This GigaOm Research Reprint Expires Aug 7, 2025

GigaOm Radar for Security Policy as Codev3.0

1. Executive Summary

In the ever-evolving landscape of information technology, effectively managing and enforcing security policies has become increasingly challenging and critical. Policy-as-code solutions have emerged as a pivotal tool, transforming traditional, often overlooked security procedures into machine-readable code, seamlessly integrated into modern DevOps toolchains.

Policy-as-code empowers organizations to proactively enforce security policies throughout the entire software development lifecycle—from initial design and development through testing and deployment. This modern approach brings a multitude of benefits, including a strengthened security posture, reduced reliance on manual policy enforcement, and streamlined compliance auditing.

This technology is not just for technical experts. While CTOs, CIOs, VPs of engineering, cloud architects, and other technology executives directly benefit from the enhanced security and compliance offered by policy-as-code, its impact extends further. Data scientists and engineers can leverage policy-as-code to ensure data integrity and security, while business leaders can gain valuable insights and automation to support strategic decision-making.

Business Imperative
The business imperative for embracing policy-as-code solutions is undeniable. In today’s interconnected digital landscape, security breaches can lead to catastrophic financial losses, irreparable reputational damage, and costly regulatory fines. Policy-as-code provides a proactive defense mechanism, automatically identifying and remediating vulnerabilities before they can be exploited.

Moreover, policy-as-code significantly simplifies the process of achieving and maintaining compliance with stringent industry regulations and standards, such as HIPAA, GDPR, and PCI DSS. This not only mitigates legal and financial risks but also fosters trust among customers and stakeholders.

This is our third year evaluating the security policy-as-code space in the context of our Key Criteria and Radar reports. This report builds on our previous analysis and considers how the market has evolved over the last year.

This GigaOm Radar report examines 10 of the top security policy-as-code solutions and compares offerings against the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) outlined in the companion Key Criteria report. Together, these reports provide an overview of the market, identify leading security policy-as-code offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.

GIGAOM KEY CRITERIA AND RADAR REPORTS

The GigaOm Key Criteria report provides a detailed decision framework for IT and executive leadership assessing enterprise technologies. Each report defines relevant functional and nonfunctional aspects of solutions in a sector. The Key Criteria report informs the GigaOm Radar report, which provides a forward-looking assessment of vendor solutions in the sector.

2. Market Categories and Deployment Types

To help prospective customers find the best fit for their use case and business requirements, we assess how well security policy-as-code solutions are designed to serve specific target markets and deployment models (Table 1).

For this report, we recognize the following market segments:

  • Small-to-medium business (SMB): SMBs often prioritize ease of use, rapid deployment, and cost-effectiveness. Solutions targeting this segment typically offer simplified interfaces, prebuilt policy templates, and flexible pricing models to accommodate budget constraints.
  • Large enterprise: Large enterprises require scalable, feature-rich solutions that can handle complex infrastructures and diverse policy requirements. These organizations often prioritize advanced reporting and analytics, integration with existing security tools, and robust customization options.
  • Public sector: Government agencies and organizations handling sensitive data have stringent compliance requirements. Solutions targeting this segment must offer comprehensive support for regulatory standards, detailed audit trails, and strong security controls to meet strict governance and risk management mandates.
  • Specialized: Certain industries, such as finance, healthcare, and critical infrastructure, have unique security and compliance needs. Solutions targeting these specialized markets often provide tailored policy templates, industry-specific integrations, and expertise in addressing sector-specific challenges.

In addition, we recognize the following deployment models:

  • Software: Software deployments offer flexibility and control, allowing organizations to install and manage the policy-as-code solution on their own infrastructure. This model is suitable for organizations with existing infrastructure and those who prefer to maintain full control over their policy environment.
  • Virtual appliance: Virtual appliances provide a preconfigured, self-contained environment for policy-as-code deployment. This model simplifies installation and management, making it a good option for organizations seeking a turnkey solution.
  • Public cloud image: Public cloud images are preconfigured virtual machine images designed for specific cloud platforms. This model offers seamless integration with cloud services and simplifies deployment for organizations operating in cloud environments.
  • Container: Containerized deployments leverage container orchestration platforms like Kubernetes to manage and scale policy-as-code solutions. This model offers flexibility, portability, and efficient resource utilization, making it ideal for cloud-native environments.
  • Software as a service (SaaS): SaaS deployments provide a fully managed solution where the vendor handles infrastructure, maintenance, and updates. This model is attractive for organizations seeking to minimize operational overhead and accelerate time-to-value.

Table 1. Vendor Positioning: Target Market and Deployment Model

Target Market and Deployment Model

Target Market

Deployment Model

Vendor

SMB Large Enterprise Public Sector Specialized Software Virtual Appliance Public Cloud Image Container SaaS
Check Point
Hashicorp
Nirmata
OpsMX
Palo Alto Networks
Progress
Pulumi
Snyk
Styra
Sysdig

Table 1 components are evaluated in a binary yes/no manner and do not factor into a vendor’s designation as a Leader, Challenger, or Entrant on the Radar chart (Figure 1).

“Target market” reflects which use cases each solution is recommended for, not simply whether that group can use it. For example, if an SMB could use a solution but doing so would be cost-prohibitive, that solution would be rated “no” for SMBs.

3. Decision Criteria Comparison

All solutions included in this Radar report meet the following table stakes—capabilities widely adopted and well implemented in the sector:

  • Basic policy editing
  • Security controls
  • Prebuilt policy bundles
  • DevOps tool integration
  • Git integrations
  • Platform integrations
  • Alerting and monitoring

Tables 2, 3, and 4 summarize how each vendor in this research performs in the areas we consider differentiating and critical in this sector. The objective is to give the reader a snapshot of the technical capabilities of available solutions, define the perimeter of the relevant market space, and gauge the potential impact on the business.

  • Key features differentiate solutions, highlighting the primary criteria to be considered when evaluating a security policy-as-code solution.
  • Emerging features show how well each vendor implements capabilities that are not yet mainstream but are expected to become more widespread and compelling within the next 12 to 18 months.
  • Business criteria provide insight into the nonfunctional requirements that factor into a purchase decision and determine a solution’s impact on an organization.

These decision criteria are summarized below. More detailed descriptions can be found in the corresponding report, “GigaOm Key Criteria for Evaluating Security Policy-as-Code Solutions.”

