Styra Load An OPA distribution built for data at enterprise scale.
Cheaper, Better, Faster Authorization
Better authorization means more data, yet data-heavy authorization can increase cloud costs and complexity. Styra Load achieves 10x memory and 40% CPU throughput improvements for data-heavy authorization. Connect directly to your existing data sources and use live Impact Analysis to minimize authorization risk…
The Cyber Hut Comment: Styra are the organisation behind the popular Open Policy Agent. Whilst OPA is not a standard - it is open source - Styra claim it is becoming the de-facto standard for authorization decision making.
This Load offering, looks essentially like a more optimized version of OPA. It seems OPA instances need data - both policy data that can be stored locally in flat files - and also permissioning and contextual data - which is linking subjects (identities) to objects (the things the identity wants to access).
Historically that data was perhaps hard-coded within the applications and assets being protected. By migrating that data away from the apps, a more streamlined and scalable model for authorization can exist.
Styra Load seems to solve that next issue - how to aggregate and leverage those mountains of permission data for runtime evaluation. Firstly that data is going to he stored in different locations and secondly you need to be able to use it in an accessible and repeatable manner.
The Load datasheet has some nice graphs describing the memory and performance improvements it provides over a vanilla OPA instance as well as comments on a data fabric that pulls together this data from those existing stores.
As authorization becomes more in demand, newer models of delivery are needed - hence the improvements to OPA here. However, this does introduce another component that needs operational configuration and management to keep it fresh and healthy. Authorization is not just about being fast to get started. Good authorization models require constant “feeding and watering” in the form of good governance. This will be essential if Load is to be successful.
IAM Vendor Intelligence Radar by The Cyber Hut is a reader-supported publication. To receive new posts and support our work, consider becoming a free or paid subscriber.