Microservices fundamentally changed the way we build modern applications. Before microservices, engineers had a small number of huge chunks of code that made up their application. Many apps were a single monolith of code, and some might have been broken out into a frontend, backend and database. So, when a team needed to update or patch their code, they had to do it slowly and with great care because any change to any part affected every other part of their app.

A recap of my time at the CNCF’s signature conference, KubeCon + CloudNativeCon NA 2021. What an amazing week at the first in-person KubeCon + CloudNativeCon since the pandemic started. This KubeCon set a precedent as one of the first major conferences to bring back an in-person component! The theme this time around was Resilience Realized, and they put this on display at the top of the convention hall.

In today’s cloud-native, app-first and remote-first world, it has become a considerably more complicated task to verify the identity of a user or a service, and determine policies that say what they are and aren’t allowed to do. Yet, the first half of that problem, authentication, for the most part, is already solved because of standards like Security Assertion Markup Language (SAML), OAuth and Secure Production Identity Framework for Everyone (SPIFFE).

Securing investors is always a challenge for startups. But for open-source companies, it’s even harder. Open-source companies need the right investors to innovate and enter new markets. But when you deal with a specific subset like open source, it can be difficult to find VCs with the required experience and knowledge. Those of us in the open-source community know it’s not just about the money — it’s also about continuing to grow the community.

A problem that is often discussed in the context of policy-as-code is how to get more people other than developers involved in policy authoring. Policy as code is still code, and while tooling and abstractions can help to some extent, the process still involves at least some level of development knowledge.

Back at KubeCon North America 2017, many speakers declared that 2018 would be “The Year of the Service Mesh”. Just a year later, in the 2019 CNCF Survey1, it was reported that 18% of surveyed organizations were using a service mesh in production, and by 20202 (the most recent survey published at the time of this writing) that number rose to 27%.

We are thrilled to announce native support of Kong Mesh, Istio and Kuma within Styra Declarative Authorization Service (DAS), enabling users to combine stellar service mesh solutions with the only authorization management platform that supports trusted cloud architecture. Styra DAS allows teams to manage policies across a broad spectrum of systems, like Kubernetes, microservices, public cloud, and more.

Authorization is a critical part of developing any application. When building an app, at some point you will want to control the data and views that a user or system has access to, and one way you can do that is by writing authorization directly into your app. However, over time this can be challenging to manage because when you make changes to your authorization policies you also need to make changes to the application.

One of the most critical aspects of managing policy-as-code at scale is ensuring safety when deploying policy changes to production workloads. A misconfiguration or errant rule can lead to consequences such as overly permissive systems, service outages, and other forms of application or platform issues.

It has been one year since I joined Styra as the first European hire, and what a year it has been! Not only have we significantly grown our customer footprint with enterprises such as Zalando, European Patent Office and Extenda Retail, but the EMEA team has been growing at a rapid pace across engineering, sales and customer success and open source! I thought I’d share some takeaways on the industry / market from my interactions with customers and the community.