+
CrowdStrike joins the Axiomatics partner community with risk-based authorization for enterprise Learn more  
Policy-as-code: Automate your policy management strategy

Policy-as-code:
Automate your policy management strategy

Align developers with security and compliance, leveraging code-based automation instead of relying on manual processes to manage policies.

Our framework

The adoption and maturity of DevOps to build, test,
deploy, and manage authorization policies is creating
high demand for solutions to support policy-as-code

With policy-as-code, development and security teams can interface through one language that seamlessly integrates with their CI/CD pipelines. If a change or update needs to be made to an authorization policy, engineers can do so by modifying the policy directly in code with the confidence that they are complying with security as well as their DevOps requirements.

To support the ongoing acceleration of innovation, policy-as-code enables organizations to experience an increase in their ability to scale policy, create visibility, support cross-functional collaboration, and automate testing.

axiomatics policy-as-code solution workflow chart

Seamlessly integrate authorization policies
as part of a DevOps pipeline

Below is an example of how ALFA supports a DevOps pipeline through policy-as-code:

Gather
policy request

The central authorization team enables a process to manage requests for new authorization policies or updates to existing policies.

Axiomatics

Write
policy-as-code

This central authorization team is aligned to the DevOps process as well as team. Policies are created/updated either “as code” (e.g. ALFA) or through a web based policy editor.

Axiomatics

Compile
policies

Policy changes are compiled, committed and pushed to the source repository (e.g. Github).

Axiomatics

Implement
with DevOps

Policies are automatically deployed as part of the organizations CI/CD process. Axiomatics allows for automated workflows to be created and integrated into the deployment tools (e.g. Jenkins).

Axiomatics

Test | QA
policies

Policies are automatically tested as part of the DevOps pipeline.

Axiomatics

Deploy
to target application(s)

Policies are deployed to the policy decision services (PDP) to serve target resources (front-end web apps, APIs, microservices, etc.) with the desired authorization outcomes.

Axiomatics’ Policy-as-code framework

Axiomatics solution for Policy-as-code is the Abbreviated Language for Authorization (ALFA). Built specifically to support developers and DevOps with the creation and management of authorization policies, ALFA is a lightweight language that can plug into the solutions and tools that developers use to express authorization policies, such as Visual Studio Code.

With ALFA, developers can benefit from the ability to:

  • An easy to use language to author dynamic, ABAC driven policies
  • Automate the source-control and versioning of policy files
  • Explicit policy and rule combining algorithms designed for authorization
  • Support a shift-left DevOps culture through the automation of testing
Axiomatics policy-as-code testing network

A turnkey policy-as-code solution that helps DevOps environments to automatically enforce authorization policies for any pipeline tool seamlessly and efficiently

Before Axiomatics Policy-as-code

  • Authoring and testing policies is an error-prone manual effort.
  • Manual testing is platform-specific which does not adapt to DevOps principles.
  • Challenging and resource intensive to prove compliance, trace policy decisions, or investigate incidents.

After Axiomatics policy-as-code

  • Seamlessly and efficiently create policies as code with the confidence they are easily repeatable and audit-ready.
  • Automatic and programmatic testing evaluates and enables change management, and rollbacks to naturally fit into CI/CD pipeline.
  • Proactively monitor and visualize policies to prove compliance and speed incident resolution.

Express authorization policies in tools that developers
understand and embrace
, such as Visual Studio Code

Below is a screenshot showing an example of authorization policies written in Visual Studio Code:

AALFA test framework - Visual Studio Code screenshot

Frequently asked questions

What language is best for policy-as-code?

There is no one right answer here. Depending on size and environment complexity and other variables, an enterprise may find they need ALFA or OPA or both to create the policy–as-code strategy that works best to meet their needs.

What is ALFA?

The Abbreviated Language For Authorization (ALFA) is a domain-specific language used to express access control and authorization policies. Based on the de facto access control standard from OASIS, eXtensible Access Control Markup Language (XACML), ALFA provides a simple way to write these policies in a language akin to software development languages like Java and Python.

What is OPA?

Open Policy Agent is an open source, general-purpose policy engine used to unify policy enforcement across the stack.

Does Axiomatics offer other ways to author policies?

Our Orchestrated Authorization approach includes multiple formats in which you can author policies:

  • For application and business users we offer a decentralized policy authoring interface designed specifically for non-technical stakeholders. You get the same authoring flexibility without the complexity of code.
  • Solution architects and Identity leaders who create and manage complex policies and are comfortable coding but seek a more straight-forward and visual interface can author code through our graphical policy editor.
Have a question? Contact our experts

Learn more about how Axiomatics supports Policy-as-code
as part of a flexible, modern access control strategy

Key Considerations: Authorization-as-code Accelerates Policy-as-code

Ensuring appropriate access controls are in place so your organization’s sensitive applications and data are not exposed or compromised.

Learn more

Key Considerations: Using Orchestrated Authorization to optimize policy building

Learn what your organization should review to reflect the broader identity and security strategy of an orchestrated authorization process.

Learn more

A Practical Guide to Policy Modeling

This practical guide will go through the five steps Axiomatics recommends when developing policies.

Learn more
Axiomatics icon

Modernize your approach to application security with a leader in authorization

Meet with our experts to see how our solution helps businesses worldwide meet their access control needs.

Contact us