Developers have more access to, and control over, compute resources than ever. Public cloud, infrastructure-as-code and cloud-native development and consumption models are great accelerators of what developers can achieve in short development cycles.
But human error, badly designed code or releases that get rushed out the door to be the first-to-market, coupled with the enormous level of control developers have over infrastructure: it’s an explosive mixture waiting to explode. And of course, it regularly does. Examples abound of data breaches, regulatory violations, fines and sanctions. It’s almost like every tech company is constantly facing these problems.
This is why security and governance are key, albeit underexposed, aspects of any software development pipeline. There are many policy-as-code and DevSecOps solutions to eliminate operational, security and compliance risk, and we’ve covered a fair bunch on Amazic World in the past:
New kid on the block is Styra delivering declarative authorization solutions for
cloud-native security. Their most notable feat is the creation of the Open Policy Agent, a CNCF incubation project.
The Open Policy Agent (OPA) is an open-source, general-purpose policy engine that enables unified, context-aware policy enforcement for cloud-native environments.
Styra is the Enterprise product built on top of OPA. It includes features that enterprises are willing to fork over money for, like a built-in library of policies, making it quick and easy to implement authorization policy-as-code, a rules validator to validate policy changes before committing to production, mitigating risk before deployment. The declarative model helps to shift security left, and graphical dashboards help to analyze trends over time to prove security stance and compliance to auditors.
Styra helps you build and maintain an approved image registry, base OS, compliance and audit rules, and ensures your best practices are actually in use across the containerized app stack to minimize threat surface and mitigate risk. It continuously builds, tests and monitors authorization policy for your Kubernetes clusters, and the microservices that run within them. In other words, doing the undifferentiated work and heavy lifting while minimizing human error.