Styra and Kong Partner to Secure Modern Applications Through Dynamic Traffic Authorisation


Styra has announced a new partnership with Kong Inc. The two organisations aligned to secure modern cloud-native applications with policy-enabled traffic control for microservices.

Styra Declarative Authorization Service (DAS) is now integrated with Kong Mesh, an enterprise-grade service mesh built on top of open-source Kuma, so security and operations teams can more easily meet internal and external regulations. Styra DAS and Kong Mesh together give teams granular control over traffic flow, and the real-time monitoring and historical audit records required to secure services and prove compliance.

Today, many organisations are moving from monolithic applications to microservices-based applications to accelerate innovation. However, digital transformation journeys come with challenges, and the transition to microservices is no different. Teams need to ensure that services are connected reliably with minimal latency, while also preventing unauthorised access and minimising risk of data breach. Organisations can leverage OPA and Kong Mesh as open-source options to manage traffic flow between services, but these solutions require teams to design and deploy integrations themselves and lack a framework for management, monitoring or collaboration.

Styra and Kong now offer a turnkey solution for deploying OPA and Kuma that delivers the service proxies and policy-as-code controls needed to establish or deny traffic to, from or between individual microservices and apps. With the new integration of Styra DAS and Kong Mesh, individuals have the collaboration tools and visibility required to manage policy-enabled traffic control at scale.

Styra DAS and Kong Mesh enable IT, Security, and Governance, Risk Management and Compliance (GRC) teams to:

  • Reduce operational overhead with automated policy-as-code based control of multiple service meshes.
  • Govern, monitor and audit traffic flow and policy decisions for real-time verification of performance and risk.
  • Increase application reliability with policy-based traffic management.
  • Manage microservices policy lifecycle from initial authoring all the way through deployment and monitoring.
  • Rapidly implement leading open-source solutions OPA and Kuma at global scale.

“When teams embrace a microservice architecture, they need to manage what those services can do. Styra and Kong both believe that microservices are the future of application development, and that controlling those services is critical to both performance and security,” said Tim Hinrichs, co-founder and chief technology officer of Styra. “This partnership makes perfect sense—since Kong’s API gateway and service mesh solutions provide the modern network control points for APIs and microservices, and Styra solutions provide the authorisation policy to control how and when those APIs are called.”

Styra and Kong Enable Seamless Authorisation Policy Enforcement

Through this partnership, Styra and Kong tightly control traffic between services, based on dynamic context, to prevent unauthorised access and limit the risk of data exfiltration. Additionally, traffic flow to ensure application components work together appropriately so end users have the correct level of access based on their level of privilege within the app.

Styra DAS and Kong Mesh give teams the tooling required to govern, monitor, and audit traffic flow and policy decisions across all API-based traffic control points using a single management plane for OPA and Kuma.

“At Kong, our aim is to ensure that companies’ connectivity across APIs, hybrid and multi-cloud environments is reliable and runs seamlessly as their use of cloud-native applications increases,” said Marco Palladino, CTO and co-founder of Kong Inc. “We are excited to work with Styra to advance policy scalability across our solutions, ensure that traffic flow is governed by policy, and meet the needs of developers and security teams alike.”