Five Takeaways From My First Year at Styra, the Founders of Open Policy Agent

3 min read

It has been one year since I joined Styra as the first European hire, and what a year it has been! Not only have we significantly grown our customer footprint with enterprises such as Zalando, European Patent Office and Extenda Retail, but the EMEA team has been growing at a rapid pace across engineering, sales and customer success and open source!  I thought I’d share some takeaways on the industry / market from my interactions with customers and the community.

First, the Open Policy Agent (OPA) community is growing rapidly! OPA is an open source project founded by Styra that provides unified authorization across the cloud-native stack. When I joined, the OPA Slack channel only had 1,987 members and had just passed eight million downloads. Today, the OPA Slack community has grown to nearly 5,000 members, and the project has almost 100 million downloads! No matter how you look at the community, from meetups, to Slack, to the recently launched Styra Academy for OPA training, you can see that the project is helping real people solve real authorization problems across the cloud native stack!

Second, the flexibility and diversity of use cases for OPA and Styra Declarative Authorization Service (DAS), a unified control plane for operationalizing OPA in production, sets us apart from other technologies I’ve seen throughout my 15 years in the industry. The community is using the technology for Kubernetes admission controlTerraform provisioning, CICD pipeline protection, APIs and Microservice authorization and more.  That said, over fifty percent of my conversations are about decoupling AuthZ for Microservices and APIs.

Third, developers are playing a larger role in the buying decision making process. Because of the nature of cloud-native technologies, the vast majority of my conversations are with development or operations teams with some security added in the mix. This is different from my past experience working with identity and security professionals. Decoupled authorization is happening right now, and it’s led by developers! The switch is happening fast and IAM teams should be joining the movement ASAP.

Fourth, OPA is the de facto approach to cloud-native authorization. In almost all (at least 99%) of my initial conversations, I don’t need to explain what OPA is or why it is valuable. My conversations have sounded a bit like:

“We know all about OPA! We have used it for six months and we really love it. We need help figuring out how we can deploy it at scale or in production? What are best practices?”

These conversations have shown me there is a clear need for a central control plane, such as Styra DAS, to accelerate time to market and reduce risk. 

Fifth, many customers are planning broad expansions as they make their way through their OPA/ authorization journey. Often we have seen customers start using Styra DAS and OPA for one or two specific use cases, but once the teams get more familiar decoupling authorization from their infrastructure and app code, they see more varied opportunities. I predict this will continue to drive new use cases and implementations of DAS in the coming year or two, since our customers and community are always guiding us to new policy-as-code deployments.

Interested in learning more about OPA? Sign up for the Styra Academy today! 

Cloud native
Authorization

Entitlement Explosion Repair

Join Styra and PACLabs on April 11 for a webinar exploring how organizations are using Policy as Code for smarter Access Control.

Speak with an Engineer

Request time with our team to talk about how you can modernize your access management.