Key Features

  • Reporting and analytics: Robust reporting and analytics capabilities provide organizations with actionable insights into their security posture. By transforming raw policy data into meaningful visualizations and reports, these features enable data-driven decision-making and continuous improvement.
  • Advanced policy editing: Advanced policy editing capabilities streamline the creation, modification, and validation of complex security policies. By providing intuitive interfaces, code validation, and collaboration features, these tools empower teams to efficiently manage and maintain their policy framework.
  • Runtime enforcement and drift detection: Runtime enforcement and drift detection ensure that security policies are continuously enforced, even in dynamic cloud environments. By actively monitoring the state of systems and detecting deviations from established policies, these features enable organizations to maintain a secure and compliant environment.
  • DevOps support: Seamless integration with DevOps tools and workflows is a critical requirement for policy-as-code solutions. By embedding security policies into the CI/CD pipeline, organizations can ensure that security is baked into every stage of the software development lifecycle.
  • Compliance support: Policy-as-code solutions with strong compliance support streamline the process of meeting regulatory requirements and industry standards. By providing prebuilt policies, automated compliance checks, and audit-ready reports, these tools significantly reduce the time and effort required to achieve and maintain compliance.
  • Security tool support: Integration with existing security tools amplifies the value of policy-as-code solutions. By consolidating security controls and automating policy enforcement across diverse tools, organizations can achieve a unified security posture and streamline incident response.
  • Multiple policy language support: Support for multiple policy languages provides flexibility and adaptability to evolving organizational needs. By accommodating different policy formats and syntaxes, this feature enables organizations to leverage existing policy libraries and expertise.

Table 2. Key Features Comparison

Key Features Comparison

Exceptional
Superior
Capable
Limited
Poor
Not Applicable

Key Features

Vendor

Average Score

Reporting & Analytics Advanced Policy Editing Runtime Enforcement & Drift Detection DevOps Support Compliance Support Security Tool Support Multiple Policy Language Support
Check Point 4
Hashicorp 3.3
Nirmata 3.6
OpsMX 4.3
Palo Alto Networks 3.9
Progress 3.9
Pulumi 3.7
Snyk 3.7
Styra 4.3
Sysdig 4

Emerging Features

  • AI change monitoring: AI-powered change monitoring represents a new frontier in policy management. By leveraging machine learning algorithms to analyze changes in infrastructure, applications, and configurations, organizations can proactively identify potential security risks and policy violations before they escalate into major incidents.
  • Active remediation: Active remediation takes policy enforcement to the next level by automatically addressing policy violations and security risks in real time. This eliminates the need for manual intervention, accelerating incident response and reducing the window of vulnerability.

Table 3. Emerging Features Comparison

Emerging Features Comparison

Exceptional
Superior
Capable
Limited
Poor
Not Applicable

Emerging Features

Vendor

Average Score

AI Change Monitoring Active Remediation
Check Point 2.5
Hashicorp 0.5
Nirmata 2
OpsMX 2.5
Palo Alto Networks 3
Progress 1
Pulumi 2
Snyk 2.5
Styra 3
Sysdig 3

Business Criteria

  • Flexibility: Flexibility in security policy-as-code solutions is the ability to adapt to diverse environments, technologies, and evolving security requirements. It is crucial for organizations with complex infrastructures and those anticipating future growth or changes in their technology stack.
  • Cost: Cost factors encompass both the upfront investment and ongoing expenses associated with implementing and maintaining a policy-as-code solution. Organizations should carefully consider their budget constraints and the total cost of ownership (TCO) when evaluating different vendors.
  • Scalability: Scalability refers to the ability of a policy-as-code solution to handle the growing volume and complexity of policies and environments. It is essential for organizations with large infrastructures, distributed systems, and those experiencing rapid growth.
  • Support: Comprehensive support is essential for ensuring the smooth operation and continued success of a policy-as-code implementation. Organizations should consider the vendor’s reputation for customer service, response times, and the availability of resources like documentation, training, and community forums.
  • Future-proofing: This refers to the ability of a policy-as-code solution to adapt to emerging technologies, security threats, and regulatory changes. It is crucial for organizations seeking to maintain a robust security posture and ensure long-term value from their investment.

Table 4. Business Criteria Comparison

Business Criteria Comparison

Exceptional
Superior
Capable
Limited
Poor
Not Applicable

Business Criteria

Vendor

Average Score

Flexibility Cost Factors Scalability Support Future-Proofing
Check Point 4.2
Hashicorp 4.6
Nirmata 3.6
OpsMX 3.4
Palo Alto Networks 4
Progress 4.2
Pulumi 3.8
Snyk 4.2
Styra 4
Sysdig 3.6

4. GigaOm Radar

The GigaOm Radar plots vendor solutions across a series of concentric rings with those set closer to the center judged to be of higher overall value. The chart characterizes each vendor on two axes—balancing Maturity versus Innovation and Feature Play versus Platform Play—while providing an arrowhead that projects each solution’s evolution over the coming 12 to 18 months.

Figure 1. GigaOm Radar for Security Policy as Code

As you can see in the Radar chart in Figure 1, the security policy-as-code market is experiencing a surge in innovation, with several added vendors in this year’s evaluation, including Check Point, HashiCorp, and Palo Alto Networks. This influx of new players demonstrates the continued growth and dynamism of the security policy-as-code market. This dynamic landscape reflects the growing demand for security policy-as-code solutions to address the increasing complexity of security policies in modern, cloud-native environments.

The distribution of vendors on the Feature Play versus Platform Play axis reveals a slight trend toward Platform Plays, indicating that organizations are seeking comprehensive solutions that can manage policies across diverse infrastructure and applications rather than focusing on niche use cases.

The number of vendors in the Leaders circle shows a market with several capable players, and the fact that there’s a Leader in almost every quadrant signifies a competitive landscape where vendors are actively innovating to differentiate themselves.

While the market has shifted and there are more vendors in the Maturity half this year compared to last, there is still a heavy emphasis on Innovation in this space, which highlights several key advancements. Vendors are now supporting diverse policy languages such as Rego (Open Policy Agent), YAML, JSON, Python, and JavaScript to accommodate varied user preferences. Deepening integrations with cloud-native technologies like Kubernetes, microservices, and serverless architectures enable seamless policy enforcement in dynamic environments. Intuitive interfaces, visual builders, and features like code completion simplify policy creation and management for users. Real-time compliance monitoring, automated remediation, and proactive risk mitigation are becoming standard. Additionally, vendors are leveraging AI and ML for enhanced policy analysis, automated decision-making, and improved threat and anomaly detection. These advancements demonstrate that security policy-as-code vendors are prioritizing flexibility, adaptability, and modern technology integration while maintaining stability and reliability.

