own service mesh rules, but the
complexity resulted in cognitive overhead, difficulty troubleshooting
and inconsistencies with the way we were defining policy in other areas
of our environment. With OPA, we now have a single way to define policy,
and with Styra DAS, we're able to distribute, monitor and perform
impact analysis for these rules."
With
Styra DAS, each team no longer needs to implement a dedicated,
custom-built authorization system for their particular part of the
application (infrastructure, containers, etc.). Instead, they can use a
common policy language everywhere, freeing them to spend more
development cycles on crucial, more differentiated problems and
accelerate their time-to-market.
"With
support for microservices, we've reached another milestone on our
journey to provide authorization across the cloud-native stack," said
Tim Hinrichs, co-creator of OPA and co-founder and CTO of Styra. "When
we founded OPA, we designed it for portability -- and indeed OPA is now
used across the most critical cloud-native components. With Styra DAS,
we started at the platform level with Kubernetes guardrails, and are now
extending into the app with support for microservices authorization.
It's thrilling to see our vision borne out in real-world customer
deployments."
Benefits of OPA and Styra DAS
OPA
and Styra DAS work together to solve typical entitlements/authorization
problems for enterprises. For example, enterprise development teams
typically build siloed policy in multiple places, use different
languages to codify authorization, and have infrastructure policy that
is typically unrelated to app policy.
OPA
and Styra DAS overcome these issues by providing developers with a
common policy language, toolset and framework for policy across the
cloud-native stack. OPA adds context-aware policy evaluation to tightly
control exactly what the proxies allow or deny, and does so with the
same policy language and tooling used for all authorization decisions.
Styra DAS provides the authoring, distribution, impact analysis,
monitoring and audit controls for that policy.
Availability
Styra DAS support for microservices is available now to all customers. Learn more about Styra here.