Kong, Inc. and Styra, Inc. announced today that have allied to bring the Open Policy Agent (OPA) used to achieve compliance-as-code in cloud-native environments to both the open source Kuma service mesh and the enterprise-grade platform based on the platform known as Kong Mesh. This offering extends the reach of OPA to environments that include service meshes created by Kong that are deployed using containers.
Kong CTO Marco Palladino says OPA is now built directly into the same container as the service mesh rather than requiring IT teams to deploy yet another sidecar container. That approach will make it easier for IT teams that are standardizing on OPA to extend the reach of the compliance-as-code platform to a service mesh.
Service meshes are starting to gain traction as a way to manage application programming interfaces (APIs) that also provide a layer of abstraction that masks low-level networking and security APIs from developers. That abstraction can now be extended to compliance requirements that can be managed as part of a continuous process both when applications are being developed and then subsequently upgraded, says Palladino. Security and compliance can now be designed into the applications, he adds.
Originally developed by Styra, OPA today is being advanced alongside Kuma under the auspices of the Cloud Native Computing Foundation (CNCF). Kuma itself is built on top of open source Envoy proxy software that is also being advanced by the CNCF.
Styra, meanwhile, provides a Styra Declarative Authorization Service (DAS) for implementing and managing OPA that is now integrated with Kong Mesh to give IT teams more granular control over traffic flow along with real-time monitoring and auditing tools to prove compliance.
The overall goal is to give developers more programmatic control over compliance as responsibility for cybersecurity shifts further left.
Styra CTO Tim Hinrichs says service meshes of all types will ultimately play a significant role in driving the convergence of networking, security and compliance in a way that is developer-centric in the sense that everything is driven by application programming interfaces (APIs). It may take some time to achieve that goal, but at this juncture, it’s now more a question of when rather than if, notes Hinrich. In fact, the biggest hurdle at this point may have more to do with the mindset of IT professionals that work within an organization have around specific domains than it does whether the technology to achieve that goal exists, he says.
Over time, many organizations will find they are adopting DevSecOps best practices as a consequence of implementing a service mesh breaking down many of the silos that currently exist, adds Hinrichs.
It’s still early days as far as adoption of service meshes is concerned. Nevertheless, there’s a wide range of service mesh options already available. The most critical thing IT teams can do today is simply to experiment with a platform that, while initially focused on API management, will have a profound impact on the way IT environments are managed going forward.