Perhaps for the first time, adding flexibility doesn’t have to come at the expense of increasing risk. Decoupled policy-as-code means that authorization rules, access governance, and policy guardrails can provide control, without mandating or locking in underlying systems.
Decoupling decisions from downstream projects and tools enables better control and visibility over who, and what, can do what - and allow distributed policy enforcement across a range of languages, execution environments, and protocols. In this session we’ll show how CNCF graduated project Open Policy Agent provides decoupled policy across:
- Kubernetes: How to ensure deployment of the application is properly bound to the policies that are intended to secure it.
- Microservices: How to write policies that limit the risk of data exfiltration, lateral movement and insider attacks or mistakes.
- CICD: How to impose governance over the policies written by individual teams so that just like application code, bad policies are rejected well before they cause problems.