Overall, the security policy-as-code market is in a state of rapid evolution, with vendors actively competing to offer comprehensive, scalable, and innovative solutions that address the complex security challenges of modern infrastructure and applications. This trend is expected to continue as organizations increasingly recognize the value of policy as code in ensuring security and compliance across their technology stack.

In reviewing solutions, it’s important to keep in mind that there are no universal “best” or “worst” offerings; every solution has aspects that might make it a better or worse fit for specific customer requirements. Prospective customers should consider their current and future needs when comparing solutions and vendor roadmaps.

INSIDE THE GIGAOM RADAR

To create the GigaOm Radar graphic, key features, emerging features, and business criteria are scored and weighted. Key features and business criteria receive the highest weighting and have the most impact on vendor positioning on the Radar graphic. Emerging features receive a lower weighting and have a lower impact on vendor positioning on the Radar graphic. The resulting chart is a forward-looking perspective on all the vendors in this report, based on their products’ technical capabilities and roadmaps.

Note that the Radar is technology-focused, and business considerations such as vendor market share, customer share, spend, recency or longevity in the market, and so on are not considered in our evaluations. As such, these factors do not impact scoring and positioning on the Radar graphic.

For more information, please visit our Methodology.

5. Solution Insights

Check Point: CloudGuard

Solution Overview
Check Point CloudGuard is a security platform that integrates with CI/CD pipelines to automate security checks and harden applications. It scans for vulnerabilities, malware, weak security practices, and exposed credentials before they become major issues. CloudGuard can also scan container images during CI/CD and search for vulnerabilities with continuous security scans. If an issue is found, CloudGuard will stop the pipeline build with outlined remediation steps before they get to the production environment.

CloudGuard operates within the CI/CD pipeline, scanning infrastructure as code (IaC) templates, container images, and application code. It utilizes Check Point’s threat intelligence database and advanced analytics to identify vulnerabilities and misconfigurations. The platform provides actionable feedback, guiding developers to fix issues before they reach production.

Strengths
Areas where the vendor is particularly strong are:

  • Security integration: CloudGuard benefits from Check Point’s deep cybersecurity expertise and integrates seamlessly with the Infinity platform, providing advanced threat prevention and security management capabilities across diverse environments.
  • DevSecOps automation: CloudGuard aligns with DevOps practices by facilitating the integration of security checks within CI/CD pipelines. This automation helps in streamlining security operations and ensuring that security policies are enforced consistently throughout the development lifecycle.
  • Continuous security scanning: CloudGuard offers continuous security scanning of container images and code, ensuring that vulnerabilities and misconfigurations are identified and addressed promptly.
  • Remediation guidance: When an issue is detected, CloudGuard provides clear and actionable remediation steps, enabling developers to resolve security vulnerabilities efficiently.

Challenges
Mastering the comprehensive feature set of CloudGuard may require a significant investment in training for security and DevOps teams. While functional, the policy editing interface could be more intuitive for advanced use cases, and broader language support would enhance flexibility for diverse environments.

Integrating CloudGuard with existing infrastructure and tools might present challenges, potentially requiring upgrades or overhauls in skills and processes.

Purchase Considerations
Organizations considering Check Point CloudGuard should evaluate their existing security posture and infrastructure compatibility. Assess the need for professional services, training, and support to ensure a smooth implementation. Licensing options should be reviewed in the context of your organization’s size and specific use cases.

Check Point CloudGuard is well-suited for organizations operating in complex multicloud or hybrid environments, particularly those with a strong DevOps culture. It caters to a broad range of industries, but its focus on continuous security scanning and automation makes it especially valuable for organizations with strict compliance requirements and a need to accelerate the time to market for new applications.

Radar Chart Overview
Check Point CloudGuard is positioned as a Leader in the Maturity/Platform Play quadrant. CloudGuard provides a cohesive and stable solution with a focus on continuous security scanning, automation, and integration into DevOps workflow. Its strength across deployment models and industry requirements makes it a compellingly broad security policy-as-code solution.

HashiCorp: Compliance

Solution Overview
HashiCorp is a leading provider of cloud infrastructure automation solutions, renowned for its source-available tools and commitment to empowering organizations to embrace multicloud environments. With a strong focus on infrastructure as code, HashiCorp’s product suite facilitates streamlined, secure, and compliant infrastructure management.

HashiCorp Compliance empowers organizations to embed security and compliance checks directly into their IaC workflows. By leveraging HashiCorp’s suite of products, including Terraform, Sentinel, Vault, and Consul, organizations can codify their security and compliance policies, automate policy checks, and enforce guardrails throughout their infrastructure’s lifecycle. This enables a proactive approach to security and compliance, reducing risk and ensuring that infrastructure adheres to organizational and regulatory requirements.

HashiCorp Compliance is not a standalone product but is built into HashiCorp’s Enterprise products. Its full potential and synergistic benefits are best realized when leveraging the entire HashiCorp ecosystem. Terraform enables infrastructure provisioning and management using declarative code, while Sentinel serves as a policy-as-code framework for defining and enforcing security and compliance rules. Vault secures, stores, and tightly controls access to sensitive data and secrets, and Consul provides service discovery, networking, and segmentation for microservices environments. Together, these tools offer a comprehensive framework for codifying, automating, and enforcing security and compliance policies across an organization’s entire infrastructure stack.

Strengths
HashiCorp Compliance’s strengths are evident in its seamless integration of security and compliance checks into existing IaC workflows, leveraging familiar tools and processes. By treating policies as code, organizations gain the benefits of version control, automated testing, and collaboration, ensuring that security and compliance practices evolve in lockstep with the infrastructure. Furthermore, the platform’s extensible framework allows for customization and integration with other security and compliance tools, while HashiCorp’s robust community and ecosystem offer ample resources, support, and prebuilt policy modules to accelerate adoption and streamline policy creation.

Challenges
While HashiCorp Compliance offers a robust foundation for integrating policy as code into existing workflows, it presents certain limitations compared to more specialized policy management platforms. Its built-in policy authoring and runtime enforcement capabilities, primarily reliant on Sentinel, may necessitate additional tools or custom integrations for organizations seeking comprehensive policy management and observability.

