Policy-as-Code Musings and News

Share this post

Policy-as-Code Musings and News
Policy-as-Code Musings and News
Towards Uniform Policy Design
Copy link
Facebook
Email
Notes
More

Towards Uniform Policy Design

John Brothers
Oct 06, 2023

Share this post

Policy-as-Code Musings and News
Policy-as-Code Musings and News
Towards Uniform Policy Design
Copy link
Facebook
Email
Notes
More
Share

Organizations can generate a lot of policy. Security policy, regulatory policy, industrial policy, network policy, code policy, company policy, infrastructure policy, etc.

For most organizations, these policies are implemented in a myriad of ways:

Thanks for reading Policy-as-Code Musings and News! Subscribe for free to receive new posts.

  • application-specific policy engines

  • roles & permissions (IAM)

  • custom policy rules implemented in internal software

    • Note: often implemented multiple times in multiple different ways

  • “inferred” enforcement via best-effort approximations

Generally, depending on many different systems to manage policy is a recipe for complexity, incorrect policy enforcement and difficulties in changing and updating the systems to match the desired policy.

Unified Policy Enforcement

Is there a single tool that can unify policy implementations across every element in an enterprise? Probably not, the use cases are too varied. But of the solutions that are available, the Open Policy Agent (OPA) is the closest to a generalized answer to policy enforcement.

  1. OPA is open source, so it can be deployed at scale with minimal additional cost

  2. OPA provides a simple API that can be consumed by virtually any system or application

  3. OPA can be implemented as a sidecar container, a standalone daemon or embedded in other software (written in Go)

  4. Rego is a general purpose policy language, giving it broad applicability

  5. Many vendors and solutions already use OPA “under the hood” and depend on Rego for complex policy enforcement

  6. OPA is a CNCF member, and has the corporate backing and professional services support needed to survive long term

In Summary

If you are interested in unifying your policy solutions, OPA and Rego are currently the way to go. There are (at the time of this writing) three different organizations that provide SaaS and product-based OPA management solutions, that can make deploying policy easier. There are professional services agencies (such as paclabs.io) that can assist in vendor selection, designing solutions, implementing policy and ongoing support and training.

We wish you good fortune in your policy journey. If we have missed something important, or you’d like to discuss this topic at more length, feel free to reach out: info@paclabs.io

Thanks for reading Policy-as-Code Musings and News! Subscribe for free to receive new posts

Share this post

Policy-as-Code Musings and News
Policy-as-Code Musings and News
Towards Uniform Policy Design
Copy link
Facebook
Email
Notes
More
Share

Discussion about this post

No posts

Ready for more?

© 2024 John Brothers
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More