As the technology landscape is becoming more complex, concerns such as security need more automation and engineering practices. When building systems, we need to take into consideration security policies, which are rules and procedures to protect our systems from threats and disruption. For example, access control policies define and enforce who can access which services and resources under what circumstances; by contrast, network security policies can dynamically limit the traffic rate to a particular service.
Several of our teams have had a great experience treating security policy as code. When we say as code, we not only mean to write these security policies in a file but also to apply practices such as keeping the code under version control, introducing automatic validation in the pipeline, automatically deploying them in the environments and observing and monitoring their performance. Based on our experience and the maturity of the existing tools — including Open Policy Agent and platforms such as Istio which provide flexible policy definition and enforcement mechanisms that support the practice of security policy as code — we highly recommend using this technique in your environment.
Security policies are rules and procedures that protect our systems from threats and disruption. For example, access control policies define and enforce who can access which services and resources under what circumstances; or network security policies can dynamically limit the traffic rate to a particular service. The complexity of the technology landscape today demands treating security policy as code: define and keep policies under version control, automatically validate them, automatically deploy them and monitor their performance. Tools such as Open Policy Agent or platforms such as Istio provide flexible policy definition and enforcement mechanisms that support the practice of security policy as code.
Security policies are rules and procedures that protect our systems from threats and disruption. For example, access control policies define and enforce who can access which services and resources under what circumstances; or network security policies can dynamically limit the traffic rate to a particular service. The complexity of the technology landscape today demands treating security policy as code: define and keep policies under version control, automatically validate them, automatically deploy them and monitor their performance. Tools such as Open Policy Agent, or platforms such as Istio provide flexible policy definition and enforcement mechanisms that support the practice of security policy as code.
