Progress announced the latest release of Progress® Semaphore™, its metadata management and semantic AI platform.
Over 90% of Technical Decision Makers Say Policy as Code Is a Vital, Strategic Priority to Replace Homegrown Authorization
March 05, 2024
Modernizing access control and authorization is one of the next big frontiers for the software industry. Policy as code is being explored by the industry as an alternative or expansion upon the long-term standards of role-based access control and entitlements. With policy as code, policies can be managed and automated using code written in a high-level language. It is a programmatic method of uniformly defining and enforcing policies throughout cloud native applications and their infrastructure. Below is a summary of some of the key findings from Styra’s 2023 State of Policy as Code Report.
Homegrown Authorization Is Insufficient and Policy as Code Is Vital
86% face challenges with implementing authorization. The biggest challenges were:
■ Lack of alignment between teams (e.g., different or individualized approaches to authorization, 34%)
■ Lack of visibility into … implementation, enforcement, monitoring, and reporting (31%)
■ Lack of consistent or centralized policy development and management lifecycle; difficulty meeting security, compliance, or auditability requirements (29%)
61% agree homegrown authorization is inefficient and wastes the developer’s time.
Many agree that policy as code is a vital component of preventive security and compliance at scale (94%), speeds up time to market (96%), and makes work easier for developers (91%).
Policy as Code Is Expanding with Open Policy Agent Leading the Way
55% write and enforce policy as code to manage authorization in their day-to-day work, while only 41% are using homegrown authorization solutions. Even still, it’s a relatively new adoption, with 51% having only adopted policy as code in the past two years.
The growth of policy as code was made possible by open source tools such as the Open Policy Agent (OPA), with 46% of those who use policy as code relying on OPA in some form, more than triple the usage of the next leading technology.
Organizations Are Trying to Scale Policy as Code Adoption
Even for those organizations who have adopted policy as code, they are still working to scale their usage:
■ More teams
■ More infrastructure — currently, 66% use it for AWS CloudFormation checks, 60% for HashiCorp Terraform checks, 45% for infrastructure compliance monitoring
■ More applications — currently, 55% are securing API gateways, 52% implement role-based access control (RBAC), 46% implement attribute-based access control (ABAC)
■ More production and mission-critical systems — currently, only 30% are using for most or all non-mission and mission-critical systems, with 57% in a more limited capacity and 9% exploring but have not yet deployed in production
83% of organizations plan to invest somewhat or significantly more in policy as code.
High-revenue organizations show a more sophisticated, mature approach to policy as code compared to lower-grossing companies. Organizations that make $500 million or less in revenue are most likely to use policy as code in production, but only with limited non-mission critical systems. On the flip side, organizations making $501 million or more are most likely to use policy as code in a significant capacity, with both non-mission and mission-critical systems.
Organizations Need Help with Their Policy as Code Adoption
94% of organizations view policy as code as a strategic priority. However, adopting policy as code is complex — socially and technically.
The biggest social barriers include the complexity of digital transformation projects (28%), organizational resistance to change (27%), and a lack of awareness of policy as code (26%).
The biggest technical barriers include writing efficient policies as code (27%), and data fetch latency (26%)
The expansion and growing maturity of Policy as Code points to significant tailwinds for modernizing and transforming current authorization approaches. Policy as Code enables organizations to reify their current access control models as code — role-based, attribute-based, entitlements, and relationship-based — while setting them up to develop more mature policies using more fine-grained rules and contextual data. The findings from Styra’s State of Policy as Code Report show that we can expect to see an acceleration of this modernization transformation.
Industry News
August 29, 2024
Elastic, the Search AI Company, announced the Elasticsearch Open Inference API now integrates with Anthropic, providing developers with seamless access to Anthropic’s Claude, including Claude 3.5 Sonnet, Claude 3 Haiku and Claude 3 Opus, directly from their Anthropic account.
August 28, 2024
Broadcom unveiled VMware Cloud Foundation (VCF) 9, the future of VCF that will accelerate customers’ transition from siloed IT architectures to a unified and integrated private cloud platform that lowers cost and risk.
August 27, 2024
Broadcom announced VMware Tanzu Platform 10, a cloud native application platform that accelerates software delivery, providing platform engineering teams enhanced governance and operational efficiency while reducing toil and complexity for development teams.
August 26, 2024
Red Hat announced the general availability of Red Hat OpenStack Services on OpenShift, the next major release of Red Hat OpenStack Platform.
August 26, 2024
Salesforce announced new innovations in Slack that make it easier for users to build automations, no matter their technical expertise.
August 26, 2024
GitLab announced the general availability of the GitLab Duo Enterprise add-on.
August 26, 2024
Tigera now delivers universal microsegmentation capabilities with Calico.
August 22, 2024
Tabnine announced a new platform partnership with Broadcom Inc., an integration with IBM, as well as continuing extensions of existing partnerships with Amazon Web Services (AWS), DigitalOcean, Google Cloud, and Oracle Cloud Infrastructure (OCI).
August 22, 2024
Wallarm released API Attack Surface Management (AASM), an agentless technology to help organizations identify, analyze, and secure their entire API attack surface.
August 21, 2024
LambdaTest launched KaneAI, an end-to-end software AI Test Agent.
August 20, 2024
Kubiya has closed its $12 million seed round with a $6 million extension of equity and debt financing and launched a paradigm-breaking new platform, AI Teammates, that enables true delegation of complex tasks to digital colleagues through organic, human-like conversations.
August 19, 2024
The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the schedule for KubeCon + CloudNativeCon North America 2024, happening in Salt Lake City, Utah from November 12 – 15.
August 19, 2024
Diagrid announced the latest version of Dapr, a Cloud Native Computing Foundation incubating project maintained by Diagrid, Microsoft, Intel, Alibaba, and others, as well as an update to Conductor, a Software as a Service (SaaS) that helps manage, upgrade, and monitor Dapr on Kubernetes clusters.
August 15, 2024
Spectro Cloud announced two new formal recognitions of its strengthening position in the government technology space: the Government Software competency from AWS, and ‘Awardable’ status on the CDAO Tradewinds Solutions Marketplace for AI/ML solutions at the tactical edge.