Additionally, although HashiCorp’s suite of tools is widely adopted, the learning curve associated with Sentinel’s policy language and the intricacies of integrating various components can be steep for teams unfamiliar with the HashiCorp ecosystem. This may pose challenges for organizations primarily focused on policy as code rather than the broader infrastructure provisioning landscape.

Purchase Considerations
Organizations evaluating HashiCorp Compliance should assess their existing infrastructure automation practices and toolchains. Consider the maturity of your IaC workflows and your team’s familiarity with HashiCorp’s tools. Budget for potential training and professional services to accelerate implementation and policy authoring.

HashiCorp Compliance is ideal for organizations seeking to integrate security and compliance into their IaC workflows, particularly those already leveraging HashiCorp’s suite of products. It is particularly valuable for large enterprises and regulated industries with strict compliance requirements, as it enables automated policy enforcement and continuous compliance validation.

Radar Chart Overview
HashiCorp Compliance is placed as a Challenger in the Maturity/Platform Play quadrant. As a vendor that’s relatively new to the security policy-as-code market, HashiCorp demonstrates its commitment to innovation and adaptability through the integration of its Compliance product with widely adopted tools like Terraform, Consul, Vault, and Nomad, as well as across all major cloud vendors.

Nirmata: Nirmata Policy Manager

Solution Overview
Nirmata is a key contributor to the Kyverno project, which is a Kubernetes-native policy management engine. The company’s focus on Kubernetes-native policy management positions it well to address the growing demand for policy-as-code solutions in cloud-native environments.

Nirmata’s policy-as-code capabilities are based on the Nirmata Policy Manager, a SaaS offering that empowers organizations to create, manage, and enforce security and compliance policies within CI/CD pipelines. Leveraging the open source Kyverno Policy Engine as its enforcement mechanism, Nirmata Policy Manager provides a unified platform for policy authoring, distribution, validation, and reporting.

Nirmata Policy Manager is a single, integrated platform that includes a policy library and a policy editor with a policy and compliance engine. It uses YAML as its primary policy language, making it accessible to a wide range of users. The platform integrates with popular DevOps tools and workflows, enabling seamless policy management throughout the Kubernetes lifecycle.

Strengths
Nirmata’s core strength lies in its comprehensive and intuitive reporting capabilities. The platform provides detailed insights into policy compliance, violations, and potential risks, enabling organizations to proactively identify and address security issues. This robust reporting framework also facilitates effective drift detection, ensuring that Kubernetes clusters adhere to established policies.

Nirmata’s decision to utilize YAML as the primary policy language is also noteworthy. YAML’s human-readable format and widespread adoption in the DevOps community make it an accessible choice for policy authoring and collaboration, promoting ease of use and understanding across teams.

Challenges
One of Nirmata’s main challenges lies in its recent move from a Kubernetes focus to the entire CI/CD pipeline. While it excels at drift detection, it has some automated remediation features. This means that organizations must rely on their GitOps processes to address policy violations, which can introduce delays and increase the risk of prolonged exposure to security threats.

Nirmata’s policy editing capabilities could also be improved. Though the platform offers basic editing features, it lacks some advanced functionalities, like robust code analysis. This may hinder productivity and efficiency for larger teams working on complex policy frameworks.

Purchase Considerations
Organizations considering Nirmata should carefully evaluate their specific requirements for runtime enforcement and policy editing. Teams seeking advanced policy editing features will need to research Nirmata’s open source tools and integrations.

However, for organizations prioritizing comprehensive reporting, effective drift detection, and a user-friendly policy language (YAML), Nirmata offers a compelling solution. Its focus on Kubernetes-native policy management makes it a strong contender for organizations heavily invested in the Kubernetes ecosystem.

Nirmata is well-suited for organizations operating in regulated industries, such as finance and healthcare, where compliance with stringent security and data protection standards is essential. It is also a valuable tool for any organization seeking to enhance security and governance within its Kubernetes environment.

Radar Chart Overview
Nirmata placed as a Challenger in the Innovation/Feature Play quadrant. The company has a particular focus on Kubernetes-native policy management, addressing specific needs within the Kubernetes ecosystem, as well as an agile and innovative approach, which is reflected in its user-friendly interface and open source contributions. Though the product is not yet as comprehensive as some established platforms, Nirmata’s targeted focus and rapid growth make it a promising option for organizations prioritizing streamlined policy-as-code solutions specifically for Kubernetes environments.

OpsMX: OpsMx Delivery Shield

Solution Overview
OpsMx specializes in continuous delivery (CD) and application release orchestration (ARO) solutions. OpsMx Delivery Shield is a standalone product within its portfolio, designed to integrate with existing security and DevOps tools to provide a unified policy-driven application security platform.

OpsMx Delivery Shield is a comprehensive application security posture management solution designed to enhance security and policy enforcement throughout the software delivery lifecycle. It consolidates data from various security and DevOps tools, providing a unified view of policy compliance and risk assessment for each application release. OpsMx Delivery Shield enables organizations to define and enforce security policies, block noncompliant deployments, and generate automated compliance reports.

OpsMx Delivery Shield acts as a central hub for policy management, integrating with various sources of security and compliance data. It enables organizations to define policies using the Open Policy Agent (OPA) standard or integrate with alternative policy engines. The platform leverages policy-as-code principles, allowing policies to be versioned, tested, and deployed like any other code artifact.

Strengths
OpsMx Delivery Shield’s standout strength is its flexibility. By supporting OPA Rego while allowing integration with alternative policy engines, OpsMx empowers organizations to tailor policy enforcement to their specific needs and preferences. This adaptability is invaluable for enterprises with diverse technology stacks and evolving security requirements.

OpsMx Delivery Shield also excels in its comprehensive approach to security policy management. It goes beyond just vulnerability scanning to consider the entire software delivery process, including approvals, operational policies, and exception requests. This holistic view enables a more nuanced and effective risk assessment.

Furthermore, OpsMx prioritizes developer productivity with features like the “Pre-Flight Security Check,” which allows developers to assess the security posture of their releases before deployment. This shift-left approach helps identify and address security issues early in the development cycle, reducing the risk of costly delays and rework.

Challenges
While OpsMx Delivery Shield offers robust policy enforcement capabilities, it could enhance its runtime enforcement and drift detection features. Although it can block deployments based on policy violations, it currently lacks comprehensive real-time monitoring and automated remediation for policy deviations in running applications.

