In the Gartner®, Hype Cycle™ for Application Security, 2021 Report, three new categories demonstrate the widening breadth and the increased adoption of a system view on application security. These categories are policy as code (PaC), security service edge and externalized authorization management (EAM). Over the past year, this technology has shown extraordinary momentum, specifically around PaC, indicating that the technology is becoming relevant for application development and security.
Like GitOps, the key here is that authentication and authorization are externalized. All configuration and security policy is treated as code, everything can be held in version control. Any and all changes can be made, reviewed, and input into an automated pipeline. The pipeline then verifies, deploys, and monitors changes.
Policy as code is a programmatic approach to applying and enforcing rules (policies) to an organization’s cloud resources. It’s an effective way to uniformly define, maintain, and implement policies across the software development lifecycle. Furthermore, by integrating policy into GitOps pipelines, you can ensure that errors and security vulnerabilities are caught automatically before they make it into production. This is what we call Trusted Application Delivery.
Gartner predicts that policy as code despite only being categorized as an innovation trigger already offers deep business impact and highly beneficial benefits.
Download this Gartner®, Hype Cycle™ for Application Security Report to understand:
- Why policy as code is emerging as a key security approach
- The business impact in can have
- Key benefits of adopting policy as code into your software lifecycle
- User recommendations by Gartner on policy as code