Styra, Inc., the founders of Open Policy Agent (OPA), announced new compliance packs for its Declarative Authorization Service (DAS),
which include MITRE ATT&CK Matrix for Enterprise covering
cloud-based techniques, and CIS Kubernetes Benchmarks, to ease
collaboration between security and DevOps teams. These two new turnkey
compliance packs consist of best practices from the OPA community, and
are the latest additions to the Styra compliance pack library, which
includes PCI DSS 3.2, Admission Control Best Practices and Kubernetes
Pod Security Policies.
Styra
created OPA, an open source project, to provide unified authorization
across the cloud-native stack. And, Styra DAS, the company's flagship
commercial product, is a management plane that enables developers and
DevOps teams to operationalize OPA in production. Together, OPA and
Styra DAS provide security, operations and compliance guardrails to
protect applications, as well as the infrastructure they run on.
As
enterprises embrace the cloud, and embark upon their digital
transformation journeys, IT teams must focus on breaking down silos and
streamlining procedures to address the new operational and compliance
challenges of cloud-native environments. Styra DAS compliance packs
eliminate the need for IT and DevOps teams to research, identify and
implement baseline policies. The technology allows teams to abstract
policy as code into plain language, and align security practices to
standards such as MITRE, CIS Benchmarks, and PCI, and prove compliance
with detailed audit logs.
"To
reduce security and compliance risk, organizations must implement
cloud-native authorization policies. Our policy compliance packs help to
accelerate Kubernetes adoption, decrease time spent writing and
configuring policies from scratch, and reduce delays and risk resulting
from human error," said Tim Hinrichs, co-founder and chief technology
officer of Styra. "These new additions to Styra DAS also help bring a
collaboration-first element to the DevOps culture of innovation, by
bridging the gap between different teams as they continue to manage
rapid transformations in the industry."
Security vs Speed
To
support the shift to containerized applications, security teams have to
spend a lot of time researching, developing and implementing new
security policies. Typically, this requires manual reviews which create
operational overhead and introduces the risk of human error. Styra DAS
compliance packs eliminate manual effort with a turnkey set of relevant
OPA policies that can be easily understood, and implemented in minutes.
With Styra DAS Compliance Packs, enterprise teams get:
- Proven security policies abstracted into plain language and mapped to standards
- Detailed logs, audit trail to prove compliance over time
- One-click impact analysis to ensure that moving to a compliant state won't break applications or infrastructure
- Continuous monitoring of all decisions to feed a SIEM, SOC, etc.
Because
these packs offer a clear standard for policy-as-code rules, rather
than multiple languages or implementation styles, teams have a unified
approach that makes collaboration and auditing easier.
With
Styra DAS compliance packs, policy can be altered without any changes
to clusters or K8s deployment. The clusters, workloads and services
themselves can be swapped, changed and updated independently, without
worrying that new risk has been introduced, as policy guardrails are
always in place. Additionally, policy is portable across clusters for
scale and automation, and no rework is needed to scale out deployments.
Styra DAS impact analysis shows where policy changes will affect
deployments, as well as what needs to be fixed to ensure that moving to a
compliant state will not break applications or infrastructure. Styra
DAS compliance packs are the fastest and simplest way to deploy OPA
policy as code to meet regulatory requirements.
Meeting Security Industry Standards
In
addition to existing compliance packs, which include Best Practices,
Pod Security Policies and PCI DSS 3.2, this latest release provides
collections of OPA policies to address the MITRE ATT&CK Matrix for
Enterprise covering cloud-based techniques and CIS Kubernetes
Benchmarks. The MITRE ATT&CK Matrix compliance pack provides a
collection of OPA policies that help break the attack lifecycle used by
attackers to infiltrate clusters, move laterally to find sensitive data
and finally exfiltrate that data. With the second pack, CIS Kubernetes
Benchmarks, Styra DAS users can apply proven security policies across
clusters, in keeping with the recommendations made in the Center for
Internet Security guidelines and best practices. With these new packs,
security and DevOps teams can work together to easily implement new
policy-as-code guardrails that map directly to proven security best
practices.
The
CIS Kubernetes Benchmarks and MITRE ATT&CK Matrix compliance packs
are available now to all Styra customers. To learn more about securing
your cloud-native solutions with Styra, visit https://www.styra.com/.