Brought to you by:
Enterprise Strategy Group | Getting to the Bigger Truth™
By Melinda Marks, ESG Senior Analyst
AUGUST 2022
With the speed of modern software development, organizations are looking for ways to secure their applications in the cloud without slowing development down. In the first half of 2022, ESG interviewed Snyk customers to learn how they are using Synk’s developer security platform to build security processes into development to effectively scale their security teams so they can support applications in cloud-native environments. These interviews with security and DevSecOps leaders covered their top challenges, the tools they have in place, and they strategies they use to scale their security programs with the faster cycles of modern software development.
Based on these interviews, ESG concludes:
When you think of the requirements placed on your organization today compared with three years ago, how much faster, if at all, does your team need to deploy applications, infrastructure, and services? (Percent of respondents, N=359)
Source: ESG, a division of TechTarget, Inc.
You indicated that the organization you work for has been impacted by the global cybersecurity skills shortage. What type of impact has the global cybersecurity skills shortage had on your organization? (Percent of respondents, N=282, check all that apply)
Source: ESG, a division of TechTarget, Inc.
--DevSecOps Engineer, large global fast food corporation
Another Snyk customer who is the CISO for a large private university agreed, saying, “You can’t just apply traditional security methods to the cloud. It’s a whole different paradigm.”
Most organizations struggle to keep up. ESG research showed that 48% of organizations regularly push vulnerable code to keep up with release deadlines (see Figure 3).
Assuming the net-cost was the same, which of the following do you believe would be your organization’s preferred payment model for on-premises data center infrastructure? (Percent of respondents)
Source: ESG, a division of TechTarget, Inc.
--DevSecOps Engineer, large global fast food corporation
If you are currently utilizing open source security tools, what are your organization’s top challenges with its current SCA tools? (Percent of respondents, N=172, three responses accepted)
Source: ESG, a division of TechTarget, Inc.
Instead, they need solutions that work within the tools and workflows that developers are already using, with clear, simple information that can guide them to take the actions needed to efficiently remediate issues that need attention.
The Synk customer from the financial company said he tried using open source tools to avoid the procurement cycle of a vendor solution. While the open source tools were freely available, they didn’t scale well for him to build an effective program across the software development lifecycle. For example, it wasn’t easy to integrate tools in a way to set up policies. So, he looked for a solution that would give him more control to scale his program.
Snyk customers described how this builds security into the development processes, helping developers efficiently address security issues and produce high quality, secure code.
When security teams can help developers incorporate security processes into development workflows, it is easier for them to efficiently deliver secure code, instead of running multiple tests on their applications and their many components right before deploying them to the cloud.
The SOC analyst for the large private university said, “Snyk helps you catch things early instead of having to completely rebuild at the last minute. Developers feel better about doing security. They are excited about it instead of worried about causing something bad.”
The CISO of the university added, “Do you want to find out that something’s broken at 11pm the night before you’re going to take it to change control, hoping that it can deploy two days later, and then miss your window or work until 4am to fix something? Or do you want to find it when you’re building it, when it’s shifted left?”
The Snyk customers described noticeable differences in the pipelines where Synk is deployed because the developers are able to work more efficiently, delivering secure, higher quality code when they deploy their applications.
The Snyk platform delivers information directly to the developers within IDEs so they can make needed code changes within their normal workflows. Customers described how this increases efficiency for developers, while turning out higher quality code, reducing the number of security issues deployed to production.
For all of the customers ESG interviewed, Snyk has reduced the number of security issues and attacks, reducing work for the security teams.
“The integrations and documentation make it easy for developers to push a simple fix,” said the SOC analyst for the large private university. “Simple fixes that would have been otherwise difficult to find have significantly lowered the number of web attacks on known exploitable vulnerabilities.
This ESG White Paper was commissioned by Snyk and is distributed under license from TechTarget, Inc.
All product names, logos, brands, and trademarks are the property of their respective owners. Information contained in this publication has been obtained by sources TechTarget, Inc. considers to be reliable but is not warranted by TechTarget, Inc. This publication may contain opinions of TechTarget, Inc., which are subject to change. This publication may include forecasts, projections, and other predictive statements that represent TechTarget, Inc.’s assumptions and expectations in light of currently available information. These forecasts are based on industry trends and involve variables and uncertainties. Consequently, TechTarget, Inc. makes no warranty as to the accuracy of specific forecasts, projections or predictive statements contained herein.
This publication is copyrighted by TechTarget, Inc. Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of TechTarget, Inc., is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact Client Relations at cr@esg-global.com.
Enterprise Strategy Group | Getting to the Bigger Truth™
Enterprise Strategy Group is an IT analyst, research, validation, and strategy firm that provides market intelligence and actionable insight to the global IT community.