Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Styra

The OPA AWS CloudFormation Hook

With a history spanning more than a decade, AWS CloudFormation has been the tool of choice for many organizations moving their cloud deployments from “point and click” configuration and towards managing infrastructure as code (IaC). As a mature technology, CloudFormation has spawned an ecosystem of tools, documentation and examples around the stack — whatever one is trying to accomplish in this space, chances are good they’ll find relevant resources on the topic.

The Cloud Expansion Checklist: How to Get IT Decision-Makers and Developers on the Same Page

Cloud-native and open-source technologies are booming. But for a successful cloud expansion, IT decision-makers and developers need to be in agreement despite their unique roles in the process. As more enterprises transition to cloud-native environments, the big question is how aligned are IT decision-makers and developers?

Debunking the Top 3 Cloud-Native Security Myths

By 2023, over 500 million digital apps and services will be developed and deployed using cloud native approaches. To put that in perspective, more applications will be developed on the cloud in a four-year period (2019-2023) than the total number of apps produced in the past 40 years. Clearly, organizations are buying into the cloud. But the question is: Do they fully understand it? And do they know how to secure the applications they built within it?

Insights from the Styra 2022 Cloud-Native Alignment Report

IT leaders have historically managed all infrastructure decisions across storage, network, compute and other aspects of the cloud. But this isn’t necessarily the case today. As organizations move away from on-premise cloud infrastructure and adopt cloud-native technologies, modern developers are playing a larger role in decision-making — especially when it comes to policy decisions like the control of cloud-based tools and the code that runs on them.

Moving Your Healthcare Organization to the Cloud? Here's What You Need to Know First

While the last two years accelerated digital transformation across a wide range of industries, this has been a long time coming for healthcare. Healthcare has been undergoing a massive shift to improve security, streamline operations, and enhance the patient experience—and much of that shift centers around the movement to the cloud. Cloud-native ostensibly offers a better, more accessible user experience marked by enhanced uptime, reliability, and efficiency.

Entitlements: Architecting Authorization

By its general purpose nature, Open Policy Agent (OPA) allows for a unified way of dealing with policy across a wide range of use cases. One particularly interesting use case for OPA, and one which will be the focus of this series of blogs, is that of application authorization (or entitlements, or simply, authorization).

Styra Accelerates Cloud Migration with Cloud-Native Entitlements

I’m excited to announce that today we’ve unleashed Styra Declarative Authorization Service (DAS) for Cloud-Native Entitlements! Organizations are rapidly modernizing and migrating applications to the cloud, but they are often held back by legacy entitlement systems that are not compatible with today's scale and sprawl of cloud-native development models.

CVE-2022-23628, OPA and Styra DAS

CVE-2022-23628 was published last week by the Open Policy Agent (OPA) project maintainers after a user reported unexpected behavior from a policy bundle that was built with optimizations enabled. The problem stemmed from a regression fix in the v0.33.1 release that addressed incorrect pretty-printing of Rego object literals by the `opa fmt` command and the underlying `format` package.

Open Policy Agent 101: A Beginner's Guide

More than 90% of applications will be cloud-native by 2023. As organizations transition from monolithic, on-premise environments to dynamic cloud-based ones, ensuring access control becomes more critical — and complex. That’s why I co-created Open Policy Agent, also known as OPA. OPA unifies policy enforcement across the cloud-native stack.

PCI Compliance in the Age of Cloud Native Tech

The Payment Card Industry Data Security Standard (PCI DSS) entered the scene back in 2004 with the rise of payment fraud. Created by leaders in the credit card industry, PCI DSS was developed to provide a baseline of technical and operational requirements designed to protect cardholder payment data and was commonly understood by those in the legacy security world.