Another area for potential improvement is the breadth of its prebuilt policy library. While OpsMx provides a set of policies for common compliance requirements, expanding this library to cover a wider range of industry-specific regulations and security frameworks would further streamline policy adoption for organizations.

Purchase Considerations
Organizations evaluating OpsMx Delivery Shield should assess their specific needs for runtime enforcement and the comprehensiveness of prebuilt policy libraries. While the platform offers exceptional flexibility and developer-centric features, the need for additional tooling or custom development to address runtime policy violations and specific compliance requirements should be considered.

OpsMx Delivery Shield is available as a SaaS solution or can be deployed on the customer’s infrastructure, either self-managed or through OpsMx’s managed services. The licensing model is based on the number of applications, making it scalable for organizations of varying sizes.

OpsMx Delivery Shield is well-suited for large enterprises and organizations operating in regulated industries that require robust security and compliance controls throughout the software delivery lifecycle. Its ability to unify policy visibility, assessment, and enforcement across diverse toolchains makes it a valuable asset for organizations seeking to streamline their security operations and improve developer productivity.

Radar Chart Overview
OpsMx is positioned as a Challenger in the Innovation/Platform Play quadrant. OpsMx Delivery Shield provides integrations with a wide range of security and DevOps tools, addressing multiple aspects of application security posture management. This positioning reflects the company’s strong understanding of the software delivery process, its commitment to developer productivity, and its unique approach to policy enforcement, which allows for flexibility and customization. While there’s room for growth in runtime enforcement and prebuilt policy libraries, OpsMx’s strengths in flexibility, integrations, and developer-centric features make it a compelling choice for organizations seeking a comprehensive and adaptable policy-as-code solution.

Progress: Chef

Solution Overview
Progress is a global software company known for its focus on application development and infrastructure management tools. Progress acquired Chef in 2020, integrating its capabilities into its broader portfolio. This strategic move broadened Chef’s reach and expanded its policy-as-code capabilities, particularly in the enterprise space.

Progress Chef, a cornerstone of the broader Progress portfolio, offers a seasoned and versatile approach to policy as code. The platform extends its well-established infrastructure and application management capabilities to encompass policy definition, enforcement, and compliance across diverse environments. Leveraging its agent-based architecture and declarative language, Chef allows organizations to codify policies, automate their application, and ensure consistent configuration across a wide range of systems, from on-premises servers to cloud-based infrastructure.

Key components include Chef Infra (infrastructure management), Chef Habitat (application delivery), Chef Desktop (device management), Chef InSpec (compliance management), Chef Cloud Security (cloud security posture management), and Chef Premium Content (additional resources, including policy bundles).

Chef’s approach leverages a client-server architecture, with agents installed on managed nodes to enforce policies and report compliance status. The declarative nature of Chef’s language enables consistent policy enforcement regardless of the underlying infrastructure or operating system.

Strengths
Chef’s code-first approach is a significant strength, fostering consistency and repeatability in policy enforcement. This, coupled with the availability of compliance bundles, streamlines the implementation of complex regulatory requirements and accelerates time to value. Chef’s robust change-monitoring capabilities translate into effective drift detection for policy as code, ensuring continuous compliance.

Furthermore, Chef’s flexibility, derived from its ability to treat all components of the infrastructure and application lifecycle as code, is a major advantage. This allows organizations to seamlessly transfer policies across different environments and adapt to changing requirements, contributing to a high score in the flexibility evaluation metric.

Challenges
While Chef InSpec’s DSL is powerful, it may require a steeper learning curve compared to more widely adopted languages like Rego. Expanding language support and potentially embracing Rego could enhance interoperability and streamline policy adoption for organizations already familiar with OPA.

Additionally, Chef’s focus on configuration management, while a strength in many aspects, might slightly limit its policy editing capabilities compared to dedicated policy-as-code solutions. Enhancing the editing experience with advanced features like code completion and collaborative editing could further improve usability and productivity.

Purchase Considerations
Organizations considering Progress Chef should evaluate their familiarity and comfort with Chef InSpec’s DSL. If teams are well-versed in the language or are willing to invest in training, Chef’s comprehensive approach and powerful features can be a valuable asset. However, those prioritizing a more widely adopted policy language or seeking advanced editing capabilities may need to consider additional tools or integrations.

Chef’s per-node licensing model should also be factored into the cost analysis, especially for larger organizations.

Progress Chef caters to a wide range of use cases and market segments, from small businesses to large enterprises. Its configuration management capabilities and policy-as-code features are particularly valuable for organizations seeking to automate infrastructure provisioning, application deployment, and compliance management.

Radar Chart Overview
Progress Chef is positioned as a Challenger in the Maturity/Feature Play quadrant. The platform’s code-first approach, flexibility, and comprehensive feature set make it a compelling choice for organizations seeking to streamline and automate their policy management processes. While Chef excels in traditional areas like configuration management and compliance, it may need to accelerate innovation to keep pace with emerging trends like AI-driven policy optimization and broader language support. Despite this, Chef’s strengths in flexibility, change monitoring, and compliance support make it a solid contender for organizations seeking a reliable and established solution for policy as code.

Palo Alto Networks: Prisma Cloud

Solution Overview
Palo Alto Networks has a strong reputation in the cybersecurity industry, with a broad portfolio of network security, cloud security, and security operations solutions. It offers policy-as-code capabilities through its Prisma Cloud platform.

Prisma Cloud provides a unified platform for securing cloud-native applications and infrastructure. It is a comprehensive cloud-native security platform that provides visibility, security, and compliance across multicloud environments. Its policy-as-code features enable organizations to define and enforce security guardrails, scan infrastructure-as-code templates for misconfigurations, and continuously monitor cloud environments for compliance.

Prisma Cloud’s policy-as-code capabilities are integrated within its broader platform, not the standalone offering. It leverages various components within Prisma Cloud, including:

  • Cloud Security Posture Management (CSPM) provides visibility into cloud misconfigurations and compliance risks.
  • Cloud Workload Protection Platform (CWPP) secures workloads across containers, virtual machines, and serverless functions.
  • Web Application and API Security (WAAS) protects web applications and APIs from attacks.

Prisma Cloud’s approach to policy as code emphasizes a unified platform for security and compliance across the entire cloud environment. It uses a combination of agent-based and agentless methods to enforce policies and relies on a centralized management console for policy creation, deployment, and monitoring.

