GigaOm Radar for Policy As Codev1.0

Table of Contents

  1. Summary
  2. Market Categories and Deployment Types
  3. Key Criteria Comparison
  4. GigaOm Radar
  5. Vendor Insights
  6. Analyst’s Take

1. Summary

As stated in the associated GigaOm report, “Key Criteria for Evaluating Policy as Code Solutions,” many types of policies are needed to support a business. As it applies to software and systems, these policies exist to help businesses adhere to legal and regulatory compliance requirements and follow security and operational best practices, all in service of maintaining availability and reducing risk.

Policy as code solutions help centralize the storage of organizational and regulatory IT policies, enable decisions to be made under these policies, and discover and report on IT systems that have passed or failed policy compliance. They can prevent violations from entering production environments, and reveal new systems that have slipped into production without conforming to established policies. Additionally, they provide tools that enable policymakers and technical implementation teams to collaborate on policy controls, mapping human-readable policies to machine-enforceable code.

As business leaders evaluate policy as code solutions, it’s important to keep the following in mind:

  • Policy as code solutions are evolving out of existing sectors, including compliance management solutions, infrastructure provisioning platforms, and Kubernetes platform governance tooling. The goal is for solutions to support all use cases, but this can rarely be achieved today without significant effort. Look for easy wins with a solution that continues to innovate and evolve with the overall technology landscape.
  • There’s a considerable focus today on support for Kubernetes policy management, which will be attractive to organizations. Keep in mind, however, that policy and compliance must extend outside of Kubernetes clusters into bare metal servers, virtual machines (VMs), and managed cloud resources (such as DBaaS or cloud storage). Be wary of solutions that are not full-featured across all needed resource types.
  • Policy needs to take into account not only how resources are configured or deployed but also what other resources they can interact with. When looking for solutions that help manage authorization policy, consider that this capability is part of the application flow, and policy decision-making must be available as a critical component to the underlying applications.
  • This space is evolving quickly and has heavy dependencies on exactly how infrastructure is provisioned and managed, along with how applications communicate. Consider existing infrastructure and application development tooling roadmaps when seeking a policy as code solution to ensure it will be interoperable in the coming years.

How to Read this Report

This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding, consider reviewing the following reports:

Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.

GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.

Solution Profile: An in-depth vendor analysis that builds on the framework developed in the Key Criteria and Radar reports to assess a company’s engagement within a technology sector. This analysis includes forward-looking guidance around both strategy and product.