Styra is a company that has built policy as code for cloud-native security from the creators and maintainers of Open Policy Agent (OPA). Pulse 2.0 interviewed Styra co-founder and CTO Tim Hinrichs to learn more about the company.
Tim Hinrichs’ Background
Hinrichs has been in the policy space for over 20 years and has a Ph.D. in Computer Science from Stanford University. And Hinrichs said:
“Before founding Styra, I worked at VMware, a virtualization and cloud computing company, where I gained a lot of valuable experience in the tech industry.”
Formation Of Styra
How did the idea for the company come together? Hinrichs shared:
“While working at VMware, my business partner and I worked with customers who were interested in policy, which is basically a rule or instruction that governs IT operations. These banks and technology companies told us they had all built some sort of general-purpose policy system but would really rather use one someone else built.”
“So we spent two years building this type of policy system inside of OpenStack. At some point, we realized the policy problem was bigger than OpenStack and VMware. All the mega-trends in the developer space (public cloud, microservices, DevOps, automation, etc.) were pointing to the need for new, unified policy solutions – and Styra was born.”
Favorite Memory
What has been Hinrichs’s favorite memory working for the company so far? Hinrichs shared:
“One of my favorites is the collection of memories where, in the early days, no one was using Open Policy Agent or OPA (because we invented it, after all). But as time went on and there was more exposure to OPA, we’d start to get surprised when someone was using OPA that we hadn’t “sold” it to. And then later, we’d be excited to hear multiple teams in the company were using it.”
“Then, there came a point where we expected every prospect we talked with to have someone in the organization using OPA to some degree. That entire journey through OPA’s organic growth was certainly a great memory.”
Core Products
What are the company’s core products and features? Hinrichs explained:
“Styra delivers unified authorization to the market. At a high level, we provide a variety of things like a data plane for fast authorization decision-making (OPA), a data fabric for replicating data into OPA to help it make those decisions, and a control plane for managing the many OPAs that exist. We also manage the policy lifecycle, helping people write, test, deploy policies, and monitor or log the results. Styra also provides governance, which gives central/security teams the ability to control the policies used by individual teams. We have use-case modules that tailor the user experience for the most popular OPA use cases, e.g., service meshes, gateways, k8s, and terraform.” ”Styra provides three ‘products’ to the market, which are: 1) open-source OPA, created and maintained by us and then we donated to the CNCF; 2) Enterprise OPA, an enterprise distribution of OPA designed for data-heavy workloads; and 3) Styra DAS which is the single-pane of glass that includes the Control Plane, Policy Lifecycle Management, Governance, and Use-case modules I mentioned earlier.”
Evolution Of Styra’s Technology
How has Styra’s technology evolved since launching? Hinrichs noted:
“In the early days, we focused mainly on providing a general-purpose OPA control plane and policy lifecycle for two of OPA’s most popular use cases – application authorization (as in, helping developers add policy controls into their applications) and infrastructure guardrails (like helping platform engineers put automated rule checks in place for k8s, terraform, and the like). Since then, we’ve moved from more of a general technology into being more use-case-driven and introduced products like Enterprise OPA.”
Significant Milestones
What have been some of the company’s most significant milestones? Hinrichs cited:
“Product milestones are meaningful to us because they imply that we are qualitatively improving how we help our customers. Thinking back, there are a few, like OPA’s inclusion in the CNCF, Styra’s commercial offering around Kubernetes, Styra’s commercial offering around microservice authorization, and OPA’s graduation from the CNCF (which put us at the same maturity level as k8s, envoy, Prometheus, etc.).”
Differentiation From The Competition
What differentiates the company from its competition? Hinrichs affirmed:
“Styra delivers the world’s first and most mature commercial OPA offering, specifically geared for enterprises. It is the only product on the market addressing both application authorization and infrastructure guardrails (OPA’s two most popular use cases). Our governance features (giving centralized teams control over developer teams) and impact analysis (checking that policies are safe before they are deployed) are two of our key differentiators.”
Future Company Goals
What are some of the company’s future company goals? Hinrichs concluded:
“Styra will continue helping the OPA community grow and deliver commercial products that bring OPA to the enterprise.”