Policy Design in the Age of Digital Adoption

By : Ricardo Ferreira

Policy Design in the Age of Digital Adoption

By: Ricardo Ferreira

Overview of this book

Policy as Code (PaC) is a powerful paradigm that enables organizations to implement, validate, and measure policies at scale. Policy Design in the Age of Digital Adoption is a comprehensive guide to understanding policies, their design, and implementation for cloud environments using a DevOps-based framework. You'll discover how to create the necessary automation, its integration, and which stakeholders to involve. Complete with essential concepts, practical examples, and self-assessment questions, this book will help you understand policies and how new technologies such as cloud, microservices, and serverless leverage Policy as Code. You'll work with a custom framework to implement PaC in the organization, and advance to integrating policies, guidelines, and regulations into code to enhance the security and resilience posture of the organization. You'll also examine existing tools, evaluate them, and learn a framework to implement PaC so that technical and business teams can collaborate more effectively. By the end of this book, you'll have gained the confidence to design digital policies across your organizational environment.

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Conventions used

Get in touch

Share your thoughts

Section 1: Foundation

Free Chapter

Chapter 1: Introduction to Policy Design

The why, what, and how of policies

From design theory to policy implementation

Policy design – key issues, tools, designs over time, and effectiveness

The business value of digital policies

Summary

Chapter 2: Operationalizing Policy for Highly Regulated Industries

Highly regulated industries and their policy needs

Policy through catalog controls

Access controls for enforcing policies

Summary

Chapter 3: Policy as Code a Business Enabler

Policies at speed – Policy as Code

Governance agility – automating policies

Business benefits of PaC

Summary

Section 2: Framework

Chapter 4: Framework for Digital Policies

Framework components

Exploring the framework stages

Summary

Chapter 5: Policy for Cloud-Native Environments

Technical requirements

Cloud-native environments

Native policy constructs for FaaS

Native policy constructs for CaaS

Examples of cloud-native policies

Summary

Further reading

Chapter 6: Policy Design for Hybrid Environments

Technical requirements

The challenges of hybrid environments

Policy as Code in hybrid environments

Automation, segregation, and enforcement

An example of a policy spanning hybrid environments

Summary

Chapter 7: Building a Culture of PolicyOps

Technical requirements

PolicyOps – designing, embedding, and managing policies

Policy DLC – coherence, congruence, and consistency

Agile policy design

Summary

Section 3: Tooling

Chapter 8: Policy Engines

Technical requirements

Policy engines

Pod Security Policies

Kyverno

Sentinel

Open Security Controls Assessment Language

K-Rail

jsPolicy

Summary

Chapter 9: A Primer on Open Policy Agent

Technical requirements

Open Policy Agent

Rego

Open Policy Agent extension and integration

Summary

Chapter 10: Policy as Code Tool Evaluation

Technical requirements

Cloud-native open source ecosystems

Vendor ecosystems

CSP-native capabilities

The evaluation framework

Summary

Chapter 11: Cloud Providers Policy Constructs

Technical requirements

Types of CSP policies

AWS native policy offerings

Azure native policy offerings

Google Cloud native policy offerings

Summary

Chapter 12: Integrating Policy as Code with Enterprise Workflows

Technical requirements

Integration with existing enterprise workflow software

Policy as Code automated life cycle

Designing for automated policy enforcement across the enterprise

Summary

Chapter 13: Real-World Scenarios and Architectures

Technical requirements

A cost policy scenario

An authorization policy scenario

A service migration policy scenario

A compliance enforcement scenario

Summary

Why subscribe?

Other Books You May Enjoy

Packt is searching for authors like you

Share your thoughts

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Rego

Rego, pronounced ray-go, is a DSL that can be used to express policies so that OPA can evaluate them.

In this section, we will be talking about the language at a high level, giving links to the official documentation as much as possible, and providing some examples of policies for the most common environments.

Introduction

Rego is a language based on Datalog and is used as a query language due to its expressiveness and ability to extract information from complex queries. Rego extends it to support structured data such as YAML, JSON, and XML.

For those familiar with the .NET ecosystem, think LINQ but for data that describes authorization.

Rego allows defining policies that are easy to read and write; for example, look at the following policy snippet (you can follow along using the Rego Playground: https://play.openpolicyagent.org/):

package example
default allow = false
allow = true {
    input.method == "GET"
   &...

Policy Design in the Age of Digital Adoption

By : Ricardo Ferreira

Policy Design in the Age of Digital Adoption

By: Ricardo Ferreira

Overview of this book

Related Content you might be interested in

Current Title:

Policy Design in the Age of Digital Adoption

Cybersecurity and Privacy Law Handbook.

Cloud Auditing Best Practices

Mastering Cloud Security Posture Management (CSPM)

Rego

Introduction