Styra announced new compliance packs for its Declarative Authorization Service (DAS), which include MITRE ATT&CK Matrix for enterprise covering cloud-based techniques, and CIS Kubernetes Benchmarks, to ease collaboration between security and DevOps teams.
These two new turnkey compliance packs consist of best practices from the OPA community, and are the latest additions to the Styra compliance pack library, which includes PCI DSS 3.2, Admission Control Best Practices and Kubernetes Pod Security Policies.
Styra created OPA, an open source project, to provide unified authorization across the cloud-native stack. And, Styra DAS, the company’s flagship commercial product, is a management plane that enables developers and DevOps teams to operationalize OPA in production.
Together, OPA and Styra DAS provide security, operations and compliance guardrails to protect applications, as well as the infrastructure they run on.
As enterprises embrace the cloud, and embark upon their digital transformation journeys, IT teams must focus on breaking down silos and streamlining procedures to address the new operational and compliance challenges of cloud-native environments.
Styra DAS compliance packs eliminate the need for IT and DevOps teams to research, identify and implement baseline policies.
The technology allows teams to abstract policy as code into plain language, and align security practices to standards such as MITRE, CIS Benchmarks, and PCI, and prove compliance with detailed audit logs.
“To reduce security and compliance risk, organizations must implement cloud-native authorization policies.
“Our policy compliance packs help to accelerate Kubernetes adoption, decrease time spent writing and configuring policies from scratch, and reduce delays and risk resulting from human error,” said Tim Hinrichs, co-founder and chief technology officer of Styra.
“These new additions to Styra DAS also help bring a collaboration-first element to the DevOps culture of innovation, by bridging the gap between different teams as they continue to manage rapid transformations in the industry.”
Security vs speed
To support the shift to containerized applications, security teams have to spend a lot of time researching, developing and implementing new security policies.
Typically, this requires manual reviews which create operational overhead and introduces the risk of human error.
Styra DAS compliance packs eliminate manual effort with a turnkey set of relevant OPA policies that can be easily understood, and implemented in minutes.
With Styra DAS compliance packs, enterprise teams get:
- Proven security policies abstracted into plain language and mapped to standards
- Detailed logs, audit trail to prove compliance over time
- One-click impact analysis to ensure that moving to a compliant state won’t break applications or infrastructure
- Continuous monitoring of all decisions to feed a SIEM, SOC, etc.
Because these packs offer a clear standard for policy-as-code rules, rather than multiple languages or implementation styles, teams have a unified approach that makes collaboration and auditing easier.
With Styra DAS compliance packs, policy can be altered without any changes to clusters or K8s deployment. The clusters, workloads and services themselves can be swapped, changed and updated independently, without worrying that new risk has been introduced, as policy guardrails are always in place.
Additionally, policy is portable across clusters for scale and automation, and no rework is needed to scale out deployments.
Styra DAS impact analysis shows where policy changes will affect deployments, as well as what needs to be fixed to ensure that moving to a compliant state will not break applications or infrastructure.
Styra DAS compliance packs are the fastest and simplest way to deploy OPA policy as code to meet regulatory requirements.
Meeting security industry standards
In addition to existing compliance packs, which include best practices, Pod Security Policies and PCI DSS 3.2, this latest release provides collections of OPA policies to address the MITRE ATT&CK Matrix for enterprise covering cloud-based techniques and CIS Kubernetes Benchmarks.
The MITRE ATT&CK Matrix compliance pack provides a collection of OPA policies that help break the attack lifecycle used by attackers to infiltrate clusters, move laterally to find sensitive data and finally exfiltrate that data.
With the second pack, CIS Kubernetes Benchmarks, Styra DAS users can apply proven security policies across clusters, in keeping with the recommendations made in the Center for Internet Security guidelines and best practices.
With these new packs, security and DevOps teams can work together to easily implement new policy-as-code guardrails that map directly to proven security best practices.
The CIS Kubernetes Benchmarks and MITRE ATT&CK Matrix compliance packs are available now to all Styra customers.