REDWOOD CITY, Calif.--(BUSINESS WIRE)--Styra, Inc., the founders of Open Policy Agent (OPA) and leaders in cloud-native authorization, today announced 2020 results, including over 300 percent growth year-over-year, 90 percent headcount increase and record-breaking open source project success. The rapid adoption of Styra Declarative Authorization Service (DAS), the company’s turnkey enterprise security solution built on the recently graduated open-source project OPA, can be attributed to accelerating global demand for an authorization solution that meets the flexibility and scale requirements of Kubernetes and cloud-native environments—due in no small part to a newly remote workforce and need for highly available cloud-based applications and services. This tremendous business momentum comes in parallel with the amazing traction of OPA, which was awarded graduated status from the Cloud Native Computing Foundation (CNCF) after meeting the foundation’s criteria for community growth and project adoption with downloads increasing from 6 million to over 35 million in 2020 alone.
Success Built on Open Source
In March 2018, Styra donated OPA to the CNCF, then in April 2019, the organization moved OPA to incubating status. With the announcement from CNCF at the beginning of February 2021, OPA became the 15th open-source project and the first focused on authorization to reach graduation. To move from incubation to graduation, projects must demonstrate thriving adoption, diversity, a formal governance process and a strong commitment to community sustainability and inclusivity. OPA’s graduation supports the Styra vision for unified authorization and policy for the cloud-native world.
“OPA adoption across all use cases over the last year has been phenomenal,” said Torin Sandall, vice president of open source at Styra. “We’ve seen the community grow in every measurable way. Slack and openpolicyagent.org membership and participation has more than doubled, the number of public repositories on GitHub containing .rego files has also doubled and the number of Docker image downloads has gone from 6M to over 39M. We attribute much of this growth to the efforts of the community and to the need for a robust authorization policy-as-code solution in the cloud native ecosystem.”
“We chose OPA to provide visibility for our security teams. We need to show what access any given user or service actually has, in order to protect customer data and prove compliance,” said Nick Higgins, senior PaaS developer at Atlassian. “Before OPA, teams were defining their own whitelists inside of their code, or in some static application yaml file, and it was impossible for security to work out where access control was presenting a risk. After moving to OPA, and standardizing on its single policy platform, security can now view and manage access across the thousands of instances and services running across all of Atlassian.”
The growing adoption of OPA has led to a dramatic increase in collaboration and dialogue within the community, including 90 new contributors, 750 new commits and a two-fold increase of Slack community members, which added more than 1700 users. In 2020, the community delivered nine major versions released along with 17 point releases. This collaboration is the most critical part of any open-source project, as it ensures that all users get faster feature development and better issue resolution, for accelerated time-to-value and business velocity.
Customer Success and Commercial Traction
During 2020, Styra tripled customer count as well as revenue, with over 40 percent of new customers in the Global Fortune 2000 and 25 percent in the Global Fortune 500. Over 60 percent of new customers were in a highly regulated industry, and significant new customer wins include the European Patent Office, Capital One and Zalando. In addition to new customer growth, Styra DAS proved its value in current customer deployments with a year-over-year renewal rate of over 95 percent across all verticals, from Global Fortune 100 financials, international healthcare and retail organizations, as well as mid-market innovators and startup software providers.
The success of OPA and Styra DAS indicates an inflection point amongst enterprises—the time of digital transformation has officially arrived, and with it the need to secure and manage Kubernetes, containerized microservices and the cloud-native application development environment in general. Styra continues to add headcount in all areas to support anticipated growth, especially in the areas of sales, engineering, customer success and developer advocacy. In 2021, the company has already made several strategic hires to its senior leadership team including naming Paul Murphy as vice president of sales and Steve Erickson as vice president of engineering.
Cloud-native Market Maturity
According to a 2020 CNCF survey, a full 91 percent of respondents reported using Kubernetes in 2020, and 83 percent reported using it in production. Just as Kubernetes has become the de facto standard for container orchestration and management, OPA is emerging as the de facto standard for policy and authorization for Kubernetes, microservices and the processes that govern and automate today’s application deployments.
