Styra Enhances DAS
April 21, 2020

Styra announced new enhancements to their Declarative Authorization Service (DAS), including support for Kubernetes mutating webhooks and new compliance pack for pod security policies.

Styra DAS, the company’s first commercial product, is a management plane that enables Developers and DevOps teams to operationalize OPA authorization policies. These new enhancements extend the Styra DAS security and compliance solution for Kubernetes, enabling DevOps to author, distribute, monitor, audit and perform impact analysis for OPA policy-as-code guardrails, with a consistent framework.

As enterprises move containerized/cloud-native applications into production, they must ensure that workloads are secure and compliant with relevant regulations before they reach runtime. This can require manual reviews and operational overhead, both of which can lead to operational errors, risk and interruptions that slow developer productivity. Styra mitigates these risks with guardrails that integrate with Kubernetes to allow only what’s right, minimizing human error and preventing non-compliant workloads from ever reaching production.

Adding support for Kubernetes mutating webhooks enables Styra policies to go beyond “allow or deny,” to automatically append, update or add relevant parameters to ensure workloads are compliant before they reach production. Support for these Admission Controllers means Styra DAS can automatically remediate problems that would otherwise result in blocked workloads and manual review. The new Pod security policies (PSP) pack extends the existing best practices and PCI DSS 3.2 policy packs, all of which eliminate the need to research, identify and implement baseline guardrails/policies for Kubernetes. With best-practice guardrails in place from the start, human error and missteps that delay projects, slow delivery and introduce risk are eliminated.

“As more organizations embrace the cloud, they also need to adopt a cloud-native authorization policy in order to mitigate security and compliance risk. Our mission now is the same as it has been since we launched OPA -- to provide organizations with the guardrails necessary to implement a consistent policy framework across the entire app development environment,” said Tim Hinrichs, co-founder and CTO of Styra. “These new enhancements to Styra DAS help our customers eliminate manual overhead, minimize risk and accelerate development timelines.”

- Mutating Webhooks: Taking full advantage of Kubernetes Admission Control APIs, support for Mutating Webhooks means that Styra DAS can automate compliance and minimize the need for human intervention. This streamlines delivery pipelines and lessens interrupts that can distract and slow DevOps teams. The ability to automatically modify non-compliant workloads before deployment means, for example, that workloads missing critical configuration like resource requirements, privilege controls, labels or network parameters will have those details added programmatically, based on specified policy. Mutating webhooks can also help ensure correct, consistent deployment. For example, Styra DAS can enforce policy that automatically adds an appropriate sidecar, such as a proxy, to each relevant workload to ensure service mesh or networking rules always have the necessary components to keep clusters running correctly.

- Pod Security Policies Packs: PSPs, which are native to Kubernetes, enable developers to control access to the host operating system. Acting as built-in baseline guardrails across clusters, PSPs allow developers to enforce run-time permissions for a container and permit actions on the kernel. While PSPs are valuable to managing security risk, the time and expertise needed to research, identify and manually implement them on each Kubernetes cluster can result in costly delays due to misconfigurations. With Styra support for PSPs, developers can build, save and distribute PSP policy in discrete “packs” to accelerate Kubernetes adoption, decrease time spent writing and configuring policies from scratch and reduce human error. Styra eases the process of authoring configurations and distribution across clusters, while also providing DevOps teams impact analysis, monitoring and auditing of results.

Automatic webhook mutating and PSP packs are available now to all Styra customers.

Share this

Industry News

June 04, 2020

Exadel announced Appery.io, its low code development platform, now offers new subscription tiers.

June 04, 2020

NetApp has entered into a definitive agreement to acquire Spot, a provider of compute management and cost optimization on the public clouds, to establish leadership in Application Driven Infrastructure.

June 04, 2020

Fluree announced the release of the Fluree JavaScript Library, a feature included in Fluree V0.13.0 that enables developers to launch a version of Fluree as an in-memory, code-resident data source for front-end applications, enabling sub-millisecond data delivery.

June 03, 2020

Netcracker Technology announced the launch of its Netcracker 2020 portfolio to help service providers focus on their customer’s digital lifestyle.

June 03, 2020

Navisite announced its acquisition of Privo, a Premier Consulting Partner in the Amazon Web Services (AWS) Partner Network (APN).

June 03, 2020

Grafana Labs released Grafana 7.0 with significant enhancements to simplify the development of custom plugins and drastically increase the power, speed and flexibility of visualization.

June 02, 2020

Chef announced a number of new products designed to enable coded enterprises to work across silos to build competitive advantage through automation.

June 02, 2020

Rancher Labs announced the general availability of Longhorn, an enterprise-grade, cloud-native container storage solution.

June 02, 2020

Checkmarx announced the launch of Checkmarx SCA (CxSCA), the company’s new, SaaS-based software composition analysis solution.

June 01, 2020

IT Revolution announced a full conference agenda for DevOps Enterprise Summit London, June 23-25, 2020.

June 01, 2020

Caltech CTME announced that Simplilearn, a global provider of digital skills training, will collaborate with CTME (Caltech's Center for Technology and Management Education) to offer a specialized Post Graduate Program in DevOps software engineering.

June 01, 2020

DevOps Institute, a global member-based association for advancing the human elements of DevOps, announced the introduction of its SKILup Playbook Library, a dynamic collective body of knowledge (cBok) that aligns thought leadership from industry experts with a set of dynamic, orchestrated artifacts, research and assets.

May 28, 2020

Docker has extended its strategic collaboration with Microsoft to simplify code to cloud application development for developers and development teams by more closely integrating with Azure Container Instances (ACI).

May 28, 2020

Eggplant announced updates to its Digital Automation Intelligence (DAI) platform.

May 28, 2020

Aptum launched its Managed DevOps Service in partnership with CloudOps, a cloud consulting and professional services company specializing in DevOps.