Styra and Kong Partner to secure modern applications through dynamic traffic authorization

Oct. 5, 2021
Companies behind two leading open source projects advance a common vision with technology integration to tightly control traffic flow to, from and between microservices

 REDWOOD CITY, Calif.--()--Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, today announced a new partnership with Kong Inc., the cloud connectivity company and the creators of Kuma. The two organizations are aligned on a common vision to secure modern cloud-native applications with dynamic, policy-enabled traffic control for microservices. Styra Declarative Authorization Service (DAS) is now integrated with Kong Mesh, an enterprise-grade service mesh built on top of open-source Kuma, so security and operations teams can more easily meet internal and external regulations. Styra DAS and Kong Mesh together give teams granular control over traffic flow, and the real-time monitoring and historical audit records required to secure services and prove compliance.

Today, many organizations are moving from monolithic applications to microservices-based applications to accelerate innovation. However, digital transformation journeys come with challenges, and the transition to microservices is no different. Teams need to ensure that services are connected reliably with minimal latency, while also preventing unauthorized access and minimizing risk of data breach. Organizations can leverage OPA and Kong Mesh as open source options to manage traffic flow between services, but these solutions require teams to design and deploy integrations themselves and lack a framework for management, monitoring or collaboration.

Styra and Kong now offer a turnkey solution for deploying OPA and Kuma that delivers the service proxies and policy-as-code controls needed to establish or deny traffic to, from or between individual microservices and apps. With the new integration of Styra DAS and Kong Mesh, individuals have the collaboration tools and visibility required to manage policy-enabled traffic control at scale. Styra DAS and Kong Mesh enable IT, Security, and Governance, Risk Management and Compliance (GRC) teams to:

  • Reduce operational overhead with automated policy-as-code-based control of multiple service meshes.
  • Govern, monitor and audit traffic flow and policy decisions for real-time verification of performance and risk.
  • Increase application reliability with policy-based traffic management.
  • Manage microservices policy lifecycle from initial authoring all the way through deployment and monitoring.
  • Rapidly implement leading open-source solutions OPA and Kuma at a global scale.

“When teams embrace a microservice architecture, they need to manage what those services can do. Styra and Kong both believe that microservices are the future of application development, and that controlling those services is critical to both performance and security,” said Tim Hinrichs, co-founder and chief technology officer of Styra. “This partnership makes perfect sense—since Kong’s API gateway and service mesh solutions provide the modern network control points for APIs and microservices, and Styra solutions provide the authorization policy to control how and when those APIs are called.”

Styra and Kong enable seamless authorization policy enforcement

Through this partnership, Styra and Kong are responding to their customers’ evolving needs. The combination tightly controls traffic between services, based on dynamic context, to prevent unauthorized access and limit the risk of data exfiltration. Additionally, customers also architect traffic flow to ensure application components work together appropriately so end users have the correct level of access based on their level of privilege within the app.

Styra DAS and Kong Mesh give teams the tooling required to govern, monitor and audit traffic flow and policy decisions across all API-based traffic control points using a single management plane for OPA and Kuma. This empowers disparate development teams to unify best-of-breed open source solutions from Styra and Kong, as well as to break down silos and innovate faster, with less overhead or custom tooling.

“At Kong, our aim is to ensure that companies’ connectivity across APIs, hybrid and multi-cloud environments is reliable and runs seamlessly as their use of cloud-native applications increases,” said Marco Palladino, CTO and co-founder of Kong Inc. “We are excited to work with Styra to advance policy scalability across our solutions, ensure that traffic flow is governed by policy, and meet the needs of developers and security teams alike.”

The Kong Mesh integration with Styra DAS is currently available to all Styra DAS Free and DAS Enterprise customers.

Learn more about securing your cloud-native solutions with Styra.

About Styra

Styra, the founders of Open Policy Agent (OPA), provides open source and commercial solutions that enable enterprises to define, enforce and monitor authorization policy across their cloud-native applications, as well as the infrastructure they run on. Styra policy-as-code solutions let developers, DevOps and security teams mitigate risks, reduce human error and accelerate application development.

About Kong Inc.

Kong creates software and managed services that connect APIs and microservices natively across and within clouds, Kubernetes, data centers and more using intelligent automation. Built on an open source core, Kong’s service connectivity platform enables digital innovation by allowing organizations to reliably and securely manage the full lifecycle of APIs and services for modern architectures, including microservices, serverless and service mesh. By providing developer teams with unprecedented architectural freedom, Kong accelerates innovation cycles, increases productivity, and seamlessly bridges legacy and modern systems and applications. For more information about Kong, please visit or follow @thekonginc on Twitter.