Styra Inc., the startup behind a ubiquitous piece of open-source software used to secure containerized applications, has raised $40 million in funding to help it double its headcount this year and win more customers.

Battery Ventures led the round, the startup disclosed in its funding announcement today. 

Styra’s open-source Open Policy Agent tool is downloaded more than a million times per week by developers for a total of 75 million downloads to date. The tool, which the startup commercializes with a paid version for enterprises, helps developers manage application authorization. That’s the technical term for preventing unauthorized access to applications and their data.

The task has several dimensions. Developers must limit what information can be accessed by a service’s end-users, to prevent scenarios where one customer accidentally gains the ability to view information belonging to other accounts. They must also limit what data the service itself can access from any other applications to which it may be connected, for example the company’s customer database.

The increasing use of software containers in the enterprise application has added yet another twist to the task. Containerized applications are often implemented as a collection of loosely integrated modules that each perform a different task, sometimes on different information. When one of the modules processes sensitive data, developers may have to create access controls to make sure the data isn’t viewable by the other components of the same application.

It’s these types of tasks that Styra’s Open Policy Agent simplifies. The tool makes it possible to define an application’s access rules in a relatively abstract form partly decoupled from the core application code. As a result, the access rules continue to work even when the application code changes. That saves time for developers and reduces the risk of application updates creating gaps in access rules with the potential to be exploited by hackers. 

Styra sells a commercial version of Open Policy Agent that makes the software easier to use. It includes pre-packaged access policies, to speed up projects, and testing features that allow developers to see if policies work as expected before deploying them to production.

Last year, Styra saw Open Policy Agent’s installed base grow by 600% while its roster of commercial customers tripled. The startup managed to increase its headcount by 90% along the way. Using the new funding, Styra plans to double its workforce again in 2021 by adding employees across the product management, customer success, open source and go-to-market teams.

The startup’s approach to application authorization, which it refers to as policy-as-code, is gaining traction amid a parallel trend among infrastructure teams known as infrastructure as code. The basic concept is similar: to automate tedious parts of engineers’ work by creating more versatile scripts that can perform tasks automatically. An emerging practice approach known as GitOps aims to extend this approach to additional parts of the stack.

Given that enterprises are working to automate more parts of their engineering operations with code, Styra could have an opportunity to extend its current policy-as-code feature set to additional areas. Open Policy Agent, with its 75 million downloads and brand recognition among developers, could provide a strong foundation for future expansions.

Photo: Unsplash