Strengths
Palo Alto Networks’ strengths in the policy-as-code space stem from its deep expertise in security and its comprehensive approach to cloud security. Prisma Cloud’s robust security controls, including granular role-based access control (RBAC), detailed audit logs, and strong encryption, ensure the integrity and confidentiality of policy data. The platform also excels in reporting and analytics, providing in-depth visibility into security events, traffic patterns, and threat intelligence, empowering organizations to make data-driven security decisions.

Additionally, Palo Alto Networks’ extensive experience translates into strong runtime enforcement capabilities within Prisma Cloud. The platform can leverage its next-generation firewalls and security services to enforce policies in real time, protecting cloud environments from unauthorized access and configuration drift.

Challenges
Palo Alto Networks’ policy editing capabilities, while powerful, can be complex for new users due to the platform’s extensive feature set and terminology. Additionally, while Prisma Cloud integrates with various DevOps tools, it could further streamline automation workflows.

Another area for potential improvement is the platform’s flexibility. Prisma Cloud primarily focuses on its own security ecosystem, which may limit interoperability with other vendors’ products. Expanding support for open standards and providing more flexible integration options could enhance its adaptability to diverse technology environments.

Purchase Considerations
Organizations already using the Palo Alto platform can consider adding Prisma Cloud as part of their platform. As it is a standalone product, there are other choices organizations may make that can support their security needs. While Prisma Cloud offers a comprehensive suite of security features, its learning curve and focus on the Palo Alto ecosystem may require additional training and integration efforts.

Prisma Cloud is available as a SaaS solution, as well as through virtual appliances and public cloud images. Organizations should carefully assess their deployment preferences and budget constraints when considering licensing options.

Palo Alto Networks Prisma Cloud is well-suited to large enterprises and organizations operating in regulated industries with stringent security and compliance requirements. Its comprehensive cloud security platform, combined with its policy-as-code capabilities, provides a robust solution for protecting cloud-native applications and infrastructure.

Radar Chart Overview
Palo Alto Networks is a new addition to this year’s evaluation and placed as a Leader and Forward Mover in the Maturity/Platform Play quadrant. Prisma Cloud may be used as a standalone product. However, its full potential and synergistic benefits are best realized when integrated within the broader Palo Alto Networks ecosystem. Prisma Cloud’s strong security pedigree, extensive reporting and analytics capabilities, and robust runtime enforcement position it as a formidable player in the market. While it may face challenges in terms of flexibility and ease of use, its comprehensive cloud security platform and commitment to innovation make it a compelling choice for organizations seeking a mature and feature-rich solution for policy as code.

Pulumi: CrossGuard

Solution Overview
Pulumi is a rapidly growing company with a strong focus on developer experience and cloud-native infrastructure. It offers a modern IaC platform that empowers developers and infrastructure teams to define, provision, and manage cloud resources using familiar programming languages. Pulumi CrossGuard is a relatively new offering, but it has quickly gained traction due to its innovative approach to policy as code and its seamless integration with the Pulumi platform.

Pulumi CrossGuard enables organizations to define and enforce security and compliance policies using the same programming languages and workflows they use for infrastructure provisioning. This unified approach simplifies policy management and promotes consistency between infrastructure and policy definitions.

Strengths
Pulumi CrossGuard’s standout strength is its unparalleled flexibility in policy authoring. It supports a wide range of popular programming languages, including TypeScript, Python, and JavaScript. This allows developers and security teams to define policies using the tools and languages they are most comfortable with, eliminating the need to learn a new domain-specific language.

Another key strength is Pulumi CrossGuard’s extensive integration with DevOps tools and workflows. It seamlessly integrates with popular CI/CD pipelines, version control systems, and cloud providers, enabling automated policy enforcement throughout the software development lifecycle. This tight integration fosters a DevSecOps culture where security is embedded into every stage of the development process.

Challenges
While Pulumi CrossGuard excels in flexibility and DevOps integration, it has some limitations in reporting and compliance support. The platform’s reporting capabilities are primarily focused on logging and alerting, and it lacks the comprehensive dashboards and customizable reports offered by some competitors. This may require organizations to invest in additional tooling or develop custom integrations to meet their reporting needs.

Additionally, Pulumi CrossGuard’s compliance support is still evolving. While it offers some prebuilt policies for infrastructure security, it lacks comprehensive policy bundles for specific compliance standards like SOC 2. Organizations may need to develop and maintain their own compliance policies, which could require additional effort and expertise.

Purchase Considerations
Organizations considering Pulumi CrossGuard should evaluate their existing technology stack and policy management requirements. If they are already using Pulumi for infrastructure as code, CrossGuard can be a natural extension for incorporating policy as code into their workflows. However, organizations with extensive reporting needs or those requiring comprehensive compliance support may need to consider supplementing Pulumi CrossGuard with additional tools or services.

Pulumi offers a variety of pricing options, including a free tier for individual users and teams and paid plans for larger organizations with additional features and support. The self-hosted option provides flexibility for organizations with specific deployment requirements.

Pulumi CrossGuard is well-suited for organizations that have embraced a developer-centric approach to infrastructure and policy management. It is particularly valuable for teams already using Pulumi for IaC as it allows them to leverage their existing skills and workflows to implement policy as code. The platform’s flexibility and broad language support make it adaptable to various use cases, from enforcing security best practices to ensuring compliance with regulatory requirements.

Radar Chart Overview
Pulumi is positioned as a Challenger in the Innovation/Feature Play quadrant. This reflects its approach to policy as code, its strong focus on developer experience, and its seamless integration with the broader Pulumi ecosystem. While it may have some limitations in reporting and compliance support, its flexibility, scalability, and commitment to innovation make it a compelling choice for organizations seeking a modern and adaptable policy-as-code solution.

Snyk: Unified Policy Engine

Solution Overview
Snyk has established itself in the developer security space, focusing on empowering developers to proactively address security concerns and offering a range of solutions to address security throughout the software development lifecycle. Its Unified Policy Engine, built on OPA, leverages the Rego policy language to define and enforce security policies across various stages of development and deployment. Snyk’s developer-centric approach is evident in its seamless integration with popular development tools and workflows.

The Unified Policy Engine is a relatively new addition to its product portfolio, but it has quickly gained traction due to its developer-friendly features and integration capabilities. It is a core component of the Snyk platform, not a standalone product. It utilizes OPA, an open source policy engine, for policy evaluation and enforcement. This allows policies to be defined in Rego and applied consistently across various stages of development, from code analysis to deployment.

