Fine-Grained Authz for Cloud-Native Applications - OPA & Styra DAS
Adam Sandor Solution Architect at Styra
About this talk
Answering the question of who is allowed to provision/alter/enable a service within an application can be a daunting one for any organization. Traditionally, this was a Security Operations (SecOps) function communicated to developers on a Confluence page. Audits were painful because the authorization logic was spread out across a number of different services.
We at Styra are working on changing this...
We developed Open Policy Agent (OPA) to serve as the policy decision point (PDP) for all services in an organization. OPA embraces the Policy-as-Code principle which helps bring effective collaboration between different teams. SecOps teams and developers can now update Rego code to alter authorization policy across the whole organization. Much more fun than editing confluence pages.
The most crucial piece of the puzzle is Styra Declarative Authorization Service (DAS) - the only unified OPA management platform to mitigate risk, reduce human error, and accelerate development. Styra DAS is the central platform to author policy across the stack, safely deploy it with impact analysis prior to deployment and log decisions for audit purposes:
- How policy-as-code creates a collaborative environment for developers and SecOps
- Various techniques for delegating microservice authorization decisions
- How Styra DAS orchestrates policies across applications