Redwood City, CA, USA
Sep 27, 2023   |  By Eric Kao
The accidental sharing of cloud access is an all-too-familiar story. In one latest incident, Microsoft’s AI research team accidentally exposed to the public 38 Terabytes of private data including internal messages, private keys, and passwords, according to a recent report . And all it took to cause this gigantic exposure was a few errant clicks in a configuration menu.
Sep 21, 2023   |  By Anders Eknert
One of the most common questions people new to Open Policy Agent (OPA) and Rego ask is about how to express logical “OR” in the language. While there is no “OR” operator, Rego has no shortage of ways to express that, with some being more obvious than others. In this blog, we’ll take a look at the most common ways to express OR, and weigh the virtues of each method against the others. Hopefully you’ll learn a few tricks along the way.
Sep 14, 2023   |  By William Chia
Identifying and understanding the most common cloud security risks is crucial to a successful cloud computing adoption strategy. Organizations migrating to the cloud continually face new threats and discover vulnerabilities that were not present when they operated software deployed on-premises. According to IBM’s Cost of a Data Breach report, almost half of all data breaches are happening in the cloud, with attacks on systems hosted on public clouds costing an average of $5.02 million.
Aug 8, 2023   |  By Charles Daniels
You will learn how to use the Enterprise OPA Enhanced Decision Logs feature to configure Enterprise OPA (EOPA) to upload decision logs to an AWS S3 bucket so that they can be queried using AWS Athena. In mid to large sized deployments of EOPA, immense quantities of decision logs can be generated, necessitating big data tools such as Athena. This can be useful for security breach auditing, auditing access decisions, and for business intelligence in general.
Aug 3, 2023   |  By Chris Hendrix
The migration to microservice architecture from monolithic applications is happening en masse as enterprises realize its scalability and efficiency benefits. According to an IBM report1, 56% of nonuser organizations plan on adopting the microservice architecture by 2023. Breaking an application into small, loosely coupled services lets independent teams quickly design and deploy these components.
Jul 19, 2023   |  By Philip Conrad
In this article, you will learn about how to achieve high-throughput, real-time authorization. You should gain a basic understanding of the different protocols for interacting with the Open Policy Agent (OPA) and Styra Enterprise OPA APIs, as well as how and when to use different options. We will also cover the strengths of different protocol choices, and where they may make sense in your system architecture.
Jul 13, 2023   |  By Adam Sandor
Two web-scale companies have recently shared how they solved mission-critical authorization challenges using Open Policy Agent (OPA). These accounts validate the value of what we’ve built with OPA and give important blueprints for engineers looking to address similar challenges. We consider these required reading for anyone considering or using OPA at scale. In this post we review these two case studies to highlight common patterns and important differences.
Jun 20, 2023   |  By Anders Eknert
Two years ago, I explored the idea of linting Rego with Rego on this blog, and how we could use the abstract syntax tree (AST) representation of a Rego policy as JSON input data, allowing us to write a “linter” for Rego using Rego itself. Open Policy Agent (OPA) is well-established for use cases like application authorization, cloud infrastructure and Kubernetes admission control, where we normally talk about policy as guardrails. But who’s guarding the guardrails?
Jun 15, 2023   |  By Paul Foryt
Whether you use the 600+ Styra provided compliance rules or build your own, with Styra DAS, the same rules can now enforce compliance of your Kubernetes and Terraform infrastructure across all of the Code, Deploy, and Run phases.
Apr 20, 2023   |  By Chris Hendrix
I’m excited to announce the launch of Styra Declarative Authorization Service (DAS) and Open Policy Agent (OPA) as a Red Hat Ansible Certified Content Collection. Teams can now automate infrastructure deployments with the right guardrails in place to enable security-enhanced operations and align with regulatory compliance.
Sep 6, 2023   |  By Styra
Automatically uploaded from Zoom recording. Meeting ID:332405601.
Apr 12, 2023   |  By Styra
Styra Load supports the Kafka API, which makes it possible to stream data updates to Styra Load. This can be useful when events representing changes to data used in policy evaluation are available on a Kafka topic. Here, Adam Sandor explains how you can use Kafta streaming data to make real-time policy decisions.
Apr 12, 2023   |  By Styra
Styra Load allows you to assess the impact of policies against your current production resources. Here, Adam Sandor shows you how to use Live Impact Analysis to full effect — helping you to enforce robust policy without impacting production.
Mar 15, 2023   |  By Styra
Styra Solutions Architect Ádám Sándor Sandor shares how to use Styra Link to enforce Kubernetes admissions control policies using a Git-based workflow with VS Code or your CLI.
Feb 14, 2023   |  By Styra
Styra Developer Advocate Peter O'Neil shares how to download and install Styra Load, as well as how to hot swap Styra Load for an OPA instance.
Feb 14, 2023   |  By Styra
Styra Developer Advocates Peter O'Neil and Charlie Egan share how to run performance benchmarks with Styra Load against standard OPA deployments. You will need access to a Styra Load license key to perform the local benchmarks.
Feb 7, 2023   |  By Styra
Styra invited OPA speakers from Snap, Capital One, Chime, Nvidia, Snowflake, Comcast, Vanguard, T-Mobile, as well as Styra CTO Tim Hinrichs, to share how they're using OPA today.
Jan 25, 2023   |  By Styra
In this video, Styra Solutions Architect Ádám Sándor shares how teams can use OPA and Styra DAS to manage the deprecation of Kubernetes PodSecurityPolicy (PSP) in Kubernetes v1.25. Not only can OPA can work in tandem with the new Pod Security Admission, but dedicated PSP Policy Packs with Styra DAS can help automate many of these necessary changes.
Jan 25, 2023   |  By Styra
Security teams must constantly scan infrastructure for policy violations. HashiCorp’s Terraform Cloud, and Styra DAS, an OPA-based authorization management platform, work together to keep infrastructure compliant by mandating verification of Terraform configurations at provisioning.
Dec 13, 2022   |  By Styra
Ed Paget, Decision Platform at Chime
Mar 2, 2020   |  By Styra
Styra Declarative Authorization Service

Styra is the fastest and easiest way to put guardrails around your Kubernetes clusters--whether you’re a developer, an admin, or a bit of both.

Built on open-source, and declarative by design, Styra’s simple graphical library of customizable policies lets you easily mitigate risks, reduce human error, and accelerate development.

Security-as-code for Kubernetes:

  • Declarative by design: Manually “doing security” in today’s cloud-native environments is like a never-ending game of whack-a-mole. Styra works with Kubernetes to define, enforce, and monitor desired state, and eliminate the runtime guessing game.
  • Dynamic rules for dynamic environments: Simply put, Styra takes in business context, and outputs security decisions across your namespaces and clusters. Build policy-as-code directly via CLI, or with a simple point-and-click editor, and validate security before committing.
  • Portable, powerful policy: Styra allows you to define policy once, then enforce wherever necessary. No more best-effort security, no more policy silos. Built on the Open Policy Agent (the leading open source policy engine), enforcement is accurate, fast, and simple.

Policy-as-code guardrails to eliminate operational, security, and compliance risk