From coding to cloud users, a developer-first approach to security could well be the best way to secure applications in the cloud-based digital economy.
A company that’s recently expanded into Asia Pacific, Snyk focuses on enabling developers to build secure applications – with an approach that helps organizations secure all of the critical components of their applications from code to cloud.
With this developer-first approach, Snyk has expanded into APJ since 2021 and is driving its business presence from its regional office in Singapore, forming partnerships with several industry players in this region, such as managed security service provider LAC and cloud integrator Classmethod.
CybersecAsia talked to Shaun McLagan, Vice President, APJ, Snyk, about this developer-first approach to security – from code to cloud:
What are the critical components from coding to cloud-user that need to be considered in application security?
McLagan: The increasing use of cloud-native technologies such as containers and Infrastructure as Code (IaC) has transformed the modern application. In the traditional data center model, application security could be focused on the code the developers wrote, and perhaps the open source libraries they leveraged.
Everything else – the servers, the database, the OS, the network, etc. – was managed and secured by IT.
Today, much of that is now defined in code and is effectively a part of the application. Dockerfiles, Kubernetes configs, terraform – these are all living in the repository as code, and is deployed and managed in the same DevOps process as the rest of the application. Furthermore, developers now write or modify these configs as well. So this entire scope – from code to cloud – needs to be addressed by the application security team and process.
What is a “developer-first approach to security”?
McLagan: Developer-first security is an approach that embeds security early into the software development lifecycle. This is a change from how organizations traditionally thought about security – rather than securing platforms and applications after-the-fact with point solutions, it integrates security at the code level to enable organizations to innovate faster and more efficiently, without compromising security.
Snyk is helping organizations to shift the ownership of security from independent teams to a develop-first security platform designed to serve them. This puts security in the hands of the people with the greatest power to implement it. The extent to which security can reach in the development process then has no limitation while still providing teams with the freedom they desire.
Are businesses in APJ ready to embrace this approach?
McLagan: Digital transformation in APJ is at an extraordinary rate of innovation and digital disruption are changing the face of many Asian businesses. For example, the rise of neobanks providing a brand new digital banking experience to customers, many BFSI, cloud native organizations or even traditional organizations are also looking to stay ahead with the trend.
Despite significant digital advances, security remains a major concern for enterprises in the region. According to Forrester, more than six organizations in Asia Pacific have admitted at least one data breach in the past 12 months and it cost an average of US$2.2 million in total per beach. In Snyk’s latest joint research report with The Linux Foundation, The State of Open Source Security, 41% of organizations do not have high confidence in their open source software security. The increasing threat landscape is causing an acute demand for secure application development in the region.
APJ is one of the key growth areas for Snyk globally. We are seeing adoption across all segments and verticals , the product-led growth (PLG) and freemium adoption are coming very strong in this region. The fact that Snyk is here in APJ to support developers and development organizations of any size and business nature to develop fast and stay secure.
What other trends in cloud and application security have you observed in APJ?
McLagan: These trends include:
Security is paramount across the region. According to Snyk’s 2022 Container Security Trends report, Increasingly DevOps teams have placed a high priority on identifying and remediating security issues as early as possible in the development cycle. Many (46%) still view security as a bottleneck in their processes.
Automating security in DevOps environments. Applications often grow rapidly, and it can be difficult to scale security and develop at the same pace. Automation within SCA tools can help to achieve this.
Dev, Ops and Security teams work as one team. This environment of shared responsibility and mutual empathy requires breaking down barriers between teams. Consequently, people are the starting point and the foundation of any DevSecOps implementation.