Strengths
Snyk’s primary strength lies in its exceptional integration with DevOps tools and workflows, particularly its support for integrated development environments (IDEs). This allows developers to directly address policy violations within their familiar coding environments, fostering a proactive security culture. The breadth of integrations with other DevOps tools, such as code repositories, build systems, and deployment platforms, further solidifies Snyk’s position as a developer-first security solution.

Snyk’s reporting capabilities are another notable strength. The platform provides comprehensive and customizable reports that cater to different roles and responsibilities within an organization. This enables stakeholders to gain insights into policy compliance, identify vulnerabilities, and track remediation efforts, ultimately enhancing the organization’s overall security posture.

Challenges
One of Snyk’s main challenges is its reliance on Rego and its own proprietary policy language. While Rego is a powerful and standardized language, it may present a learning curve for teams not already familiar with it. This limitation could hinder adoption for organizations that prefer to use other policy languages or have existing policies in different formats.

Additionally, while Snyk offers prebuilt policy bundles, its focus is primarily on cloud-native environments and common security vulnerabilities. Organizations with specific compliance requirements or those operating in regulated industries may find the available policy bundles insufficient and require additional customization or development efforts.

Purchase Considerations
Organizations evaluating Snyk’s Unified Policy Engine should consider their existing development tools and workflows. If they are already using Snyk for other security aspects, integrating the policy engine can be a natural extension. However, teams that prefer a wider range of policy languages or require extensive compliance support may need to explore additional tools or integrations.

Snyk offers various pricing tiers based on the number of developers and features required. Organizations should carefully assess their needs and budget constraints to choose the most suitable plan.

Snyk’s Unified Policy Engine is well-suited for organizations that prioritize developer-led security and have embraced DevOps practices. It is particularly valuable for teams working on cloud-native applications and those seeking to integrate security seamlessly into their existing development workflows.

Radar Chart Overview
Snyk is positioned as a Leader and an Outperformer in the Innovation/Feature Play quadrant. This reflects its strong focus on developer experience, its extensive integrations with DevOps tools, and its comprehensive reporting capabilities. While it may face challenges in terms of language support and compliance coverage, its innovative approach and rapid growth in the developer security market make it a compelling option for organizations seeking to empower their developers to build secure and compliant applications.

Styra: Declarative Authorization Service (DAS)

Solution Overview
Styra, the team behind the OPA project, continues to be a major contributor to OPA, even after donating it to the Cloud Native Computing Foundation (CNCF). Enterprise OPA, based on the OPA agent, provides enhanced performance for authorizing large data sets, showcasing Styra’s deep expertise in policy management and authorization.

Styra DAS is a purpose-built policy lifecycle management system designed to provide comprehensive policy management for cloud-native environments, focusing on authorization for cloud and container infrastructure and applications. Along with Enterprise OPA, it offers centralized management. Styra DAS is available as a container or SaaS, while Enterprise OPA is distributed as a binary, container, and commercial source code.

Styra DAS operates as a control plane for managing OPA instances, whether it’s the open source version or Styra’s enterprise-grade OPA alternative, Enterprise OPA. Styra DAS streamlines policy authoring, testing, and distribution, while Enterprise OPA handles policy enforcement at scale within distributed environments. The solution supports a wide range of integrations with cloud providers, Kubernetes, service meshes, and other infrastructure components.

Strengths
Styra DAS’s core strength lies in its deep roots in OPA and its enterprise-grade enhancements. The platform offers a comprehensive and mature policy management solution, providing robust features for policy authoring, testing, distribution, and monitoring. Its advanced editing capabilities, including IDE plugins, a CLI, a web-based editor, and a visual builder, cater to diverse user preferences and skill levels, making policy creation and management more accessible and efficient.

Styra DAS also excels in compliance support, offering a wide range of prebuilt policy bundles for common regulatory standards and industry best practices. This allows organizations to quickly implement and customize policies to meet their specific compliance requirements, accelerating time to value and reducing the burden on security and compliance teams.

Challenges
While Styra DAS offers a powerful policy management platform, it currently lacks robust runtime remediation capabilities. And though it can detect policy violations and drift in real time, it relies on external tools or manual intervention for remediation. This may be a concern for organizations seeking a fully automated approach to policy enforcement and remediation.

Additionally, while Styra DAS supports multiple ways to enter and manage policies, it is limited to the Rego policy language. While Rego is a powerful and widely adopted language for policy as code, the lack of support for other languages may be a consideration for organizations with existing policies in different formats or those seeking greater flexibility in policy authoring.

Purchase Considerations
Organizations evaluating Styra DAS should consider their specific requirements for runtime remediation and policy language support. While the platform offers a comprehensive policy management solution with strong compliance support and advanced editing capabilities, the need for external tools for remediation and the reliance on Rego may be factors to consider.

Styra DAS is available in various deployment models, including container and SaaS, with licensing based on a per-cluster model. Organizations should assess their infrastructure and budget constraints to choose the most suitable deployment option and licensing plan.

Styra DAS is well-suited for large enterprises and organizations operating in regulated industries with complex cloud-native environments and stringent compliance requirements. Its focus on authorization and policy management for Kubernetes and microservices architectures makes it a valuable tool for ensuring security, compliance, and governance in dynamic and distributed systems.

Radar Chart Overview
Styra is a Leader in the Maturity/Platform Play quadrant. This positioning is a testament to its deep expertise in policy management, its comprehensive feature set, and its strong commitment to innovation in the policy-as-code space. While it may have some limitations in runtime remediation and language support, its strengths in policy authoring, compliance support, and scalability make it a compelling choice for organizations seeking an enterprise-grade policy-as-code solution.

Sysdig: Secure

Solution Overview
Sysdig Secure is a comprehensive cloud-native application protection platform (CNAPP) that offers a robust policy-as-code solution as part of its broader security and compliance capabilities. It leverages the open source Falco project for runtime security and threat detection, and OPA for IaC scanning and Kubernetes admission control. Sysdig Secure is available as software, a container, or as a SaaS offering, providing flexibility for various deployment scenarios.

Sysdig is a recognized leader in cloud-native security, with a strong focus on runtime insights and threat detection. Its acquisition of Apolicy, an IaC security company, in 2021 further strengthened its policy-as-code capabilities, enabling a unified approach to security and compliance from development to runtime.

