“The accelerated pace of DevOps means it has become a necessity to build security directly into development”
IT is one of the fastest-evolving industries in the world, putting any company with a strong grasp of its technology posture in good stead over the past year, when the world itself has changed quickly. It can also mean that some companies - and individuals - get left behind.
To give one example, infrastructure layers previously secured by IT have become APIs managed by developers in cloud-native apps. Developers are increasingly on the frontlines of security, but aren't yet aware of the need to integrate it into their work.
"As enterprises embrace digital transformation and adopt new cloud native technologies, the accelerated pace of DevOps means it has become a necessity to build security directly into development in order to keep up," says Guy Podjarny, founder and president of Snyk: a cloud-native application security firm that has reached the final stages of the DevOps Excellence Awards.
"To be successful in this environment, today's developers require cloud native application security solutions that enable them to own and build security into the whole application… It's this developer-first approach that enables the technology-driven companies we work with, like ASOS, Deliveroo, Ocado Group, Revolut, Skyscanner and, of course, Pearson, to scale security in today's fast-paced digitally transforming world."
Snyk's work with Pearson is shortlisted for Best Implementation of DevSecOps. "We love that we can showcase our partnership with the team at Pearson, who - like us - are always looking to review, learn from what we are doing now, and then improve it," says Podjarny. "Initiatives like the DevOps Excellence Awards are also a key part of this sharing, so we're really glad we can participate and celebrate our successes together."
Cloud-native security is a growing space, though, so how does Snyk differentiate itself from the competition? It comes down to the company's Cloud Native Application Security Platform, which is "the only developer-first solution that enables the entire cloud native application to be built quickly and securely in a DevOps environment."
The Platform "provides security visibility and remediation for every critical component of the modern application - from code and open source to containers and cloud infrastructure," says Podjarny. It uses proprietary research by the Snyk team, as well as machine learning, to continuously adapt to the changing and expanding nature of security threats. In fact, the company's vulnerability database also powers strategic partners such as Atlassian, Datadog, Docker, IBM Cloud, Rapid7, Red Hat and Trend Micro.
Snyk has used the last 12 months to work on Snyk Code, which brings Static Application Security Testing (SAST) directly into the developer's toolset and workflow. Although traditionally known as slow and inaccurate, Podjarny says that Snyk's take on SAST is designed as a developer-first tool: it works in real-time, with semantic analysis and logic programming rules to increase accuracy.
"It's something we're very proud of — and we're sure application teams will love it, too."
Snyk recently added Snyk Code to its free plan, and intends to add additional features to the Cloud Native Application Security Platform later this year, including increased automation and extensibility improvements - as well as expanding relationships with its strategic partners like Atlassian, AWS and Trend Micro.
We will announce the winners of the DevOps Excellence Awards on the 30th June.