Release Notes for Styra DAS
Styra DAS 0.3.0 was released on November 18, 2019.
Styra is built on the Open Policy Agent (OPA), a popular and widely deployed open source project developed by the founders of Styra. With primary credibility for the underlying technology, the Styra team and technology are both proven in production across verticals. Styra enables enterprises to define, enforce, validate, and continually monitor security, compliance and operational policies across the cloud-native application stack. Styra has reinvented the authorization solutions to mitigate customer risk, and reinforce commitment to trust and transparency in safeguarding customers’ data. Styra’s Declarative Authorization Service (DAS) is a sophisticated management plane that provides context-based guardrail, built from a graphical policy library to mitigate risk, reduce human error and accelerate development. Styra makes it possible for enterprises to implement policy-as-code controls and to prove their effectiveness to both internal and external security and compliance audiences.
This release provides new features and enhancements to improve the user experience.
New Features and Enhancements
Policy Stacks: Stacks allow you to create a set of rules for multiple systems so that these rules are not specified repeatedly one system at a time. You can group systems that share common traits such as production/staging or PCI, and apply a stack of rules to them.
Stack also serves as an authoritative set, so the individual systems have to abide. Besides, stacks also enable teams to monitor these groups of systems to ensure compliance and identify anomalies early.
Compliance Packs: Compliance Pack is a cohesive set of Kubernetes admission control policies which provide guardrails in compliance with regulatory standards. First of the packs available today is PCI DSS 3.2.
Extension to RBAC to include System Owners: Built-in roles are extended to include "Owner" at the System level. A system owner has full control over their system, but cannot modify labels or features; only an administrator has the right. Therefore, the system owner cannot circumvent policies that are enforced from a stack.
On-premises Deployment Option: Entire Styra DAS solution can now be deployed on-premises. On-premises deployment supports running it on Kubernetes provided by any of the public cloud providers (GKE, AKS, EKS, or OpenShift) or vanilla Kubernetes running in the private cloud.
Integration with Prometheus: Prometheus can now be set up to scrape two types of metrics: decisions and system metrics. AlertManager from Prometheus can be used to set up alerts for violations or service related errors to popular services like Slack.