'Policy as code' considered vital to maintain and secure cloud software
A new survey of over 280 developers and technical decision makers finds two-thirds dealing with major flaws in homegrown authorization efficiency, security, and app performance. As a result, most organizations (83 percent) plan to invest more into policy as code as a solution.
In case you're unfamiliar with the concept, policy-as-code is an approach to policy management in which policies are defined, shared, updated and enforced using code rather than relying on manual processes.
The research from Styra shows 94 percent of technical decision makers agree that policy as code is vital for preventative security and compliance at scale, helping them overcome one of the most notable challenges organizations face in implementing authorization policy.
The report shows 29 percent of respondents point to difficulty meeting security, compliance, or auditability requirements as one of the top three challenges holding them back on their authorization journeys. On top of security, organizations are also finding friction with a lack of alignment between teams (34 percent), lack of visibility into authorization (31 percent) and lack of consistent or centralized policy development (29 percent).
Nearly half of survey respondents who use policy as code (46 percent) rely on the OPA or OPA Gatekeeper open source tools -- three times more than the next most popular tool -- while 63 percent that don't use policy as code say they are familiar with OPA or plan to use it within the next 12 months.
"Addressing the authorization challenges that compromise cohesive teamwork, robust security, and uniform policies is increasingly important for organizations," says Styra CTO Tim Hinrichs. "Policy as code isn't just a trend; it's becoming integral to the fabric of cloud development. Developers can't afford to continue wasting time on practices and technology that confuse teams, muddle visibility, and complicate software development. Tools, like OPA, stand out as key early solutions to some of the most common policy as code challenges."
Policy as code adoption is still in its early stages, 51 percent of respondents who use policy as code have only adopted it in the last two years and only 30 percent of organizations are using policy as code in a significant capacity. Of those that have implemented policy as code 52 percent say their most common performance challenge is writing efficient policies as code.
"Policy as code empowers developers and serves as a catalyst for making the contemporary development life cycle more streamlined and secure," adds Hinrichs. "However, as organizations grow, their authorization needs will scale in complexity with them. In order to take the next step in their maturation, organizations need the right resources, technology, and expert guidance to ensure their authorization platform can keep them secure and compliant while maintaining the developer productivity needed to be competitive in the marketplace."
The full State of Policy as Code report is available from the Styra site.
Image credit: maxkabakov/depositphotos.com