“Kubernetes and cloud-native have become the de facto approach for building and operationalizing modern applications, and, because of that, the market is expanding exponentially,” said Bill Mann, chief executive officer at Styra. “Since enterprises do not want to move into production without policy and security measures, Open Policy Agent and Styra DAS fill a much needed gap within the cloud-native stack. Styra provides the right tools, products and support for customers as they continue to scale OPA across their cloud-native environments.”
The growth in the popularity of OPA and adoption of Styra DAS is correlated directly with the upward trajectory of the cloud-native market in general, as both solutions provide unified, policy-based security at every layer of the containerized app stack, from CICD pipeline automation, to services themselves, down through the platform and into cloud hosts.
Styra Technology Innovation
Developers, DevOps and platform engineering teams have proven OPA and Styra DAS in production to mitigate risk, reduce human error and accelerate application development in today’s dynamic multi-cloud world with Kubernetes, Envoy, Terraform, Kafka and more.
“Styra DAS provides an automated way to build and enforce guardrails around Kubernetes deployments to prevent errors and limit risk,” said Jorge Arroyo, senior vice president of engineering and cloud operations, SugarCRM. “Moving from manual review to automated guardrails also means my team spends their cycles on crucial, more differentiated problems to accelerate our time-to-market, improve reliability and ease compliance. Styra DAS was critical to automating visibility and reporting around OPA.”
OPA was initially proven out at scale by the likes of Netflix, Capital One, Atlassian, Pinterest and others, and just two years later, has reached the point of over one million downloads per week. Styra DAS, built on OPA, provides a single control plane for authorization both within applications and for the infrastructure they run upon.
The momentum behind the company’s continued growth in 2020 is tied to its commitment and focus on customer success. This matches the company’s focus on innovation and product roadmap, and includes:
- Support for Kubernetes mutating webhooks and new compliance pack for pod security policies that enables DevOps to author, distribute, monitor, audit and perform impact analysis for OPA policy-as-code guardrails, with a consistent framework.
- Expands support to microservices and service mesh that provides security, compliance and operation guardrails to help customers mitigate risk, reduce errors and accelerate software development.
- Rego Policy Builder to enable teams to more easily build authorization policy in Styra DAS.
- Introduced Styra DAS Free and Pro editions to simplify on-ramp for teams of all sizes and stages to operationalize OPA at scale for Kubernetes, which the company also made available on AWS Marketplace.
Independent research firms, publications and experts regularly recognize Styra and Open Policy Agent, including:
- CRN: 10 hottest Kubernetes startups of 2020
- Business Intelligence Group 2020 Fortress Cyber Security Award in the Compliance category
- EMA Decision Guide 2020: Top 3 in the Automation for Policy-as-Code category
- DevOps Dozen Award in “Best Cloud Native Security Solution/Service" category
- Tech Trailblazers Award for containers category
Open Policy Agent
What Analysts Are Saying
“Every IT organization has a set of policies with which its infrastructure must comply. Until recently, it was the responsibility of human operators to understand the relevant policies and produce compliant automations. But a new generation of policy-based management tools allows IT organizations to express corporate policies and business logic programmatically. The automation toolchain can then enforce these policies automatically.” Gartner, Visualizing the Infrastructure Automation Pipeline, September 2020
“The concept of cloud-native is disruptive to traditional IT infrastructure and application platform markets, generating new players and technologies in a variety of areas. This is forming new cloud-native technology ecosystems. A cloud-native technology ecosystem here means a collection of vendors, open-source projects and communities that facilitate and/or jockey to fulfill a need by delivering value in a cloud-native way. The rate of change varies from market to market, but Gartner research shows new growing markets are driven by cloud-native technology ecosystems, such as container management.” Gartner, Market Trends: The Rise of Cloud-Native Technology Ecosystems (Container Perspective), November 2020
Styra enables enterprises to define, enforce and monitor policy across their cloud-native environments. With a combination of open source (Open Policy Agent) and commercial solutions (Declarative Authorization Service), Styra provides security, operations and compliance guardrails to protect applications, as well as the infrastructure they run on. Styra policy-as-code solutions lets developers, DevOps and security teams mitigate risks, reduce human error and accelerate application development. Learn more at styra.com.