Sysdig’s approach emphasizes continuous monitoring and proactive threat detection, leveraging runtime insights to identify and respond to policy violations in real time. Solution components include:

  • Sysdig Secure, a platform for delivering security for container environments, integrates multiple components to deliver its policy-as-code solution, including Falco, an open source runtime security project that continuously monitors system calls and container activity, detecting anomalies and policy violations.
  • OPA, an open source policy engine used for IaC scanning and Kubernetes admission control, ensures policies are enforced before resources are deployed.
  • Sysdig Cloud Connector, a component of Sysdig Secure, facilitates integration with cloud providers, enabling visibility and policy enforcement across multicloud environments.

Strengths
Sysdig Secure’s core strength lies in its exceptional runtime security and drift detection capabilities. By continuously monitoring system and container activity in real time, Sysdig can quickly identify and alert on policy violations and configuration drift, enabling rapid remediation and minimizing the risk of security breaches. This proactive approach to security is further enhanced by Sysdig’s deep understanding of the application context, allowing for risk prioritization based on the impact of configuration errors on production instances and applications.

Sysdig Secure also excels in compliance automation, offering a comprehensive set of out-of-the-box policies for various industry standards and regulatory frameworks. These policies can be easily customized and applied across multiple environments, ensuring consistency and scalability across the organization. Additionally, Sysdig’s advanced reporting capabilities provide detailed insights into compliance status, facilitating audits and demonstrating adherence to regulatory requirements.

Challenges
While Sysdig Secure offers a powerful and comprehensive policy-as-code solution, there are areas where it could be further enhanced. The platform’s primary focus on cloud-native environments and Kubernetes may limit its applicability for organizations with diverse infrastructure and legacy systems. Additionally, while Sysdig supports both Falco and OPA, it could benefit from expanding its support for other policy languages to cater to a wider range of user preferences and existing policy frameworks.

Purchase Considerations
Organizations considering Sysdig Secure should evaluate their specific security and compliance requirements, particularly their focus on cloud-native technologies and Kubernetes. While the platform offers robust runtime security and compliance automation, organizations with diverse infrastructure or those seeking broader policy language support may need to consider additional tools or integrations.

Sysdig Secure’s pricing is based on a per-host or per-cloud-resource model, with options for standard and premium support. Organizations should carefully assess their usage patterns and support needs to determine the most cost-effective licensing option.

Sysdig Secure is well-suited for organizations operating in cloud-native environments, particularly those leveraging Kubernetes. Its comprehensive security and compliance capabilities, combined with its focus on runtime insights and threat detection, make it a valuable tool for protecting critical applications and infrastructure.

Radar Chart Overview
Sysdig Secure is positioned as a Challenger in the Innovation/Platform Play quadrant. It is well-suited for organizations operating in cloud-native environments, particularly those leveraging Kubernetes. Its comprehensive security and compliance capabilities, combined with its focus on runtime insights and threat detection, make it a valuable tool for protecting critical applications and infrastructure.

6. Analyst’s Outlook

The security policy-as-code market is in a state of dynamic growth and innovation, driven by the increasing complexity of IT environments, the rise of cloud-native technologies, and the ever-evolving threat landscape. Organizations are recognizing the critical need for automated and scalable policy enforcement to maintain a strong security posture and ensure compliance in today’s fast-paced digital world.

The market is characterized by a diverse range of vendors offering solutions with varying strengths and focus areas. Some vendors excel in developer-centric features and seamless integration with DevOps workflows, while others prioritize comprehensive reporting and analytics capabilities. The market is also witnessing a growing emphasis on cloud-native environments, particularly Kubernetes, as organizations increasingly adopt containerized architectures.

A major theme in the market is the convergence of infrastructure as code and policy as code. Vendors are increasingly integrating these two disciplines, enabling organizations to manage both infrastructure provisioning and policy enforcement through a unified approach. This convergence streamlines workflows, improves collaboration among teams, and enhances the overall security posture of organizations.

For IT decision-makers considering policy-as-code solutions, the first step is to clearly define their organization’s specific needs and priorities. Consider factors such as the size and complexity of your infrastructure, your existing technology stack, your DevOps maturity, and your regulatory compliance requirements.

Once you have a clear understanding of your requirements, evaluate different vendors based on their strengths and focus areas. If developer experience and DevOps integration are paramount, look for solutions that offer seamless integration with your existing toolchains and support for familiar programming languages. If comprehensive reporting and compliance support are top priorities, prioritize vendors that provide in-depth analytics, customizable dashboards, and prebuilt policy bundles for relevant regulations.

The future of policy as code is bright. As the technology continues to mature, we can expect to see further advancements in areas like AI-powered policy optimization, automated remediation, and support for a wider range of platforms and languages. Security policy as code will become an increasingly integral part of modern software development and infrastructure management, enabling organizations to proactively address security and compliance risks in a scalable and efficient manner.

To learn about related topics in this space, check out the following GigaOm Radar reports:

7. Methodology

*Vendors marked with an asterisk did not participate in our research process for the Radar report, and their capsules and scoring were compiled via desk research.

For more information about our research process for Key Criteria and Radar reports, please visit our Methodology.

8. About GigaOm

GigaOm provides technical, operational, and business advice for IT’s strategic digital enterprise and business initiatives. Enterprise business leaders, CIOs, and technology organizations partner with GigaOm for practical, actionable, strategic, and visionary advice for modernizing and transforming their business. GigaOm’s advice empowers enterprises to successfully compete in an increasingly complicated business atmosphere that requires a solid understanding of constantly changing customer demands.

GigaOm works directly with enterprises both inside and outside of the IT organization to apply proven research and methodologies designed to avoid pitfalls and roadblocks while balancing risk and innovation. Research methodologies include but are not limited to adoption and benchmarking surveys, use cases, interviews, ROI/TCO, market landscapes, strategic trends, and technical benchmarks. Our analysts possess 20+ years of experience advising a spectrum of clients from early adopters to mainstream enterprises.

GigaOm’s perspective is that of the unbiased enterprise practitioner. Through this perspective, GigaOm connects with engaged and loyal subscribers on a deep and meaningful level.

9. Copyright

© Knowingly, Inc. 2024 "GigaOm Radar for Security Policy as Code" is a trademark of Knowingly, Inc. For permission to reproduce this report, please contact sales@gigaom.com.

Interested in more content like this? Check out GigaOm Research Reports Subscribe Now