SAN FRANCISCO, Calif. -- Today, Styra, Inc., the creators and maintainers of Open Policy Agent (OPA) and leaders in cloud native authorization, released a new research report, "The State of Policy as Code," which explores the present landscape of policy as code, where it’s heading, and its integral role in refining development practices within cloud ecosystems.
Styra surveyed 285 developers and technical decision makers across the industry who actively manage authorization and compliance processes in their organizations. The report found that over two-thirds of technical professionals are dealing with major flaws in homegrown authorization efficiency, security, and app performance. As a result, most organizations (83%) plan to invest more into policy as code as a solution.
According to the report, 94% of technical decision makers agree that policy as code is vital for preventative security and compliance at scale, helping them overcome one of the most notable challenges organizations face in implementing authorization policy. Twenty-nine percent of respondents point to difficulty meeting security, compliance, or auditability requirements as one of the top three challenges holding them back on their authorization journeys. On top of security, organizations are also finding friction with:
- A lack of alignment between teams (34% of respondents)
- A lack of visibility into authorization (31% of respondents)
- A lack of consistent or centralized policy development (29% of respondents)
These challenges have paved the way for policy as code to gain traction as a crucial component in today's overall development landscape, with open source tools often serving as an organization’s first step into streamlining authorization. And when it comes to open source tools, OPA is the top choice for developers. Nearly half of survey respondents who use policy as code (46%) rely on OPA or OPA Gatekeeper – three times more than the next most popular tool – while 63% that don’t use policy as code are familiar with OPA or plan to use it within the next 12 months.
"Addressing the authorization challenges that compromise cohesive teamwork, robust security, and uniform policies is increasingly important for organizations," said Styra CTO Tim Hinrichs. "Policy as code isn't just a trend; it's becoming integral to the fabric of cloud development. Developers can't afford to continue wasting time on practices and technology that confuse teams, muddle visibility, and complicate software development. Tools, like OPA, stand out as key early solutions to some of the most common policy as code challenges.”
The data shows even with significant adoption, most organizations are still in the early stages of implementing policy as code.
- 51% of respondents that use policy as code have only adopted it in the last two years.
- Only 30% of organizations are using policy as code in a significant capacity.
- Of those that have implemented policy as code, more than half (52%) say their most common performance challenge is writing efficient policies as code.
“Policy as code empowers developers and serves as a catalyst for making the contemporary development life cycle more streamlined and secure,” said Hinrichs. “However, as organizations grow, their authorization needs will scale in complexity with them. In order to take the next step in their maturation, organizations need the right resources, technology, and expert guidance to ensure their authorization platform can keep them secure and compliant while maintaining the developer productivity needed to be competitive in the marketplace.”