Policy-as-code: Automate your policy management strategy
Align developers with security and compliance, leveraging code-based automation instead of relying on manual processes to manage policies.
Our frameworkThe adoption and maturity of DevOps to build, test,
deploy, and manage authorization policies is creating
high demand for solutions to support policy-as-code
With policy-as-code, development and security teams can interface through one language that seamlessly integrates with their CI/CD pipelines. If a change or update needs to be made to an authorization policy, engineers can do so by modifying the policy directly in code with the confidence that they are complying with security as well as their DevOps requirements.
To support the ongoing acceleration of innovation, policy-as-code enables organizations to experience an increase in their ability to scale policy, create visibility, support cross-functional collaboration, and automate testing.
Seamlessly integrate authorization policies
as part of a DevOps pipeline
Below is an example of how ALFA supports a DevOps pipeline through policy-as-code:
Gather
policy request
The central authorization team enables a process to manage requests for new authorization policies or updates to existing policies.
Write
policy-as-code
This central authorization team is aligned to the DevOps process as well as team. Policies are created/updated either “as code” (e.g. ALFA) or through a web based policy editor.
Compile
policies
Policy changes are compiled, committed and pushed to the source repository (e.g. Github).
Implement
with DevOps
Policies are automatically deployed as part of the organizations CI/CD process. Axiomatics allows for automated workflows to be created and integrated into the deployment tools (e.g. Jenkins).
Test | QA
policies
Policies are automatically tested as part of the DevOps pipeline.
Deploy
to target application(s)
Policies are deployed to the policy decision services (PDP) to serve target resources (front-end web apps, APIs, microservices, etc.) with the desired authorization outcomes.
Axiomatics’ Policy-as-code framework
Axiomatics solution for Policy-as-code is the Abbreviated Language for Authorization (ALFA). Built specifically to support developers and DevOps with the creation and management of authorization policies, ALFA is a lightweight language that can plug into the solutions and tools that developers use to express authorization policies, such as Visual Studio Code.
With ALFA, developers can benefit from the ability to:
- An easy to use language to author dynamic, ABAC driven policies
- Automate the source-control and versioning of policy files
- Explicit policy and rule combining algorithms designed for authorization
- Support a shift-left DevOps culture through the automation of testing
A turnkey policy-as-code solution that helps DevOps environments to automatically enforce authorization policies for any pipeline tool seamlessly and efficiently
Before Axiomatics Policy-as-code
- Authoring and testing policies is an error-prone manual effort.
- Manual testing is platform-specific which does not adapt to DevOps principles.
- Challenging and resource intensive to prove compliance, trace policy decisions, or investigate incidents.
After Axiomatics policy-as-code
- Seamlessly and efficiently create policies as code with the confidence they are easily repeatable and audit-ready.
- Automatic and programmatic testing evaluates and enables change management, and rollbacks to naturally fit into CI/CD pipeline.
- Proactively monitor and visualize policies to prove compliance and speed incident resolution.
Express authorization policies in tools that developers
understand and embrace, such as Visual Studio Code
Below is a screenshot showing an example of authorization policies written in Visual Studio Code:
Our Deployment Methodology helps to successfully implement policy-as-code
Axiomatics has the experience and expertise that will help you through common deployment challenges. Axiomatics follows a well-tested and repeatable approach that is your blueprint for success.
In as little as three to six months, we empower any organization to successfully deploy authorization solutions and future-proof any access management strategy.
Frequently asked questions
- What language is best for policy-as-code?
There is no one right answer here. Depending on size and environment complexity and other variables, an enterprise may find they need ALFA or OPA or both to create the policy–as-code strategy that works best to meet their needs.
- What is ALFA?
The Abbreviated Language For Authorization (ALFA) is a domain-specific language used to express access control and authorization policies. Based on the de facto access control standard from OASIS, eXtensible Access Control Markup Language (XACML), ALFA provides a simple way to write these policies in a language akin to software development languages like Java and Python.
- What is OPA?
Open Policy Agent is an open source, general-purpose policy engine used to unify policy enforcement across the stack.
- Does Axiomatics offer other ways to author policies?
Our Orchestrated Authorization approach includes multiple formats in which you can author policies:
- For application and business users we offer a decentralized policy authoring interface designed specifically for non-technical stakeholders. You get the same authoring flexibility without the complexity of code.
- Solution architects and Identity leaders who create and manage complex policies and are comfortable coding but seek a more straight-forward and visual interface can author code through our graphical policy editor.
Let's show you a demo and take the next leap in your authorization journey
Meet with us and see how our award-winning solution can help you meet today's access control and Zero Trust needs.
Request a demo