Cloud security shifting to ‘dev’ not ‘ops,’ Snyk says

Developer security platform provider Snyk brings an approach to cloud security that makes the company stand out from others in the space, and there are signs the market will increasingly move in the direction of the fast-growing company, according to Guy Podjarny, cofounder and president of Snyk.

In an email statement to VentureBeat, Podjarny responded to a question about the emergence of a new category in cloud security—the cloud-native application protection platform, or CNAPP.

A CNAPP offering brings together numerous different tools, including tools for securing cloud infrastructure, cloud identities and permissions, virtual machines, containers, and serverless functionality.

Vendors and analysts have touted this unification of tools as a benefit for businesses, since it reduces the complexity involved in securing cloud environments and applications.

Some CNAPP vendors are now also offering tools for proactive identification of vulnerabilities during app development—an area where Snyk has been a pioneer and a leading player.

Rather than CNAPP, Snyk says it offers “CNAS,” or cloud native application security. The platform aims to provide a “developer-first” approach to cloud security, with tools that are built to be familiar to developers.

The company ultimately aims to embody a developer tools company rather than a security company—with its code-scanning tools meant to be weaved into the developer process to ensure application security from the get-go.

This, according to Podjarny, makes Snyk different from vendors in the CNAPP space—which include established cybersecurity vendors along with some of the top-funded security startups of the moment.

“While CNAPP players focus on operations—observing deployed and running systems to identify and respond to threats—Snyk anchors in dev and code, modeling the app to identify issues early and prevent their deployment,” Podjarny said in the statement to VentureBeat. “This approach, which we call CNAS, brings the ‘shift left’ approach AppSec evolved to cloud security as it is far more efficient and cost effective.”

There will “always be a need for both Dev and Ops approaches to CNAPP, but over time the emphasis will shift from the latter to the former,” Podjarny said.

Rapid growth

Snyk has enjoyed a growth tear, having expanded its base of paying customers to 1,300 currently from 700 in March. And the company expects to close 2021 with a faster rate of revenue growth than it had in 2020—something that often isn’t possible as companies grow in size.

Prominent customers of Snyk include Google, Salesforce, Atlassian, and MongoDB.

The company’s growth has come amid an increasing focus in the enterprise on ensuring security for software development. According to a recent report from machine identity management vendor Venafi, nearly all senior IT executives—97%—agree that software build processes are not secure enough.

The industry is thus in the process of moving toward DevSecOps, an approach that aligns development, security, and operations. It’s a major tailwind for Snyk, and also in part a response to the availability of enterprise-caliber developer security tools such as those offered by the company.

In September, Snyk announced a $530 million series F funding round that values the company at $8.5 billion. That followed the $300 million series E round that Snyk raised in March.

The Boston-based company, which was founded out of London and Tel Aviv in 2015, has raised a total of $775 million to date.