Snyk on Tuesday announced the Snyk Cloud, a platform that aims to help more companies embrace DevSecOps and spark enhanced collaboration between the organization’s developer, operations, security, and compliance teams.
The most recent development stemmed from Snyk’s acquisition of Fugue earlier this year. The Snyk Cloud unites and integrates Snyk infrastructure-as-code and Snyk containers with Fugue’s leading cloud security posture management capabilities.
“Our global customers have witnessed firsthand how previous cybersecurity tenets have evolved profoundly, with cloud infrastructure now changing just as fast as the apps themselves,” said Adi Sharabani, CTO at Snyk. “They’re eager for one comprehensive solution that provides a truly complete cloud picture, driving DevSecOps by enhancing developer productivity securely.”
Melinda Marks, a senior analyst at the Enterprise Strategy Group, said both Snyk and Fugue are companies that pioneered providing security solutions and resources for developers, helping them become more self-sufficient in testing and fixing their own code so that they don’t have to go through security.
“So it’s nice to see this acquisition and integration,” Marks said. “The challenge, though, with developer-focused security tools is that security teams need centralized control and visibility. The Snyk platform will need to help security ensure that they can roll out consistent tools and processes, and security has visibility into testing status and results so they can reduce misconfigurations from being deployed, or mitigate them quickly if they are found.”
Michael White, technical director and principal architect at Synopsys Software Integrity Group, said when it comes to app security, centralized security teams have struggled for a long time to get developer engagement and make the experience as seamless as possible for developers to “do the right thing” as they build new services or maintain existing ones.
“The internal developer platform model is a perfect way for security to do this and it lets DevOps teams provide what’s called a ‘golden path’ or ‘paved road’ for developers to not force them to follow a prescribed approach, but making it much easier for them to achieve their goals when this is followed,” White said. “By partnering with such platform teams, security can also benefit from this by making sure that the design templates themselves are secure by default.”