OPA Support Services
Implementing an OPA-based PaC solution can be as simple as setting up agents and developing policies, or as strategic as building a plan to transition your microservices to a Zero Trust Architecture. Whatever your Policy-as-Code needs, we can help. Some services we provide:
OPA & Rego
Integrating OPA into your Infrastructure
We will work with you to identify the right way to add OPA to your network. Whether you want to deploy OPA as a standalone agent, an embedded library or a K8S sidecar, we can help get that deployment done right. We can also help with designing your policy datasource, SSL certificates, audit log sinks and monitoring integrations.
Develop Rego Policies
We have implemented hundreds of real-world Rego policies. We can implement policies from scratch, adapt existing non-Rego policy logic into Rego, and take English policy descriptions and convert them into Rego.
We can also help with refactoring, automated testing and estimation for Rego policy development
Create DevOps Pipelines
Once you have policies created in Rego, you need to store them, you need to test them and you need to have a strategy to deploy them. We can assist in adding Rego support to your existing DevOps pipelines, or create a new pipeline for a Rego-specific team.
Styra DAS
On-Premise Setup & Installation
We’ve deployed DAS on every major Kubernetes platform. And if you want help setting up Kubernetes, our Certified Kubernetes Administrators can help with that too.
Audit Support
One of the benefits of Styra DAS is the keen focus on collecting logs of all policy decisions in the system, which is a key value for regulatory compliance (and compliance in general). We can make sure that is done correctly.
Repo Integration
Your Rego policy rules should be stored in a repository, that’s available to DAS. We can assist in setting up that relationship properly.
Strategy
Refactor/Rewrite Policies
You already have a lot of policies. Some are simple mandates, such as OS versions and the sources for images. Some are implicit, based on network structure. Many are hard-coded into existing applications, either as RBAC or as policy logic directly written inside your functional logic. We can help migrate all of this to Rego policies.
Disintermediation
Enterprise software has always been built under the assumption that policy was a fundamental component of the business logic. That turns out not to be the case. Using OPA & Rego, you can take all but the most time-critical policy logic, and pull it out of the application logic. This allows the application developers to focus on implementing business functions, and allows policy developers to focus on implementing business policy. This could potentially double the effective output of your development teams.
Zero Trust
If you need to implement Zero Trust, and are struggling to find solutions that work well with your microservices, APIs and legacy applications, OPA & Rego can help. And we can help refactor your existing systems to use OPA & Rego, with minimal disruption and downtime.
Regulatory Compliance
Whether it’s internal compliance objectives (SOC2) or external regulatory mandates (SOX, HIPAA, etc), many organizations are struggling with balancing the objectives of the organization with the need for compliance & compliance audits. OPA & Rego can dramatically simplify the compliance audit challenge, by presenting all policies in easily readable formats, and by logging every decision made in a constructive and consistent way.
Training
Thinking In Rego
Rego is not like most languages your teams have used before. In addition, there are a variety of features and syntactic sugar that need to be understood well before they can be used well. If you’re not thinking in Rego, you run the risk of overly complex Rego code that is both hard-to-follow, and slow. We can help get your policy authors writing fluent Rego faster.
Writing Effective Policies
Authoring Policy is an art, not a science. You need to balance concerns about accessibility to non-developers, performance and modularity.
OPA Based Solutions
Whether you want to integrate OPA into your Microservices, APIs, legacy applications or existing Infrastructure-as-Code solutions, we can assist your development teams, or even take on the refactoring work ourselves, whatever you need.
Platforms
We have expertise setting up Policy-as-Code solutions on virtually every common platform out there:
Kubernetes Pods on EKS, AKS, GKE or Open Shift
Legacy Applications
Service Mesh
Serverless Functions
If you need help integrating any of these with OPA & Rego, we’ve done that. If you need help setting up on-premise solutions with Styra DAS or any of the other vendor solutions that support OPA, we’re trained and ready to go.
Conclusions
Want to know more? Have a need that is related to Policy-as-Code, but isn’t listed here? Have general questions about Policy-as-Code? Feel free to contact us at: info@paclabs.io