Snyk and ServiceNow’s strategic partnership shows DevSecOps isn’t a fad
Check out all the on-demand sessions from the Intelligent Security Summit here.
Cybersecurity isn’t just the responsibility of the security team. To secure modern cloud environments and applications, developers and security teams need to be able to collaborate to identify risks in the software supply chain and mitigate them as soon as possible. Enter DevSecOps.
That’s why today, developer security provider Snyk announced that IT operations management vendor ServiceNow has made a $25 million strategic investment in the organization, following a $196.5 million Series G investment in December 2022.
Snyk also announced the release of a new integration for ServiceNow’s Vulnerability Response solution with Snyk Open Source, which will enable security teams and developers to collaborate and manage vulnerabilities discovered in open-source products and applications.
The mandate for DevSecOps
This partnership reflects a general trend of organizations implementing security earlier in the software development lifecycle to secure the software supply chain. For instance, according to GitLab research, over one-third of security pros report being “hands-on” and involved on a daily basis with dev and ops in 2022, an increase of 11% from 2021.
Intelligent Security Summit On-Demand
Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.
In the age of cloud adoption, DevSecOps is vital for enabling security teams to effectively manage disparate applications, services and open-source software components because it provides them with direct access to support from developers, who can fix code-level vulnerabilities wherever they exist in the environment.
“In today’s enterprise, new challenges and complexities have emerged as the overall attack surface has expanded and the clear delineation of security responsibilities has blurred. Many of today’s cloud security failures result from ineffective cross-team collaboration and team training to address this transformation and ensure a tightened security posture,” said Peter McKay, CEO of Snyk.
Part of the challenge is that security teams and developers often lack the tools needed to collaborate effectively. For instance, McKay highlights Snyk’s State of Cloud Security Report, which found that 77% of organizations cited ineffective collaboration as a significant challenge, with different teams using disparate tools or policy frameworks.
DevSecOps provides an answer to this by giving security teams access to developers’ technical expertise so they can better understand the risks of implementing new software.
“Involving developers in security decisions ensures that security measures are integrated into the development process rather than being added as an afterthought. Security is therefore built into the system from the start rather than being tacked on later, which can be more difficult and expensive,” McKay said.
Snyk’s partnership with ServiceNow can help to facilitate this communication, providing developers with a solution that automatically integrates with the software development workflow, alongside software composition analysis, which provides a mechanism to evaluate code risks and respond to priority threats.
A brief look at Snyk, SonarQube and Veracode
As more and more organizations look to secure the software supply chain and enhance their data security posture, researchers expect the global DevSecOps market to increase from a value of $2.59 billion in 2021 to $23.16 billion by 2029.
With over 2,500 customers, including organizations like Google, Salesforce, MongoDB, New Relic, Asurion and Revolut, Snyk is one of the biggest providers in the space, but it’s also competing against some significant vendors.
One of Snyk’s main competitors is SonarQube, currently valued at $4.7 billion after raising $412 million as part of a funding round in 2022. The company offers a code analysis solution for checking code for reliability and security issues. SonarQube also offers integrations with devops platforms including GitHub, GitLab, Bitbucket and Jenkins.
Veracode, which analysts currently value at $2.5 billion, provides a similar application security testing solution that caters to both developers and security teams. It’s capable of scanning over 100 languages and frameworks, and generating step-by-step remediation guidance.
At this stage in the market’s development, McKay argues that Snyk’s emphasis on developer-centric security is its key differentiator from those organizations.
“Snyk enables a world where millions of developers globally building our future also have the power to secure it. This is accomplished by empowering developers with security tools, allowing them to continue to develop both quickly and securely within the platforms they’re already most comfortable with,” McKay said.
VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.