Cloud-native Authorization with Tim Hinrichs

Enabling authorization policies across disparate cloud-native environments such as containers, microservices and modern application delivery infrastructure is complex and can be a roadblock for software engineering teams.

Open Policy Agent, or OPA, is an open, declarative, policy-as-code approach to authorization that reduces security and compliance burden for engineering teams.  Business context is translated into declarative policy statements. These policy statements are compiled into code and deployed as agents that can be injected into any process, such as an API gateway, Kubernetes provisioning service, public cloud access controls, or continuous delivery automation service.

Styra created and contributed OPA to the Cloud Native Computing Foundation where it is a graduated project with over 130M downloads to date and is used by large companies. Styra’s enterprise commercial offering, Declarative Authorization Service (DAS), is specifically designed for OPA and includes the ability to author policies, preview impacts of new policies, and document the history of old policies, all through a single view.

Tim Hinrichs, CTO and founder of Styra, joins the show today to discuss how to make authorization policies easier to author, distribute, and monitor.

One note of disclosure to be aware of: Styra is a portfolio company of Capital One Ventures, the strategic investing arm of Capital One. Views and questions expressed in this podcast and related material are my own, or those of my guest, and do not reflect the views of Capital One Ventures or its respective affiliates.

FOLLOW Jocelyn: twitter.com/jocelynbyrne

 

Sponsorship inquiries: sponsor@softwareengineeringdaily.com

Transcript

Transcript provided by We Edit Podcasts. Software Engineering Daily listeners can go to weeditpodcasts.com to get 15% off the first three months of audio editing and transcription services with code: SED. Thanks to We Edit Podcasts for partnering with SE Daily. Please click here to view this show’s transcript.


Sponsors

The Google Cloud and DORA research team recently launched the 2022 industry wide survey to collect insights for the 2022 State of DevOps report and would love your input!

The Accelerate State of DevOps report is the largest and longest running research of its kind, providing insight into how we can improve software delivery performance with DevOps. By completing the survey, you get to shape the conversation surrounding DevOps along with over 32 thousand software professionals who took the survey over the past seven years.

So what are you waiting for? Take the survey at cloud.google.com/devops

 

You there! Are you suffering from an acute case of Kubernetes? Are your services unobserved? Your traffic unencrypted? Your failover strategy a mess of shell scripts? We have the cure for you! Linkerd, the fastest, lightest service mesh on the planet. Linkerd’s ultralight Rust-based proxies give you instant health metrics, zero-config mutual TLS, retries, gRPC load balancing, cluster failover, and more. Best of all, Linkerd is 100% open source, and is now available as a fully managed service right on your own cluster from Buoyant, the creators of Linkerd.

Visit http://softwareengineeringdaily.com/linkerd

You can build permissions yourself – But you don’t have to! Permit is a full-stack permissions framework helping developers bake access control into their cloud-native applications within minutes. Stop wasting time building permissions from scratch and having to rebuild them again and again at scale across complex, distributed applications. Permit leverages the power of open-source, provides all of the required infrastructure to implement end-to-end permissions, and offers an easy-to-use, no-code front-end UI, all out of the box. Get started at Permit.io.

Datadog is a cloud-scale monitoring and analytics platform. Datadog integrates with more than 450  technologies, including Cloud Foundry, Docker, Kubernetes, and Kafka, so you can get deep visibility into every layer of your applications and infrastructure—in the cloud, on-premises, in containers, or wherever they run. With rich dashboards, machine learning-powered alerts, and distributed request tracing, Datadog helps teams resolve issues quickly and release new features faster.

Start monitoring your dynamic cloud infrastructure today with a 14-day trial. Listeners of this podcast will also get a free T-shirt for trying Datadog! Get started today with a free trial at softwareengineeringdaily.com/datadog